Azure/azure-sdk-for-python (azure-mgmt-network)
### [`v24.0.0`](https://togithub.com/Azure/azure-sdk-for-python/releases/tag/azure-mgmt-network_24.0.0)
#### 24.0.0 (2023-07-21)
##### Breaking Changes
- Removed `HTTP_STATUS499` from enum `ApplicationGatewayCustomErrorStatusCode`
##### Features Added
- Added enum `AdminState`
- Model ActiveConnectivityConfiguration has a new parameter resource_guid
- Model ActiveDefaultSecurityAdminRule has a new parameter resource_guid
- Model ActiveSecurityAdminRule has a new parameter resource_guid
- Model AdminRule has a new parameter resource_guid
- Model AdminRuleCollection has a new parameter resource_guid
- Model ApplicationGateway has a new parameter default_predefined_ssl_policy
- Model ConfigurationGroup has a new parameter resource_guid
- Model ConnectivityConfiguration has a new parameter resource_guid
- Model DefaultAdminRule has a new parameter resource_guid
- Model EffectiveConnectivityConfiguration has a new parameter resource_guid
- Model EffectiveDefaultSecurityAdminRule has a new parameter resource_guid
- Model EffectiveSecurityAdminRule has a new parameter resource_guid
- Model NetworkGroup has a new parameter resource_guid
- Model NetworkManager has a new parameter resource_guid
- Model SecurityAdminConfiguration has a new parameter resource_guid
- Model VirtualNetworkGateway has a new parameter admin_state
boto/boto3 (boto3)
### [`v1.28.16`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12816)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.15...1.28.16)
\=======
- api-change:`amplifyuibuilder`: \[`botocore`] Amplify Studio releases GraphQL support for codegen job action.
- api-change:`autoscaling`: \[`botocore`] You can now configure an instance refresh to set its status to 'failed' when it detects that a specified CloudWatch alarm has gone into the ALARM state. You can also choose to roll back the instance refresh automatically when the alarm threshold is met.
- api-change:`cleanrooms`: \[`botocore`] This release introduces custom SQL queries - an expanded set of SQL you can run. This release adds analysis templates, a new resource for storing pre-defined custom SQL queries ahead of time. This release also adds the Custom analysis rule, which lets you approve analysis templates for querying.
- api-change:`codestar-connections`: \[`botocore`] New integration with the Gitlab provider type.
- api-change:`drs`: \[`botocore`] Add support for in-aws right sizing
- api-change:`inspector2`: \[`botocore`] This release adds 1 new API: BatchGetFindingDetails to retrieve enhanced vulnerability intelligence details for findings.
- api-change:`lookoutequipment`: \[`botocore`] This release includes new import resource, model versioning and resource policy features.
- api-change:`omics`: \[`botocore`] Add CreationType filter for ListReadSets
- api-change:`rds`: \[`botocore`] This release adds support for Aurora MySQL local write forwarding, which allows for forwarding of write operations from reader DB instances to the writer DB instance.
- api-change:`route53`: \[`botocore`] Amazon Route 53 now supports the Israel (Tel Aviv) Region (il-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
- api-change:`scheduler`: \[`botocore`] This release introduces automatic deletion of schedules in EventBridge Scheduler. If configured, EventBridge Scheduler automatically deletes a schedule after the schedule has completed its last invocation.
### [`v1.28.15`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12815)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.14...1.28.15)
\=======
- enhancement:HTTP: \[`botocore`] Move 100-continue behavior to use `HTTPConnections` request interface.
- api-change:`application-insights`: \[`botocore`] This release enable customer to add/remove/update more than one workload for a component
- api-change:`cloudformation`: \[`botocore`] This SDK release is for the feature launch of AWS CloudFormation RetainExceptOnCreate. It adds a new parameter retainExceptOnCreate in the following APIs: CreateStack, UpdateStack, RollbackStack, ExecuteChangeSet.
- api-change:`cloudfront`: \[`botocore`] Add a new JavaScript runtime version for CloudFront Functions.
- api-change:`connect`: \[`botocore`] This release adds support for new number types.
- api-change:`kafka`: \[`botocore`] Amazon MSK has introduced new versions of ListClusterOperations and DescribeClusterOperation APIs. These v2 APIs provide information and insights into the ongoing operations of both MSK Provisioned and MSK Serverless clusters.
- api-change:`pinpoint`: \[`botocore`] Added support for sending push notifications using the FCM v1 API with json credentials. Amazon Pinpoint customers can now deliver messages to Android devices using both FCM v1 API and the legacy FCM/GCM API
### [`v1.28.14`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12814)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.13...1.28.14)
\=======
- enhancement:compression: \[`botocore`] Adds support for the `requestcompression` operation trait.
- api-change:`sqs`: \[`botocore`] Documentation changes related to SQS APIs.
### [`v1.28.13`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12813)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.12...1.28.13)
\=======
- api-change:`autoscaling`: \[`botocore`] This release updates validation for instance types used in the AllowedInstanceTypes and ExcludedInstanceTypes parameters of the InstanceRequirements property of a MixedInstancesPolicy.
- api-change:`ebs`: \[`botocore`] SDK and documentation updates for Amazon Elastic Block Store API
- api-change:`ec2`: \[`botocore`] SDK and documentation updates for Amazon Elastic Block Store APIs
- api-change:`eks`: \[`botocore`] Add multiple customer error code to handle customer caused failure when managing EKS node groups
- api-change:`sagemaker`: \[`botocore`] Expose ProfilerConfig attribute in SageMaker Search API response.
### [`v1.28.12`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12812)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.11...1.28.12)
\=======
- api-change:`cloudcontrol`: \[`botocore`] Updates the documentation for CreateResource.
- api-change:`entityresolution`: \[`botocore`] AWS Entity Resolution can effectively match a source record from a customer relationship management (CRM) system with a source record from a marketing system containing campaign information.
- api-change:`glue`: \[`botocore`] Release Glue Studio Snowflake Connector Node for SDK/CLI
- api-change:`healthlake`: \[`botocore`] Updating the HealthLake service documentation.
- api-change:`managedblockchain-query`: \[`botocore`] Amazon Managed Blockchain (AMB) Query provides serverless access to standardized, multi-blockchain datasets with developer-friendly APIs.
- api-change:`mediaconvert`: \[`botocore`] This release includes general updates to user documentation.
- api-change:`omics`: \[`botocore`] The service is renaming as a part of AWS Health.
- api-change:`opensearchserverless`: \[`botocore`] This release adds new collection type VectorSearch.
- api-change:`polly`: \[`botocore`] Amazon Polly adds 1 new voice - Lisa (nl-BE)
- api-change:`route53`: \[`botocore`] Update that corrects the documents for received feedback.
### [`v1.28.11`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12811)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.10...1.28.11)
\=======
- api-change:`billingconductor`: \[`botocore`] Added support for Auto-Assocate Billing Groups for CreateBillingGroup, UpdateBillingGroup, and ListBillingGroups.
- api-change:`customer-profiles`: \[`botocore`] Amazon Connect Customer Profiles now supports rule-based resolution to match and merge similar profiles into unified profiles, helping companies deliver faster and more personalized customer service by providing access to relevant customer information for agents and automated experiences.
- api-change:`datasync`: \[`botocore`] AWS DataSync now supports Microsoft Azure Blob Storage locations.
- api-change:`dynamodb`: \[`botocore`] Documentation updates for DynamoDB
- api-change:`ec2`: \[`botocore`] This release adds an instance's peak and baseline network bandwidth as well as the memory sizes of an instance's inference accelerators to DescribeInstanceTypes.
- api-change:`emr-serverless`: \[`botocore`] This release adds support for publishing application logs to CloudWatch.
- api-change:`lambda`: \[`botocore`] Add Python 3.11 (python3.11) support to AWS Lambda
- api-change:`rds`: \[`botocore`] This release adds support for monitoring storage optimization progress on the DescribeDBInstances API.
- api-change:`sagemaker`: \[`botocore`] Mark ContentColumn and TargetLabelColumn as required Targets in TextClassificationJobConfig in CreateAutoMLJobV2API
- api-change:`securityhub`: \[`botocore`] Add support for CONTAINS and NOT_CONTAINS comparison operators for Automation Rules string filters and map filters
- api-change:`sts`: \[`botocore`] API updates for the AWS Security Token Service
- api-change:`transfer`: \[`botocore`] This release adds support for SFTP Connectors.
- api-change:`wisdom`: \[`botocore`] This release added two new data types: AssistantIntegrationConfiguration, and SessionIntegrationConfiguration to support Wisdom integration with Amazon Connect Chat
### [`v1.28.10`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12810)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.9...1.28.10)
\=======
- api-change:`apigatewayv2`: \[`botocore`] Documentation updates for Amazon API Gateway.
- api-change:`ce`: \[`botocore`] This release introduces the new API 'GetSavingsPlanPurchaseRecommendationDetails', which retrieves the details for a Savings Plan recommendation. It also updates the existing API 'GetSavingsPlansPurchaseRecommendation' to include the recommendation detail ID.
- api-change:`chime-sdk-media-pipelines`: \[`botocore`] AWS Media Pipeline compositing enhancement and Media Insights Pipeline auto language identification.
- api-change:`cloudformation`: \[`botocore`] This release supports filtering by DRIFT_STATUS for existing API ListStackInstances and adds support for a new API ListStackInstanceResourceDrifts. Customers can now view resource drift information from their StackSet management accounts.
- api-change:`ec2`: \[`botocore`] Add "disabled" enum value to SpotInstanceState.
- api-change:`glue`: \[`botocore`] Added support for Data Preparation Recipe node in Glue Studio jobs
- api-change:`quicksight`: \[`botocore`] This release launches new Snapshot APIs for CSV and PDF exports, adds support for info icon for filters and parameters in Exploration APIs, adds modeled exception to the DeleteAccountCustomization API, and introduces AttributeAggregationFunction's ability to add UNIQUE_VALUE aggregation in tooltips.
### [`v1.28.9`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1289)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.8...1.28.9)
\======
- api-change:`glue`: \[`botocore`] This release adds support for AWS Glue Crawler with Apache Hudi Tables, allowing Crawlers to discover Hudi Tables in S3 and register them in Glue Data Catalog for query engines to query against.
- api-change:`mediaconvert`: \[`botocore`] This release includes improvements to Preserve 444 handling, compatibility of HEVC sources without frame rates, and general improvements to MP4 outputs.
- api-change:`rds`: \[`botocore`] Adds support for the DBSystemID parameter of CreateDBInstance to RDS Custom for Oracle.
- api-change:`workspaces`: \[`botocore`] Fixed VolumeEncryptionKey descriptions
### [`v1.28.8`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1288)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.7...1.28.8)
\======
- api-change:`codecatalyst`: \[`botocore`] This release adds support for updating and deleting spaces and projects in Amazon CodeCatalyst. It also adds support for creating, getting, and deleting source repositories in CodeCatalyst projects.
- api-change:`connectcases`: \[`botocore`] This release adds the ability to assign a case to a queue or user.
- api-change:`lexv2-models`: \[`botocore`] Update lexv2-models client to latest version
- api-change:`route53resolver`: \[`botocore`] This release adds support for Route 53 On Outposts, a new feature that allows customers to run Route 53 Resolver and Resolver endpoints locally on their Outposts.
- api-change:`s3`: \[`botocore`] Improve performance of S3 clients by simplifying and optimizing endpoint resolution.
- api-change:`sagemaker-featurestore-runtime`: \[`botocore`] Cross account support for SageMaker Feature Store
- api-change:`sagemaker`: \[`botocore`] Cross account support for SageMaker Feature Store
- api-change:`securitylake`: \[`botocore`] Adding support for Tags on Create and Resource Tagging API.
- api-change:`transcribe`: \[`botocore`] Added API argument --toxicity-detection to startTranscriptionJob API, which allows users to view toxicity scores of submitted audio.
### [`v1.28.7`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1287)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.6...1.28.7)
\======
- enhancement:AWSCRT: \[`botocore`] Upgrade awscrt version to 0.16.26
- api-change:`savingsplans`: \[`botocore`] Savings Plans endpoints update
### [`v1.28.6`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1286)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.5...1.28.6)
\======
- api-change:`cloudformation`: \[`botocore`] SDK and documentation updates for GetTemplateSummary API (unrecognized resources)
- api-change:`ec2`: \[`botocore`] Amazon EC2 documentation updates.
- api-change:`grafana`: \[`botocore`] Amazon Managed Grafana now supports grafanaVersion update for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId, the versions it can upgrade to.
- api-change:`medical-imaging`: \[`botocore`] General Availability (GA) release of AWS Health Imaging, enabling customers to store, transform, and analyze medical imaging data at petabyte-scale.
- api-change:`ram`: \[`botocore`] This release adds support for securely sharing with AWS service principals.
- api-change:`ssm-sap`: \[`botocore`] Added support for SAP Hana High Availability discovery (primary and secondary nodes) and Backint agent installation with SSM for SAP.
- api-change:`wafv2`: \[`botocore`] Added the URI path to the custom aggregation keys that you can specify for a rate-based rule.
### [`v1.28.5`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1285)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.4...1.28.5)
\======
- api-change:`codeguru-security`: \[`botocore`] Documentation updates for CodeGuru Security.
- api-change:`connect`: \[`botocore`] GetMetricDataV2 API: Update to include Contact Lens Conversational Analytics Metrics
- api-change:`es`: \[`botocore`] Regex Validation on the ElasticSearch Engine Version attribute
- api-change:`lexv2-models`: \[`botocore`] Update lexv2-models client to latest version
- api-change:`m2`: \[`botocore`] Allows UpdateEnvironment to update the environment to 0 host capacity. New GetSignedBluinsightsUrl API
- api-change:`snowball`: \[`botocore`] Adds support for RACK\_5U_C. This is the first AWS Snow Family device designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU device in a portable, compact 5U, half-rack width form-factor.
- api-change:`translate`: \[`botocore`] Added DOCX word document support to TranslateDocument API
### [`v1.28.4`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1284)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.3...1.28.4)
\======
- api-change:`codeartifact`: \[`botocore`] Doc only update for AWS CodeArtifact
- api-change:`docdb`: \[`botocore`] Added major version upgrade option in ModifyDBCluster API
- api-change:`ec2`: \[`botocore`] Add Nitro TPM support on DescribeInstanceTypes
- api-change:`glue`: \[`botocore`] Adding new supported permission type flags to get-unfiltered endpoints that callers may pass to indicate support for enforcing Lake Formation fine-grained access control on nested column attributes.
- api-change:`ivs`: \[`botocore`] This release provides the flexibility to configure what renditions or thumbnail qualities to record when creating recording configuration.
- api-change:`lakeformation`: \[`botocore`] Adds supports for ReadOnlyAdmins and AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource.
### [`v1.28.3`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1283)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.2...1.28.3)
\======
- api-change:`cognito-idp`: \[`botocore`] API model updated in Amazon Cognito
- api-change:`connect`: \[`botocore`] Add support for deleting Queues and Routing Profiles.
- api-change:`datasync`: \[`botocore`] Added LunCount to the response object of DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system resource.
- api-change:`dms`: \[`botocore`] Enhanced PostgreSQL target endpoint settings for providing Babelfish support.
- api-change:`ec2`: \[`botocore`] This release adds support for the C7gn and Hpc7g instances. C7gn instances are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards. Hpc7g instances are powered by AWS Graviton 3E processors and provide up to 200 Gbps network bandwidth.
- api-change:`fsx`: \[`botocore`] Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP feature that enables you to protect your files in a volume by transitioning them to a write once, read many (WORM) state.
- api-change:`iam`: \[`botocore`] Documentation updates for AWS Identity and Access Management (IAM).
- api-change:`mediatailor`: \[`botocore`] Adds categories to MediaTailor channel assembly alerts
- api-change:`personalize`: \[`botocore`] This release provides ability to customers to change schema associated with their datasets in Amazon Personalize
- api-change:`proton`: \[`botocore`] This release adds support for deployment history for Proton provisioned resources
- api-change:`s3`: \[`botocore`] S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports.
- api-change:`sagemaker`: \[`botocore`] Amazon SageMaker Canvas adds WorkspeceSettings support for CanvasAppSettings
- api-change:`secretsmanager`: \[`botocore`] Documentation updates for Secrets Manager
### [`v1.28.2`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1282)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.1...1.28.2)
\======
- bugfix:s3: \[`botocore`] Fix s3 presigned URLs for operations with query components (`#2962 `\__)
- api-change:`cognito-idp`: \[`botocore`] API model updated in Amazon Cognito
### [`v1.28.1`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12816)
[Compare Source](https://togithub.com/boto/boto3/compare/1.28.0...1.28.1)
\=======
- api-change:`amplifyuibuilder`: \[`botocore`] Amplify Studio releases GraphQL support for codegen job action.
- api-change:`autoscaling`: \[`botocore`] You can now configure an instance refresh to set its status to 'failed' when it detects that a specified CloudWatch alarm has gone into the ALARM state. You can also choose to roll back the instance refresh automatically when the alarm threshold is met.
- api-change:`cleanrooms`: \[`botocore`] This release introduces custom SQL queries - an expanded set of SQL you can run. This release adds analysis templates, a new resource for storing pre-defined custom SQL queries ahead of time. This release also adds the Custom analysis rule, which lets you approve analysis templates for querying.
- api-change:`codestar-connections`: \[`botocore`] New integration with the Gitlab provider type.
- api-change:`drs`: \[`botocore`] Add support for in-aws right sizing
- api-change:`inspector2`: \[`botocore`] This release adds 1 new API: BatchGetFindingDetails to retrieve enhanced vulnerability intelligence details for findings.
- api-change:`lookoutequipment`: \[`botocore`] This release includes new import resource, model versioning and resource policy features.
- api-change:`omics`: \[`botocore`] Add CreationType filter for ListReadSets
- api-change:`rds`: \[`botocore`] This release adds support for Aurora MySQL local write forwarding, which allows for forwarding of write operations from reader DB instances to the writer DB instance.
- api-change:`route53`: \[`botocore`] Amazon Route 53 now supports the Israel (Tel Aviv) Region (il-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
- api-change:`scheduler`: \[`botocore`] This release introduces automatic deletion of schedules in EventBridge Scheduler. If configured, EventBridge Scheduler automatically deletes a schedule after the schedule has completed its last invocation.
### [`v1.28.0`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1280)
[Compare Source](https://togithub.com/boto/boto3/compare/1.27.1...1.28.0)
\======
- enhancement:configprovider: \[`botocore`] Always use shallow copy of session config value store for clients
- feature:configuration: \[`botocore`] Configure the endpoint URL in the shared configuration file or via an environment variable for a specific AWS service or all AWS services.
- bugfix:configprovider: \[`botocore`] Fix bug when deep copying config value store where overrides were not preserved
- api-change:`ec2`: \[`botocore`] Add Nitro Enclaves support on DescribeInstanceTypes
- api-change:`location`: \[`botocore`] This release adds support for authenticating with Amazon Location Service's Places & Routes APIs with an API Key. Also, with this release developers can publish tracked device position updates to Amazon EventBridge.
- api-change:`outposts`: \[`botocore`] Added paginator support to several APIs. Added the ISOLATED enum value to AssetState.
- api-change:`quicksight`: \[`botocore`] This release includes below three changes: small multiples axes improvement, field based coloring, removed required trait from Aggregation function for TopBottomFilter.
- api-change:`rds`: \[`botocore`] Updates Amazon RDS documentation for creating DB instances and creating Aurora global clusters.
### [`v1.27.1`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1271)
[Compare Source](https://togithub.com/boto/boto3/compare/1.27.0...1.27.1)
\======
- api-change:`comprehendmedical`: \[`botocore`] Update to Amazon Comprehend Medical documentation.
- api-change:`connect`: \[`botocore`] GetMetricDataV2 API: Channels filters do not count towards overall limitation of 100 filter values.
- api-change:`kms`: \[`botocore`] Added Dry Run Feature to cryptographic and cross-account mutating KMS APIs (14 in all). This feature allows users to test their permissions and parameters before making the actual API call.
- api-change:`mgn`: \[`botocore`] This release introduces the Global view feature and new Replication state APIs.
- api-change:`securityhub`: \[`botocore`] Documentation updates for AWS Security Hub
### [`v1.27.0`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1270)
[Compare Source](https://togithub.com/boto/boto3/compare/1.26.165...1.27.0)
\======
- feature:Useragent: \[`botocore`] Update User-Agent header format
- api-change:`batch`: \[`botocore`] This feature allows customers to use AWS Batch with Linux with ARM64 CPU Architecture and X86\_64 CPU Architecture with Windows OS on Fargate Platform.
- api-change:`sagemaker`: \[`botocore`] SageMaker Inference Recommender now accepts new fields SupportedEndpointType and ServerlessConfiguration to support serverless endpoints.
nolar/kopf (kopf)
### [`v1.36.2`](https://togithub.com/nolar/kopf/releases/tag/1.36.2)
[Compare Source](https://togithub.com/nolar/kopf/compare/1.36.1...1.36.2)
#### What's Changed
- Fix crash when an APIResource has no verbs by [@lukasstockner](https://togithub.com/lukasstockner) in [https://github.com/nolar/kopf/pull/1000](https://togithub.com/nolar/kopf/pull/1000)
#### New Contributors
- [@lukasstockner](https://togithub.com/lukasstockner) made their first contribution in [https://github.com/nolar/kopf/pull/1000](https://togithub.com/nolar/kopf/pull/1000)
**Full Changelog**: https://github.com/nolar/kopf/compare/1.36.1...1.36.2
kubernetes-client/python (kubernetes)
### [`v27.2.0`](https://togithub.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v2720a1)
[Compare Source](https://togithub.com/kubernetes-client/python/compare/v26.1.0...v27.2.0)
Kubernetes API Version: v1.27.2
##### API Change
- Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([kubernetes/kubernetes#117020](https://togithub.com/kubernetes/kubernetes/pull/117020), [@cji](https://togithub.com/cji)) \[SIG API Machinery and Node]
- Fixed an issue where kubelet does not set case-insensitive headers for http probes. ([#117182](https://togithub.com/kubernetes-client/python/issues/117182), [@dddddai](https://togithub.com/dddddai)) ([kubernetes/kubernetes#117324](https://togithub.com/kubernetes/kubernetes/pull/117324), [@dddddai](https://togithub.com/dddddai)) \[SIG API Machinery, Apps and Node]
- Revised the comment about the feature-gate level for PodFailurePolicy from alpha to beta ([kubernetes/kubernetes#117815](https://togithub.com/kubernetes/kubernetes/pull/117815), [@kerthcet](https://togithub.com/kerthcet)) \[SIG Apps]
- A fix in the `resource.k8s.io/v1alpha1/ResourceClaim` API avoids harmless (?) ".status.reservedFor: element 0: associative list without keys has an element that's a map type" errors in the apiserver. Validation now rejects the incorrect reuse of the same UID in different entries. ([kubernetes/kubernetes#115354](https://togithub.com/kubernetes/kubernetes/pull/115354), [@pohly](https://togithub.com/pohly))
- A terminating pod on a node that is not caused by preemption no longer prevents `kube-scheduler` from preempting pods on that node
- Rename `PreemptionByKubeScheduler` to `PreemptionByScheduler` ([kubernetes/kubernetes#114623](https://togithub.com/kubernetes/kubernetes/pull/114623), [@Huang-Wei](https://togithub.com/Huang-Wei))
- API: resource.k8s.io/v1alpha1.PodScheduling was renamed to resource.k8s.io/v1alpha2.PodSchedulingContext. ([kubernetes/kubernetes#116556](https://togithub.com/kubernetes/kubernetes/pull/116556), [@pohly](https://togithub.com/pohly)) \[SIG API Machinery, Apps, Auth, CLI, Node, Scheduling and Testing]
- Added CEL runtime cost calculation into ValidatingAdmissionPolicy, matching the evaluation cost
restrictions that already apply to CustomResourceDefinition.
If rule evaluation uses more compute than the limit, the API server aborts the evaluation and the
admission check that was being performed is aborted; the `failurePolicy` for the ValidatingAdmissionPolicy
determines the outcome. ([kubernetes/kubernetes#115747](https://togithub.com/kubernetes/kubernetes/pull/115747), [@cici37](https://togithub.com/cici37))
- Added `auditAnnotations` to `ValidatingAdmissionPolicy`, enabling CEL to be used to add audit annotations to request audit events.
Added `validationActions` to `ValidatingAdmissionPolicyBinding`, enabling validation failures to be handled by any combination of the warn, audit and deny enforcement actions. ([kubernetes/kubernetes#115973](https://togithub.com/kubernetes/kubernetes/pull/115973), [@jpbetz](https://togithub.com/jpbetz))
- Added `messageExpression` field to `ValidationRule`. ([kubernetes/kubernetes#115969](https://togithub.com/kubernetes/kubernetes/pull/115969), [@DangerOnTheRanger](https://togithub.com/DangerOnTheRanger))
- Added `messageExpression` to `ValidatingAdmissionPolicy`, to set custom failure message via CEL expression. ([kubernetes/kubernetes#116397](https://togithub.com/kubernetes/kubernetes/pull/116397), [@jiahuif](https://togithub.com/jiahuif)) \[SIG API Machinery]
- Added a new IPAddress object kind
- Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64 ([kubernetes/kubernetes#115075](https://togithub.com/kubernetes/kubernetes/pull/115075), [@aojea](https://togithub.com/aojea)) \[SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Network and Testing]
- Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`).
A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([kubernetes/kubernetes#113218](https://togithub.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://togithub.com/ahmedtd)) \[SIG API Machinery, Auth and Testing]
- Added authorization check support to the CEL expressions of ValidatingAdmissionPolicy via a `authorizer`
variable with expressions. The new variable provides a builder that allows expressions such `authorizer.group('').resource('pods').check('create').allowed()`. ([kubernetes/kubernetes#116054](https://togithub.com/kubernetes/kubernetes/pull/116054), [@jpbetz](https://togithub.com/jpbetz)) \[SIG API Machinery and Testing]
- Added matchConditions field to ValidatingAdmissionPolicy and enabled support for CEL based custom match criteria. ([kubernetes/kubernetes#116350](https://togithub.com/kubernetes/kubernetes/pull/116350), [@maxsmythe](https://togithub.com/maxsmythe))
- Added new option to the `InterPodAffinity` scheduler plugin to ignore existing
pods`preferred inter-pod affinities if the incoming pod has no preferred inter-pod
affinities. This option can be used as an optimization for higher scheduling throughput
(at the cost of an occasional pod being scheduled non-optimally/violating existing
pods preferred inter-pod affinities). To enable this scheduler option, set the`InterPodAffinity`scheduler plugin arg`ignorePreferredTermsOfExistingPods: true\` ([kubernetes/kubernetes#114393](https://togithub.com/kubernetes/kubernetes/pull/114393), [@danielvegamyhre](https://togithub.com/danielvegamyhre))
- Added the `MatchConditions` field to `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration` for the v1beta and v1 apis.
The `AdmissionWebhookMatchConditions` featuregate is now in Alpha ([kubernetes/kubernetes#116261](https://togithub.com/kubernetes/kubernetes/pull/116261), [@ivelichkovich](https://togithub.com/ivelichkovich)) \[SIG API Machinery and Testing]
- Added validation to ensure that if `service.kubernetes.io/topology-aware-hints` and `service.kubernetes.io/topology-mode` annotations are both set, they are set to the same value.Also Added deprecation warning if `service.kubernetes.io/topology-aware-hints` annotation is used. ([kubernetes/kubernetes#116612](https://togithub.com/kubernetes/kubernetes/pull/116612), [@robscott](https://togithub.com/robscott))
- Added warnings about workload resources (Pods, ReplicaSets, Deployments, Jobs, CronJobs, or ReplicationControllers) whose names are not valid DNS labels. ([kubernetes/kubernetes#114412](https://togithub.com/kubernetes/kubernetes/pull/114412), [@thockin](https://togithub.com/thockin))
- Adds feature gate `NodeLogQuery` which provides cluster administrators with a streaming view of logs using kubectl without them having to implement a client side reader or logging into the node. ([kubernetes/kubernetes#96120](https://togithub.com/kubernetes/kubernetes/pull/96120), [@LorbusChris](https://togithub.com/LorbusChris))
- Api: validation of a `PodSpec` now rejects invalid `ResourceClaim` and `ResourceClaimTemplate` names. For a pod, the name generated for the `ResourceClaim` when using a template also must be valid. ([kubernetes/kubernetes#116576](https://togithub.com/kubernetes/kubernetes/pull/116576), [@pohly](https://togithub.com/pohly))
- Bump default API QPS limits for Kubelet. ([kubernetes/kubernetes#116121](https://togithub.com/kubernetes/kubernetes/pull/116121), [@wojtek-t](https://togithub.com/wojtek-t))
- Enabled the `StatefulSetStartOrdinal` feature gate in beta ([kubernetes/kubernetes#115260](https://togithub.com/kubernetes/kubernetes/pull/115260), [@pwschuurman](https://togithub.com/pwschuurman))
- Enabled usage of `kube-proxy`, `kube-scheduler` and `kubelet` HTTP APIs for changing the logging
verbosity at runtime for JSON output. ([kubernetes/kubernetes#114609](https://togithub.com/kubernetes/kubernetes/pull/114609), [@pohly](https://togithub.com/pohly))
- Encryption of API Server at rest configuration now allows the use of wildcards in the list of resources. For example, *.* can be used to encrypt all resources, including all current and future custom resources. ([kubernetes/kubernetes#115149](https://togithub.com/kubernetes/kubernetes/pull/115149), [@nilekhc](https://togithub.com/nilekhc))
- Extended the kubelet's PodResources API to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation`. Additionally, added a new `Get()` method to query a specific pod for its resources. ([kubernetes/kubernetes#115847](https://togithub.com/kubernetes/kubernetes/pull/115847), [@moshe010](https://togithub.com/moshe010)) \[SIG Node]
- Forbid to set matchLabelKeys when labelSelector is not set in topologySpreadConstraints ([kubernetes/kubernetes#116535](https://togithub.com/kubernetes/kubernetes/pull/116535), [@denkensk](https://togithub.com/denkensk))
- GCE does not support LoadBalancer Services with ports with different protocols (TCP and UDP) ([kubernetes/kubernetes#115966](https://togithub.com/kubernetes/kubernetes/pull/115966), [@aojea](https://togithub.com/aojea)) \[SIG Apps and Cloud Provider]
- GRPC probes are now a GA feature. `GRPCContainerProbe` feature gate was locked to default value and will be removed in v1.29. If you were setting this feature gate explicitly, please remove it now. ([kubernetes/kubernetes#116233](https://togithub.com/kubernetes/kubernetes/pull/116233), [@SergeyKanzhelev](https://togithub.com/SergeyKanzhelev))
- Graduated `Kubelet Topology Manager` to GA. ([kubernetes/kubernetes#116093](https://togithub.com/kubernetes/kubernetes/pull/116093), [@swatisehgal](https://togithub.com/swatisehgal))
- Graduated `KubeletTracing` to beta, which means that the feature gate is now enabled by default. ([kubernetes/kubernetes#115750](https://togithub.com/kubernetes/kubernetes/pull/115750), [@saschagrunert](https://togithub.com/saschagrunert))
- Graduated seccomp profile defaulting to GA.
Set the kubelet `--seccomp-default` flag or `seccompDefault` kubelet configuration field to `true` to make pods on that node default to using the `RuntimeDefault` seccomp profile.
Enabling seccomp for your workload can have a negative performance impact depending on the kernel and container runtime version in use.
Guidance for identifying and mitigating those issues is outlined in the Kubernetes [seccomp tutorial](https://k8s.io/docs/tutorials/security/seccomp). ([kubernetes/kubernetes#115719](https://togithub.com/kubernetes/kubernetes/pull/115719), [@saschagrunert](https://togithub.com/saschagrunert)) \[SIG API Machinery, Node, Storage and Testing]
- Graduated the container resource metrics feature on `HPA` to beta. ([kubernetes/kubernetes#116046](https://togithub.com/kubernetes/kubernetes/pull/116046), [@sanposhiho](https://togithub.com/sanposhiho))
- Implemented API streaming for the `watch-cache`
When `sendInitialEvents` `ListOption` is set together with `watch=true`, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([kubernetes/kubernetes#110960](https://togithub.com/kubernetes/kubernetes/pull/110960), [@p0lyn0mial](https://togithub.com/p0lyn0mial))
- Introduced API for streaming.
Added `SendInitialEvents` field to the `ListOptions`. When the new option is set together with `watch=true`, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([kubernetes/kubernetes#115402](https://togithub.com/kubernetes/kubernetes/pull/115402), [@p0lyn0mial](https://togithub.com/p0lyn0mial))
- Introduced a breaking change to the `resource.k8s.io` API in its `AllocationResult` struct. This change allows a kubelet plugin for the `DynamicResourceAllocation` feature to service allocations from multiple resource driver controllers. ([kubernetes/kubernetes#116332](https://togithub.com/kubernetes/kubernetes/pull/116332), [@klueska](https://togithub.com/klueska))
- Introduces new alpha functionality to the reflector, allowing user to enable API streaming.
To activate this feature, users can set the `ENABLE_CLIENT_GO_WATCH_LIST_ALPHA` environmental variable.
It is important to note that the server must support streaming for this feature to function properly.
If streaming is not supported by the server, the reflector will revert to the previous method
of obtaining data through LIST/WATCH semantics. ([kubernetes/kubernetes#110772](https://togithub.com/kubernetes/kubernetes/pull/110772), [@p0lyn0mial](https://togithub.com/p0lyn0mial)) \[SIG API Machinery]
- K8s.io/client-go/tools/record.EventBroadcaster: after Shutdown() is called, the broadcaster now gives up immediately after a failure to write an event to a sink. Previously it tried multiple times for 12 seconds in a goroutine. ([kubernetes/kubernetes#115514](https://togithub.com/kubernetes/kubernetes/pull/115514), [@pohly](https://togithub.com/pohly)) \[SIG API Machinery]
- K8s.io/component-base/logs: usage of the pflag values in a normal Go flag set led to panics when printing the help message ([kubernetes/kubernetes#114680](https://togithub.com/kubernetes/kubernetes/pull/114680), [@pohly](https://togithub.com/pohly)) \[SIG Instrumentation]
- Kubeadm: explicitly set `priority` for static pods with `priorityClassName: system-node-critical` ([kubernetes/kubernetes#114338](https://togithub.com/kubernetes/kubernetes/pull/114338), [@champtar](https://togithub.com/champtar)) \[SIG Cluster Lifecycle]
- Kubelet: a "maxParallelImagePulls" field can now be specified in the kubelet configuration file to control how many image pulls the kubelet can perform in parallel. ([kubernetes/kubernetes#115220](https://togithub.com/kubernetes/kubernetes/pull/115220), [@ruiwen-zhao](https://togithub.com/ruiwen-zhao)) \[SIG API Machinery, Node and Scalability]
- Kubelet: changed `MemoryThrottlingFactor` default value to `0.9` and formulas to calculate `memory.high` ([kubernetes/kubernetes#115371](https://togithub.com/kubernetes/kubernetes/pull/115371), [@pacoxu](https://togithub.com/pacoxu))
- Kubernetes components that perform leader election now only support using `Leases` for this. ([kubernetes/kubernetes#114055](https://togithub.com/kubernetes/kubernetes/pull/114055), [@aimuz](https://togithub.com/aimuz))
- Migrated the `DaemonSet` controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([kubernetes/kubernetes#113622](https://togithub.com/kubernetes/kubernetes/pull/113622), [@249043822](https://togithub.com/249043822))
- New `service.kubernetes.io/topology-mode` annotation has been introduced as a replacement for the `service.kubernetes.io/topology-aware-hints` annotation.
- `service.kubernetes.io/topology-aware-hints` annotation has been deprecated.
- kube-proxy now accepts any value that is not "disabled" for these annotations, enabling custom implementation-specific and/or future built-in heuristics to be used. ([kubernetes/kubernetes#116522](https://togithub.com/kubernetes/kubernetes/pull/116522), [@robscott](https://togithub.com/robscott)) \[SIG Apps, Network and Testing]
- Pods owned by a Job now uses the labels `batch.kubernetes.io/job-name` and `batch.kubernetes.io/controller-uid`.
The legacy labels `job-name` and `controller-uid` are still added for compatibility. ([kubernetes/kubernetes#114930](https://togithub.com/kubernetes/kubernetes/pull/114930), [@kannon92](https://togithub.com/kannon92))
- Promoted `CronJobTimeZone` feature to GA ([kubernetes/kubernetes#115904](https://togithub.com/kubernetes/kubernetes/pull/115904), [@soltysh](https://togithub.com/soltysh))
- Promoted `SelfSubjectReview` to Beta ([kubernetes/kubernetes#116274](https://togithub.com/kubernetes/kubernetes/pull/116274), [@nabokihms](https://togithub.com/nabokihms)) \[SIG API Machinery, Auth, CLI and Testing]
- Relaxed API validation to allow pod node selector to be mutable for gated pods (additions only, no deletions or mutations). ([kubernetes/kubernetes#116161](https://togithub.com/kubernetes/kubernetes/pull/116161), [@danielvegamyhre](https://togithub.com/danielvegamyhre))
- Remove `kubernetes.io/grpc` standard appProtocol ([kubernetes/kubernetes#116866](https://togithub.com/kubernetes/kubernetes/pull/116866), [@LiorLieberman](https://togithub.com/LiorLieberman)) \[SIG API Machinery and Apps]
- Remove deprecated `--enable-taint-manager` and `--pod-eviction-timeout` CLI ([kubernetes/kubernetes#115840](https://togithub.com/kubernetes/kubernetes/pull/115840), [@atosatto](https://togithub.com/atosatto))
- Removed support for the `v1alpha1` kubeletplugin API of `DynamicResourceManagement`. All plugins must be updated to `v1alpha2` in order to function properly. ([kubernetes/kubernetes#116558](https://togithub.com/kubernetes/kubernetes/pull/116558), [@klueska](https://togithub.com/klueska))
- The API server now re-uses data encryption keys while the kms v2 plugin key ID is stable. Data encryption keys are still randomly generated on server start but an atomic counter is used to prevent nonce collisions. ([kubernetes/kubernetes#116155](https://togithub.com/kubernetes/kubernetes/pull/116155), [@enj](https://togithub.com/enj))
- The PodDisruptionBudget `spec.unhealthyPodEvictionPolicy` field has graduated to beta and is enabled by default. On servers with the feature enabled, this field may be set to `AlwaysAllow` to always allow unhealthy pods covered by the PodDisruptionBudget to be evicted. ([kubernetes/kubernetes#115363](https://togithub.com/kubernetes/kubernetes/pull/115363), [@ravisantoshgudimetla](https://togithub.com/ravisantoshgudimetla)) \[SIG Apps, Auth and Node]
- The `DownwardAPIHugePages` kubelet feature graduated to stable / GA. ([kubernetes/kubernetes#115721](https://togithub.com/kubernetes/kubernetes/pull/115721), [@saschagrunert](https://togithub.com/saschagrunert)) \[SIG Apps and Node]
- The following feature gates for volume expansion GA features have now been removed and must no longer be referenced in `--feature-gates` flags: `ExpandCSIVolumes`, `ExpandInUsePersistentVolumes`, `ExpandPersistentVolumes` ([kubernetes/kubernetes#113942](https://togithub.com/kubernetes/kubernetes/pull/113942), [@mengjiao-liu](https://togithub.com/mengjiao-liu))
- The list-type of the alpha `resourceClaims` field introduced to `Pods` in `1.26.0` was modified from `set` to `map`, resolving an incompatibility with use of this schema in `CustomResourceDefinitions` and with server-side apply. ([kubernetes/kubernetes#114585](https://togithub.com/kubernetes/kubernetes/pull/114585), [@JoelSpeed](https://togithub.com/JoelSpeed))
- Updated API reference for Requests, specifying they must not exceed limits ([kubernetes/kubernetes#115434](https://togithub.com/kubernetes/kubernetes/pull/115434), [@ehashman](https://togithub.com/ehashman))
- Updated `KMSv2` to beta ([kubernetes/kubernetes#115123](https://togithub.com/kubernetes/kubernetes/pull/115123), [@aramase](https://togithub.com/aramase))
- Updated: Redefine AppProtocol field description and add new standard values ([kubernetes/kubernetes#115433](https://togithub.com/kubernetes/kubernetes/pull/115433), [@LiorLieberman](https://togithub.com/LiorLieberman)) \[SIG API Machinery, Apps and Network]
- `/metrics/slis` is now available for control plane components allowing you to scrape health check metrics. ([kubernetes/kubernetes#114997](https://togithub.com/kubernetes/kubernetes/pull/114997), [@Richabanker](https://togithub.com/Richabanker))
- `APIServerTracing` feature gate is now enabled by default. Tracing in the API
Server is still disabled by default, and requires a config file to enable. ([kubernetes/kubernetes#116144](https://togithub.com/kubernetes/kubernetes/pull/116144), [@dashpole](https://togithub.com/dashpole))
- `NodeResourceFit` and `NodeResourcesBalancedAllocation` implement the `PreScore`
extension point for a more performant calculation. ([kubernetes/kubernetes#115655](https://togithub.com/kubernetes/kubernetes/pull/115655), [@tangwz](https://togithub.com/tangwz))
- `PodSchedulingReadiness` is graduated to beta. ([kubernetes/kubernetes#115815](https://togithub.com/kubernetes/kubernetes/pull/115815), [@Huang-Wei](https://togithub.com/Huang-Wei))
- `PodSpec.Container.Resources` became mutable for CPU and memory resource types.
- `PodSpec.Container.ResizePolicy` (new object) gives users control over how their containers are resized.
- `PodStatus.Resize` status describes the state of a requested Pod resize.
- `PodStatus.ResourcesAllocated` describes node resources allocated to Pod.
- `PodStatus.Resources` describes node resources applied to running containers by CRI.
- `UpdateContainerResources` CRI API now supports both Linux and Windows. ([kubernetes/kubernetes#102884](https://togithub.com/kubernetes/kubernetes/pull/102884), [@vinaykul](https://togithub.com/vinaykul))
- `SELinuxMountReadWriteOncePod` graduated to Beta. ([kubernetes/kubernetes#116425](https://togithub.com/kubernetes/kubernetes/pull/116425), [@jsafrane](https://togithub.com/jsafrane))
- `StatefulSetAutoDeletePVC` feature gate promoted to beta. ([kubernetes/kubernetes#116501](https://togithub.com/kubernetes/kubernetes/pull/116501), [@mattcary](https://togithub.com/mattcary))
- `StatefulSet` names must be DNS labels, rather than subdomains. Any `StatefulSet`
which took advantage of subdomain validation (by having dots in the name) can't
possibly have worked, because we eventually set `pod.spec.hostname` from the `StatefulSetName`,
and that is validated as a DNS label. ([kubernetes/kubernetes#114172](https://togithub.com/kubernetes/kubernetes/pull/114172), [@thockin](https://togithub.com/thockin))
- `ValidatingAdmissionPolicy` now provides a status field that contains results of type checking the validation expression.
The type checking is fully informational, and the behavior of the policy is unchanged. ([kubernetes/kubernetes#115668](https://togithub.com/kubernetes/kubernetes/pull/115668), [@jiahuif](https://togithub.com/jiahuif))
- `cacheSize` field in `EncryptionConfiguration` is not supported for KMSv2 provider ([kubernetes/kubernetes#113121](https://togithub.com/kubernetes/kubernetes/pull/113121), [@aramase](https://togithub.com/aramase))
- `k8s.io/component-base/logs` now also supports adding command line flags to a `flag.FlagSet`. ([kubernetes/kubernetes#114731](https://togithub.com/kubernetes/kubernetes/pull/114731), [@pohly](https://togithub.com/pohly))
- `kubelet`: migrated `--container-runtime-endpoint` and `--image-service-endpoint`
to kubelet config ([kubernetes/kubernetes#112136](https://togithub.com/kubernetes/kubernetes/pull/112136), [@pacoxu](https://togithub.com/pacoxu))
- `resource.k8s.io/v1alpha1` was replaced with `resource.k8s.io/v1alpha2`. Before
upgrading a cluster, all objects in resource.k8s.io/v1alpha1 (ResourceClaim, ResourceClaimTemplate,
ResourceClass, PodScheduling) must be deleted. The changes are internal, so
YAML files which create pods and resource claims don't need changes except for
the newer `apiVersion`. ([kubernetes/kubernetes#116299](https://togithub.com/kubernetes/kubernetes/pull/116299), [@pohly](https://togithub.com/pohly))
- `volumes`: `resource.claims` is now cleared for PVC specs during create or update of a pod spec with inline PVC template or of a PVC because it has no effect. ([kubernetes/kubernetes#115928](https://togithub.com/kubernetes/kubernetes/pull/115928), [@pohly](https://togithub.com/pohly))
- Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`).
A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([kubernetes/kubernetes#113218](https://togithub.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://togithub.com/ahmedtd)) \[SIG API Machinery, Auth and Testing]
- Remove `kubernetes.io/grpc` standard appProtocol ([kubernetes/kubernetes#116866](https://togithub.com/kubernetes/kubernetes/pull/116866), [@LiorLieberman](https://togithub.com/LiorLieberman)) \[SIG API Machinery and Apps]
- API: resource.k8s.io/v1alpha1.PodScheduling was renamed to resource.k8s.io/v1alpha2.PodSchedulingContext. ([kubernetes/kubernetes#116556](https://togithub.com/kubernetes/kubernetes/pull/116556), [@pohly](https://togithub.com/pohly)) \[SIG API Machinery, Apps, Auth, CLI, Node, Scheduling and Testing]
- APIServerTracing feature gate is now enabled by default. Tracing in the API Server is still disabled by default, and requires a config file to enable. ([kubernetes/kubernetes#116144](https://togithub.com/kubernetes/kubernetes/pull/116144), [@dashpole](https://togithub.com/dashpole)) \[SIG API Machinery and Testing]
- Added CEL runtime cost calculation into ValidatingAdmissionPolicy, matching the evaluation cost
restrictions that already apply to CustomResourceDefinition.
If rule evaluation uses more compute than the limit, the API server aborts the evaluation and the
admission check that was being performed is aborted; the `failurePolicy` for the ValidatingAdmissionPolicy
determines the outcome. ([kubernetes/kubernetes#115747](https://togithub.com/kubernetes/kubernetes/pull/115747), [@cici37](https://togithub.com/cici37)) \[SIG API Machinery]
- Added `messageExpression` to `ValidatingAdmissionPolicy`, to set custom failure message via CEL expression. ([kubernetes/kubernetes#116397](https://togithub.com/kubernetes/kubernetes/pull/116397), [@jiahuif](https://togithub.com/jiahuif)) \[SIG API Machinery]
- Added a new IPAddress object kind
- Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64 ([kubernetes/kubernetes#115075](https://togithub.com/kubernetes/kubernetes/pull/115075), [@aojea](https://togithub.com/aojea)) \[SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Network and Testing]
- Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`).
A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([kubernetes/kubernetes#113218](https://togithub.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://togithub.com/ahmedtd)) \[SIG API Machinery, Auth and Testing]
- Added authorization check support to the CEL expressions of ValidatingAdmissionPolicy via a `authorizer`
variable with expressions. The new variable provides a builder that allows expressions such `authorizer.group('').resource('pods').check('create').allowed()`. ([kubernetes/kubernetes#116054](https://togithub.com/kubernetes/kubernetes/pull/116054), [@jpbetz](https://togithub.com/jpbetz)) \[SIG API Machinery and Testing]
- Added matchConditions field to ValidatingAdmissionPolicy, enabled support for CEL based custom match criteria. ([kubernetes/kubernetes#116350](https://togithub.com/kubernetes/kubernetes/pull/116350), [@maxsmythe](https://togithub.com/maxsmythe)) \[SIG API Machinery and Testing]
- Added messageExpression field to ValidationRule. ([#115969](https://togithub.com/kubernetes-client/python/issues/115969), [@DangerOnTheRanger](https://togithub.com/DangerOnTheRanger)) ([kubernetes/kubernetes#115969](https://togithub.com/kubernetes/kubernetes/pull/115969), [@DangerOnTheRanger](https://togithub.com/DangerOnTheRanger)) \[SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Instrumentation, Node and Testing]
- Added the `MatchConditions` field to `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration` for the v1beta and v1 apis.
The `AdmissionWebhookMatchConditions` featuregate is now in Alpha ([kubernetes/kubernetes#116261](https://togithub.com/kubernetes/kubernetes/pull/116261), [@ivelichkovich](https://togithub.com/ivelichkovich)) \[SIG API Machinery and Testing]
- Added validation to ensure that if `service.kubernetes.io/topology-aware-hints` and `service.kubernetes.io/topology-mode` annotations are both set, they are set to the same value.
- Added deprecation warning if `service.kubernetes.io/topology-aware-hints` annotation is used. ([kubernetes/kubernetes#116612](https://togithub.com/kubernetes/kubernetes/pull/116612), [@robscott](https://togithub.com/robscott)) \[SIG Apps, Network and Testing]
- Adds auditAnnotations to ValidatingAdmissionPolicy, enabling CEL to be used to add audit annotations to request audit events.
Adds validationActions to ValidatingAdmissionPolicyBinding, enabling validation failures to be handled by any combination of the warn, audit and deny enforcement actions. ([kubernetes/kubernetes#115973](https://togithub.com/kubernetes/kubernetes/pull/115973), [@jpbetz](https://togithub.com/jpbetz)) \[SIG API Machinery and Testing]
- Adds feature gate `NodeLogQuery` which prov
Configuration
📅 Schedule: Branch creation - "before 1pm on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
==23.1.0->==24.0.0==1.26.165->==1.28.16==1.36.1->==1.36.2==26.1.0->==27.2.0==6.0->==6.0.1Release Notes
Azure/azure-sdk-for-python (azure-mgmt-network)
### [`v24.0.0`](https://togithub.com/Azure/azure-sdk-for-python/releases/tag/azure-mgmt-network_24.0.0) #### 24.0.0 (2023-07-21) ##### Breaking Changes - Removed `HTTP_STATUS499` from enum `ApplicationGatewayCustomErrorStatusCode` ##### Features Added - Added enum `AdminState` - Model ActiveConnectivityConfiguration has a new parameter resource_guid - Model ActiveDefaultSecurityAdminRule has a new parameter resource_guid - Model ActiveSecurityAdminRule has a new parameter resource_guid - Model AdminRule has a new parameter resource_guid - Model AdminRuleCollection has a new parameter resource_guid - Model ApplicationGateway has a new parameter default_predefined_ssl_policy - Model ConfigurationGroup has a new parameter resource_guid - Model ConnectivityConfiguration has a new parameter resource_guid - Model DefaultAdminRule has a new parameter resource_guid - Model EffectiveConnectivityConfiguration has a new parameter resource_guid - Model EffectiveDefaultSecurityAdminRule has a new parameter resource_guid - Model EffectiveSecurityAdminRule has a new parameter resource_guid - Model NetworkGroup has a new parameter resource_guid - Model NetworkManager has a new parameter resource_guid - Model SecurityAdminConfiguration has a new parameter resource_guid - Model VirtualNetworkGateway has a new parameter admin_stateboto/boto3 (boto3)
### [`v1.28.16`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12816) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.15...1.28.16) \======= - api-change:`amplifyuibuilder`: \[`botocore`] Amplify Studio releases GraphQL support for codegen job action. - api-change:`autoscaling`: \[`botocore`] You can now configure an instance refresh to set its status to 'failed' when it detects that a specified CloudWatch alarm has gone into the ALARM state. You can also choose to roll back the instance refresh automatically when the alarm threshold is met. - api-change:`cleanrooms`: \[`botocore`] This release introduces custom SQL queries - an expanded set of SQL you can run. This release adds analysis templates, a new resource for storing pre-defined custom SQL queries ahead of time. This release also adds the Custom analysis rule, which lets you approve analysis templates for querying. - api-change:`codestar-connections`: \[`botocore`] New integration with the Gitlab provider type. - api-change:`drs`: \[`botocore`] Add support for in-aws right sizing - api-change:`inspector2`: \[`botocore`] This release adds 1 new API: BatchGetFindingDetails to retrieve enhanced vulnerability intelligence details for findings. - api-change:`lookoutequipment`: \[`botocore`] This release includes new import resource, model versioning and resource policy features. - api-change:`omics`: \[`botocore`] Add CreationType filter for ListReadSets - api-change:`rds`: \[`botocore`] This release adds support for Aurora MySQL local write forwarding, which allows for forwarding of write operations from reader DB instances to the writer DB instance. - api-change:`route53`: \[`botocore`] Amazon Route 53 now supports the Israel (Tel Aviv) Region (il-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region. - api-change:`scheduler`: \[`botocore`] This release introduces automatic deletion of schedules in EventBridge Scheduler. If configured, EventBridge Scheduler automatically deletes a schedule after the schedule has completed its last invocation. ### [`v1.28.15`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12815) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.14...1.28.15) \======= - enhancement:HTTP: \[`botocore`] Move 100-continue behavior to use `HTTPConnections` request interface. - api-change:`application-insights`: \[`botocore`] This release enable customer to add/remove/update more than one workload for a component - api-change:`cloudformation`: \[`botocore`] This SDK release is for the feature launch of AWS CloudFormation RetainExceptOnCreate. It adds a new parameter retainExceptOnCreate in the following APIs: CreateStack, UpdateStack, RollbackStack, ExecuteChangeSet. - api-change:`cloudfront`: \[`botocore`] Add a new JavaScript runtime version for CloudFront Functions. - api-change:`connect`: \[`botocore`] This release adds support for new number types. - api-change:`kafka`: \[`botocore`] Amazon MSK has introduced new versions of ListClusterOperations and DescribeClusterOperation APIs. These v2 APIs provide information and insights into the ongoing operations of both MSK Provisioned and MSK Serverless clusters. - api-change:`pinpoint`: \[`botocore`] Added support for sending push notifications using the FCM v1 API with json credentials. Amazon Pinpoint customers can now deliver messages to Android devices using both FCM v1 API and the legacy FCM/GCM API ### [`v1.28.14`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12814) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.13...1.28.14) \======= - enhancement:compression: \[`botocore`] Adds support for the `requestcompression` operation trait. - api-change:`sqs`: \[`botocore`] Documentation changes related to SQS APIs. ### [`v1.28.13`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12813) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.12...1.28.13) \======= - api-change:`autoscaling`: \[`botocore`] This release updates validation for instance types used in the AllowedInstanceTypes and ExcludedInstanceTypes parameters of the InstanceRequirements property of a MixedInstancesPolicy. - api-change:`ebs`: \[`botocore`] SDK and documentation updates for Amazon Elastic Block Store API - api-change:`ec2`: \[`botocore`] SDK and documentation updates for Amazon Elastic Block Store APIs - api-change:`eks`: \[`botocore`] Add multiple customer error code to handle customer caused failure when managing EKS node groups - api-change:`sagemaker`: \[`botocore`] Expose ProfilerConfig attribute in SageMaker Search API response. ### [`v1.28.12`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12812) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.11...1.28.12) \======= - api-change:`cloudcontrol`: \[`botocore`] Updates the documentation for CreateResource. - api-change:`entityresolution`: \[`botocore`] AWS Entity Resolution can effectively match a source record from a customer relationship management (CRM) system with a source record from a marketing system containing campaign information. - api-change:`glue`: \[`botocore`] Release Glue Studio Snowflake Connector Node for SDK/CLI - api-change:`healthlake`: \[`botocore`] Updating the HealthLake service documentation. - api-change:`managedblockchain-query`: \[`botocore`] Amazon Managed Blockchain (AMB) Query provides serverless access to standardized, multi-blockchain datasets with developer-friendly APIs. - api-change:`mediaconvert`: \[`botocore`] This release includes general updates to user documentation. - api-change:`omics`: \[`botocore`] The service is renaming as a part of AWS Health. - api-change:`opensearchserverless`: \[`botocore`] This release adds new collection type VectorSearch. - api-change:`polly`: \[`botocore`] Amazon Polly adds 1 new voice - Lisa (nl-BE) - api-change:`route53`: \[`botocore`] Update that corrects the documents for received feedback. ### [`v1.28.11`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12811) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.10...1.28.11) \======= - api-change:`billingconductor`: \[`botocore`] Added support for Auto-Assocate Billing Groups for CreateBillingGroup, UpdateBillingGroup, and ListBillingGroups. - api-change:`customer-profiles`: \[`botocore`] Amazon Connect Customer Profiles now supports rule-based resolution to match and merge similar profiles into unified profiles, helping companies deliver faster and more personalized customer service by providing access to relevant customer information for agents and automated experiences. - api-change:`datasync`: \[`botocore`] AWS DataSync now supports Microsoft Azure Blob Storage locations. - api-change:`dynamodb`: \[`botocore`] Documentation updates for DynamoDB - api-change:`ec2`: \[`botocore`] This release adds an instance's peak and baseline network bandwidth as well as the memory sizes of an instance's inference accelerators to DescribeInstanceTypes. - api-change:`emr-serverless`: \[`botocore`] This release adds support for publishing application logs to CloudWatch. - api-change:`lambda`: \[`botocore`] Add Python 3.11 (python3.11) support to AWS Lambda - api-change:`rds`: \[`botocore`] This release adds support for monitoring storage optimization progress on the DescribeDBInstances API. - api-change:`sagemaker`: \[`botocore`] Mark ContentColumn and TargetLabelColumn as required Targets in TextClassificationJobConfig in CreateAutoMLJobV2API - api-change:`securityhub`: \[`botocore`] Add support for CONTAINS and NOT_CONTAINS comparison operators for Automation Rules string filters and map filters - api-change:`sts`: \[`botocore`] API updates for the AWS Security Token Service - api-change:`transfer`: \[`botocore`] This release adds support for SFTP Connectors. - api-change:`wisdom`: \[`botocore`] This release added two new data types: AssistantIntegrationConfiguration, and SessionIntegrationConfiguration to support Wisdom integration with Amazon Connect Chat ### [`v1.28.10`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#12810) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.9...1.28.10) \======= - api-change:`apigatewayv2`: \[`botocore`] Documentation updates for Amazon API Gateway. - api-change:`ce`: \[`botocore`] This release introduces the new API 'GetSavingsPlanPurchaseRecommendationDetails', which retrieves the details for a Savings Plan recommendation. It also updates the existing API 'GetSavingsPlansPurchaseRecommendation' to include the recommendation detail ID. - api-change:`chime-sdk-media-pipelines`: \[`botocore`] AWS Media Pipeline compositing enhancement and Media Insights Pipeline auto language identification. - api-change:`cloudformation`: \[`botocore`] This release supports filtering by DRIFT_STATUS for existing API ListStackInstances and adds support for a new API ListStackInstanceResourceDrifts. Customers can now view resource drift information from their StackSet management accounts. - api-change:`ec2`: \[`botocore`] Add "disabled" enum value to SpotInstanceState. - api-change:`glue`: \[`botocore`] Added support for Data Preparation Recipe node in Glue Studio jobs - api-change:`quicksight`: \[`botocore`] This release launches new Snapshot APIs for CSV and PDF exports, adds support for info icon for filters and parameters in Exploration APIs, adds modeled exception to the DeleteAccountCustomization API, and introduces AttributeAggregationFunction's ability to add UNIQUE_VALUE aggregation in tooltips. ### [`v1.28.9`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1289) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.8...1.28.9) \====== - api-change:`glue`: \[`botocore`] This release adds support for AWS Glue Crawler with Apache Hudi Tables, allowing Crawlers to discover Hudi Tables in S3 and register them in Glue Data Catalog for query engines to query against. - api-change:`mediaconvert`: \[`botocore`] This release includes improvements to Preserve 444 handling, compatibility of HEVC sources without frame rates, and general improvements to MP4 outputs. - api-change:`rds`: \[`botocore`] Adds support for the DBSystemID parameter of CreateDBInstance to RDS Custom for Oracle. - api-change:`workspaces`: \[`botocore`] Fixed VolumeEncryptionKey descriptions ### [`v1.28.8`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1288) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.7...1.28.8) \====== - api-change:`codecatalyst`: \[`botocore`] This release adds support for updating and deleting spaces and projects in Amazon CodeCatalyst. It also adds support for creating, getting, and deleting source repositories in CodeCatalyst projects. - api-change:`connectcases`: \[`botocore`] This release adds the ability to assign a case to a queue or user. - api-change:`lexv2-models`: \[`botocore`] Update lexv2-models client to latest version - api-change:`route53resolver`: \[`botocore`] This release adds support for Route 53 On Outposts, a new feature that allows customers to run Route 53 Resolver and Resolver endpoints locally on their Outposts. - api-change:`s3`: \[`botocore`] Improve performance of S3 clients by simplifying and optimizing endpoint resolution. - api-change:`sagemaker-featurestore-runtime`: \[`botocore`] Cross account support for SageMaker Feature Store - api-change:`sagemaker`: \[`botocore`] Cross account support for SageMaker Feature Store - api-change:`securitylake`: \[`botocore`] Adding support for Tags on Create and Resource Tagging API. - api-change:`transcribe`: \[`botocore`] Added API argument --toxicity-detection to startTranscriptionJob API, which allows users to view toxicity scores of submitted audio. ### [`v1.28.7`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1287) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.6...1.28.7) \====== - enhancement:AWSCRT: \[`botocore`] Upgrade awscrt version to 0.16.26 - api-change:`savingsplans`: \[`botocore`] Savings Plans endpoints update ### [`v1.28.6`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1286) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.5...1.28.6) \====== - api-change:`cloudformation`: \[`botocore`] SDK and documentation updates for GetTemplateSummary API (unrecognized resources) - api-change:`ec2`: \[`botocore`] Amazon EC2 documentation updates. - api-change:`grafana`: \[`botocore`] Amazon Managed Grafana now supports grafanaVersion update for existing workspaces with UpdateWorkspaceConfiguration API. DescribeWorkspaceConfiguration API additionally returns grafanaVersion. A new ListVersions API lists available versions or, if given a workspaceId, the versions it can upgrade to. - api-change:`medical-imaging`: \[`botocore`] General Availability (GA) release of AWS Health Imaging, enabling customers to store, transform, and analyze medical imaging data at petabyte-scale. - api-change:`ram`: \[`botocore`] This release adds support for securely sharing with AWS service principals. - api-change:`ssm-sap`: \[`botocore`] Added support for SAP Hana High Availability discovery (primary and secondary nodes) and Backint agent installation with SSM for SAP. - api-change:`wafv2`: \[`botocore`] Added the URI path to the custom aggregation keys that you can specify for a rate-based rule. ### [`v1.28.5`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1285) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.4...1.28.5) \====== - api-change:`codeguru-security`: \[`botocore`] Documentation updates for CodeGuru Security. - api-change:`connect`: \[`botocore`] GetMetricDataV2 API: Update to include Contact Lens Conversational Analytics Metrics - api-change:`es`: \[`botocore`] Regex Validation on the ElasticSearch Engine Version attribute - api-change:`lexv2-models`: \[`botocore`] Update lexv2-models client to latest version - api-change:`m2`: \[`botocore`] Allows UpdateEnvironment to update the environment to 0 host capacity. New GetSignedBluinsightsUrl API - api-change:`snowball`: \[`botocore`] Adds support for RACK\_5U_C. This is the first AWS Snow Family device designed to meet U.S. Military Ruggedization Standards (MIL-STD-810H) with 208 vCPU device in a portable, compact 5U, half-rack width form-factor. - api-change:`translate`: \[`botocore`] Added DOCX word document support to TranslateDocument API ### [`v1.28.4`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1284) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.3...1.28.4) \====== - api-change:`codeartifact`: \[`botocore`] Doc only update for AWS CodeArtifact - api-change:`docdb`: \[`botocore`] Added major version upgrade option in ModifyDBCluster API - api-change:`ec2`: \[`botocore`] Add Nitro TPM support on DescribeInstanceTypes - api-change:`glue`: \[`botocore`] Adding new supported permission type flags to get-unfiltered endpoints that callers may pass to indicate support for enforcing Lake Formation fine-grained access control on nested column attributes. - api-change:`ivs`: \[`botocore`] This release provides the flexibility to configure what renditions or thumbnail qualities to record when creating recording configuration. - api-change:`lakeformation`: \[`botocore`] Adds supports for ReadOnlyAdmins and AllowFullTableExternalDataAccess. Adds NESTED_PERMISSION and NESTED_CELL_PERMISSION to SUPPORTED_PERMISSION_TYPES enum. Adds CREATE_LF_TAG on catalog resource and ALTER, DROP, and GRANT_WITH_LF_TAG_EXPRESSION on LF Tag resource. ### [`v1.28.3`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1283) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.2...1.28.3) \====== - api-change:`cognito-idp`: \[`botocore`] API model updated in Amazon Cognito - api-change:`connect`: \[`botocore`] Add support for deleting Queues and Routing Profiles. - api-change:`datasync`: \[`botocore`] Added LunCount to the response object of DescribeStorageSystemResourcesResponse, LunCount represents the number of LUNs on a storage system resource. - api-change:`dms`: \[`botocore`] Enhanced PostgreSQL target endpoint settings for providing Babelfish support. - api-change:`ec2`: \[`botocore`] This release adds support for the C7gn and Hpc7g instances. C7gn instances are powered by AWS Graviton3 processors and the fifth-generation AWS Nitro Cards. Hpc7g instances are powered by AWS Graviton 3E processors and provide up to 200 Gbps network bandwidth. - api-change:`fsx`: \[`botocore`] Amazon FSx for NetApp ONTAP now supports SnapLock, an ONTAP feature that enables you to protect your files in a volume by transitioning them to a write once, read many (WORM) state. - api-change:`iam`: \[`botocore`] Documentation updates for AWS Identity and Access Management (IAM). - api-change:`mediatailor`: \[`botocore`] Adds categories to MediaTailor channel assembly alerts - api-change:`personalize`: \[`botocore`] This release provides ability to customers to change schema associated with their datasets in Amazon Personalize - api-change:`proton`: \[`botocore`] This release adds support for deployment history for Proton provisioned resources - api-change:`s3`: \[`botocore`] S3 Inventory now supports Object Access Control List and Object Owner as available object metadata fields in inventory reports. - api-change:`sagemaker`: \[`botocore`] Amazon SageMaker Canvas adds WorkspeceSettings support for CanvasAppSettings - api-change:`secretsmanager`: \[`botocore`] Documentation updates for Secrets Manager ### [`v1.28.2`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#1282) [Compare Source](https://togithub.com/boto/boto3/compare/1.28.1...1.28.2) \====== - bugfix:s3: \[`botocore`] Fix s3 presigned URLs for operations with query components (`#2962nolar/kopf (kopf)
### [`v1.36.2`](https://togithub.com/nolar/kopf/releases/tag/1.36.2) [Compare Source](https://togithub.com/nolar/kopf/compare/1.36.1...1.36.2) #### What's Changed - Fix crash when an APIResource has no verbs by [@lukasstockner](https://togithub.com/lukasstockner) in [https://github.com/nolar/kopf/pull/1000](https://togithub.com/nolar/kopf/pull/1000) #### New Contributors - [@lukasstockner](https://togithub.com/lukasstockner) made their first contribution in [https://github.com/nolar/kopf/pull/1000](https://togithub.com/nolar/kopf/pull/1000) **Full Changelog**: https://github.com/nolar/kopf/compare/1.36.1...1.36.2kubernetes-client/python (kubernetes)
### [`v27.2.0`](https://togithub.com/kubernetes-client/python/blob/HEAD/CHANGELOG.md#v2720a1) [Compare Source](https://togithub.com/kubernetes-client/python/compare/v26.1.0...v27.2.0) Kubernetes API Version: v1.27.2 ##### API Change - Added error handling for seccomp localhost configurations that do not properly set a localhostProfile ([kubernetes/kubernetes#117020](https://togithub.com/kubernetes/kubernetes/pull/117020), [@cji](https://togithub.com/cji)) \[SIG API Machinery and Node] - Fixed an issue where kubelet does not set case-insensitive headers for http probes. ([#117182](https://togithub.com/kubernetes-client/python/issues/117182), [@dddddai](https://togithub.com/dddddai)) ([kubernetes/kubernetes#117324](https://togithub.com/kubernetes/kubernetes/pull/117324), [@dddddai](https://togithub.com/dddddai)) \[SIG API Machinery, Apps and Node] - Revised the comment about the feature-gate level for PodFailurePolicy from alpha to beta ([kubernetes/kubernetes#117815](https://togithub.com/kubernetes/kubernetes/pull/117815), [@kerthcet](https://togithub.com/kerthcet)) \[SIG Apps] - A fix in the `resource.k8s.io/v1alpha1/ResourceClaim` API avoids harmless (?) ".status.reservedFor: element 0: associative list without keys has an element that's a map type" errors in the apiserver. Validation now rejects the incorrect reuse of the same UID in different entries. ([kubernetes/kubernetes#115354](https://togithub.com/kubernetes/kubernetes/pull/115354), [@pohly](https://togithub.com/pohly)) - A terminating pod on a node that is not caused by preemption no longer prevents `kube-scheduler` from preempting pods on that node - Rename `PreemptionByKubeScheduler` to `PreemptionByScheduler` ([kubernetes/kubernetes#114623](https://togithub.com/kubernetes/kubernetes/pull/114623), [@Huang-Wei](https://togithub.com/Huang-Wei)) - API: resource.k8s.io/v1alpha1.PodScheduling was renamed to resource.k8s.io/v1alpha2.PodSchedulingContext. ([kubernetes/kubernetes#116556](https://togithub.com/kubernetes/kubernetes/pull/116556), [@pohly](https://togithub.com/pohly)) \[SIG API Machinery, Apps, Auth, CLI, Node, Scheduling and Testing] - Added CEL runtime cost calculation into ValidatingAdmissionPolicy, matching the evaluation cost restrictions that already apply to CustomResourceDefinition. If rule evaluation uses more compute than the limit, the API server aborts the evaluation and the admission check that was being performed is aborted; the `failurePolicy` for the ValidatingAdmissionPolicy determines the outcome. ([kubernetes/kubernetes#115747](https://togithub.com/kubernetes/kubernetes/pull/115747), [@cici37](https://togithub.com/cici37)) - Added `auditAnnotations` to `ValidatingAdmissionPolicy`, enabling CEL to be used to add audit annotations to request audit events. Added `validationActions` to `ValidatingAdmissionPolicyBinding`, enabling validation failures to be handled by any combination of the warn, audit and deny enforcement actions. ([kubernetes/kubernetes#115973](https://togithub.com/kubernetes/kubernetes/pull/115973), [@jpbetz](https://togithub.com/jpbetz)) - Added `messageExpression` field to `ValidationRule`. ([kubernetes/kubernetes#115969](https://togithub.com/kubernetes/kubernetes/pull/115969), [@DangerOnTheRanger](https://togithub.com/DangerOnTheRanger)) - Added `messageExpression` to `ValidatingAdmissionPolicy`, to set custom failure message via CEL expression. ([kubernetes/kubernetes#116397](https://togithub.com/kubernetes/kubernetes/pull/116397), [@jiahuif](https://togithub.com/jiahuif)) \[SIG API Machinery] - Added a new IPAddress object kind - Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64 ([kubernetes/kubernetes#115075](https://togithub.com/kubernetes/kubernetes/pull/115075), [@aojea](https://togithub.com/aojea)) \[SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Network and Testing] - Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`). A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([kubernetes/kubernetes#113218](https://togithub.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://togithub.com/ahmedtd)) \[SIG API Machinery, Auth and Testing] - Added authorization check support to the CEL expressions of ValidatingAdmissionPolicy via a `authorizer` variable with expressions. The new variable provides a builder that allows expressions such `authorizer.group('').resource('pods').check('create').allowed()`. ([kubernetes/kubernetes#116054](https://togithub.com/kubernetes/kubernetes/pull/116054), [@jpbetz](https://togithub.com/jpbetz)) \[SIG API Machinery and Testing] - Added matchConditions field to ValidatingAdmissionPolicy and enabled support for CEL based custom match criteria. ([kubernetes/kubernetes#116350](https://togithub.com/kubernetes/kubernetes/pull/116350), [@maxsmythe](https://togithub.com/maxsmythe)) - Added new option to the `InterPodAffinity` scheduler plugin to ignore existing pods`preferred inter-pod affinities if the incoming pod has no preferred inter-pod affinities. This option can be used as an optimization for higher scheduling throughput (at the cost of an occasional pod being scheduled non-optimally/violating existing pods preferred inter-pod affinities). To enable this scheduler option, set the`InterPodAffinity`scheduler plugin arg`ignorePreferredTermsOfExistingPods: true\` ([kubernetes/kubernetes#114393](https://togithub.com/kubernetes/kubernetes/pull/114393), [@danielvegamyhre](https://togithub.com/danielvegamyhre)) - Added the `MatchConditions` field to `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration` for the v1beta and v1 apis. The `AdmissionWebhookMatchConditions` featuregate is now in Alpha ([kubernetes/kubernetes#116261](https://togithub.com/kubernetes/kubernetes/pull/116261), [@ivelichkovich](https://togithub.com/ivelichkovich)) \[SIG API Machinery and Testing] - Added validation to ensure that if `service.kubernetes.io/topology-aware-hints` and `service.kubernetes.io/topology-mode` annotations are both set, they are set to the same value.Also Added deprecation warning if `service.kubernetes.io/topology-aware-hints` annotation is used. ([kubernetes/kubernetes#116612](https://togithub.com/kubernetes/kubernetes/pull/116612), [@robscott](https://togithub.com/robscott)) - Added warnings about workload resources (Pods, ReplicaSets, Deployments, Jobs, CronJobs, or ReplicationControllers) whose names are not valid DNS labels. ([kubernetes/kubernetes#114412](https://togithub.com/kubernetes/kubernetes/pull/114412), [@thockin](https://togithub.com/thockin)) - Adds feature gate `NodeLogQuery` which provides cluster administrators with a streaming view of logs using kubectl without them having to implement a client side reader or logging into the node. ([kubernetes/kubernetes#96120](https://togithub.com/kubernetes/kubernetes/pull/96120), [@LorbusChris](https://togithub.com/LorbusChris)) - Api: validation of a `PodSpec` now rejects invalid `ResourceClaim` and `ResourceClaimTemplate` names. For a pod, the name generated for the `ResourceClaim` when using a template also must be valid. ([kubernetes/kubernetes#116576](https://togithub.com/kubernetes/kubernetes/pull/116576), [@pohly](https://togithub.com/pohly)) - Bump default API QPS limits for Kubelet. ([kubernetes/kubernetes#116121](https://togithub.com/kubernetes/kubernetes/pull/116121), [@wojtek-t](https://togithub.com/wojtek-t)) - Enabled the `StatefulSetStartOrdinal` feature gate in beta ([kubernetes/kubernetes#115260](https://togithub.com/kubernetes/kubernetes/pull/115260), [@pwschuurman](https://togithub.com/pwschuurman)) - Enabled usage of `kube-proxy`, `kube-scheduler` and `kubelet` HTTP APIs for changing the logging verbosity at runtime for JSON output. ([kubernetes/kubernetes#114609](https://togithub.com/kubernetes/kubernetes/pull/114609), [@pohly](https://togithub.com/pohly)) - Encryption of API Server at rest configuration now allows the use of wildcards in the list of resources. For example, *.* can be used to encrypt all resources, including all current and future custom resources. ([kubernetes/kubernetes#115149](https://togithub.com/kubernetes/kubernetes/pull/115149), [@nilekhc](https://togithub.com/nilekhc)) - Extended the kubelet's PodResources API to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation`. Additionally, added a new `Get()` method to query a specific pod for its resources. ([kubernetes/kubernetes#115847](https://togithub.com/kubernetes/kubernetes/pull/115847), [@moshe010](https://togithub.com/moshe010)) \[SIG Node] - Forbid to set matchLabelKeys when labelSelector is not set in topologySpreadConstraints ([kubernetes/kubernetes#116535](https://togithub.com/kubernetes/kubernetes/pull/116535), [@denkensk](https://togithub.com/denkensk)) - GCE does not support LoadBalancer Services with ports with different protocols (TCP and UDP) ([kubernetes/kubernetes#115966](https://togithub.com/kubernetes/kubernetes/pull/115966), [@aojea](https://togithub.com/aojea)) \[SIG Apps and Cloud Provider] - GRPC probes are now a GA feature. `GRPCContainerProbe` feature gate was locked to default value and will be removed in v1.29. If you were setting this feature gate explicitly, please remove it now. ([kubernetes/kubernetes#116233](https://togithub.com/kubernetes/kubernetes/pull/116233), [@SergeyKanzhelev](https://togithub.com/SergeyKanzhelev)) - Graduated `Kubelet Topology Manager` to GA. ([kubernetes/kubernetes#116093](https://togithub.com/kubernetes/kubernetes/pull/116093), [@swatisehgal](https://togithub.com/swatisehgal)) - Graduated `KubeletTracing` to beta, which means that the feature gate is now enabled by default. ([kubernetes/kubernetes#115750](https://togithub.com/kubernetes/kubernetes/pull/115750), [@saschagrunert](https://togithub.com/saschagrunert)) - Graduated seccomp profile defaulting to GA. Set the kubelet `--seccomp-default` flag or `seccompDefault` kubelet configuration field to `true` to make pods on that node default to using the `RuntimeDefault` seccomp profile. Enabling seccomp for your workload can have a negative performance impact depending on the kernel and container runtime version in use. Guidance for identifying and mitigating those issues is outlined in the Kubernetes [seccomp tutorial](https://k8s.io/docs/tutorials/security/seccomp). ([kubernetes/kubernetes#115719](https://togithub.com/kubernetes/kubernetes/pull/115719), [@saschagrunert](https://togithub.com/saschagrunert)) \[SIG API Machinery, Node, Storage and Testing] - Graduated the container resource metrics feature on `HPA` to beta. ([kubernetes/kubernetes#116046](https://togithub.com/kubernetes/kubernetes/pull/116046), [@sanposhiho](https://togithub.com/sanposhiho)) - Implemented API streaming for the `watch-cache` When `sendInitialEvents` `ListOption` is set together with `watch=true`, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([kubernetes/kubernetes#110960](https://togithub.com/kubernetes/kubernetes/pull/110960), [@p0lyn0mial](https://togithub.com/p0lyn0mial)) - Introduced API for streaming. Added `SendInitialEvents` field to the `ListOptions`. When the new option is set together with `watch=true`, it begins the watch stream with synthetic init events followed by a synthetic "Bookmark" after which the server continues streaming events. ([kubernetes/kubernetes#115402](https://togithub.com/kubernetes/kubernetes/pull/115402), [@p0lyn0mial](https://togithub.com/p0lyn0mial)) - Introduced a breaking change to the `resource.k8s.io` API in its `AllocationResult` struct. This change allows a kubelet plugin for the `DynamicResourceAllocation` feature to service allocations from multiple resource driver controllers. ([kubernetes/kubernetes#116332](https://togithub.com/kubernetes/kubernetes/pull/116332), [@klueska](https://togithub.com/klueska)) - Introduces new alpha functionality to the reflector, allowing user to enable API streaming. To activate this feature, users can set the `ENABLE_CLIENT_GO_WATCH_LIST_ALPHA` environmental variable. It is important to note that the server must support streaming for this feature to function properly. If streaming is not supported by the server, the reflector will revert to the previous method of obtaining data through LIST/WATCH semantics. ([kubernetes/kubernetes#110772](https://togithub.com/kubernetes/kubernetes/pull/110772), [@p0lyn0mial](https://togithub.com/p0lyn0mial)) \[SIG API Machinery] - K8s.io/client-go/tools/record.EventBroadcaster: after Shutdown() is called, the broadcaster now gives up immediately after a failure to write an event to a sink. Previously it tried multiple times for 12 seconds in a goroutine. ([kubernetes/kubernetes#115514](https://togithub.com/kubernetes/kubernetes/pull/115514), [@pohly](https://togithub.com/pohly)) \[SIG API Machinery] - K8s.io/component-base/logs: usage of the pflag values in a normal Go flag set led to panics when printing the help message ([kubernetes/kubernetes#114680](https://togithub.com/kubernetes/kubernetes/pull/114680), [@pohly](https://togithub.com/pohly)) \[SIG Instrumentation] - Kubeadm: explicitly set `priority` for static pods with `priorityClassName: system-node-critical` ([kubernetes/kubernetes#114338](https://togithub.com/kubernetes/kubernetes/pull/114338), [@champtar](https://togithub.com/champtar)) \[SIG Cluster Lifecycle] - Kubelet: a "maxParallelImagePulls" field can now be specified in the kubelet configuration file to control how many image pulls the kubelet can perform in parallel. ([kubernetes/kubernetes#115220](https://togithub.com/kubernetes/kubernetes/pull/115220), [@ruiwen-zhao](https://togithub.com/ruiwen-zhao)) \[SIG API Machinery, Node and Scalability] - Kubelet: changed `MemoryThrottlingFactor` default value to `0.9` and formulas to calculate `memory.high` ([kubernetes/kubernetes#115371](https://togithub.com/kubernetes/kubernetes/pull/115371), [@pacoxu](https://togithub.com/pacoxu)) - Kubernetes components that perform leader election now only support using `Leases` for this. ([kubernetes/kubernetes#114055](https://togithub.com/kubernetes/kubernetes/pull/114055), [@aimuz](https://togithub.com/aimuz)) - Migrated the `DaemonSet` controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging) ([kubernetes/kubernetes#113622](https://togithub.com/kubernetes/kubernetes/pull/113622), [@249043822](https://togithub.com/249043822)) - New `service.kubernetes.io/topology-mode` annotation has been introduced as a replacement for the `service.kubernetes.io/topology-aware-hints` annotation. - `service.kubernetes.io/topology-aware-hints` annotation has been deprecated. - kube-proxy now accepts any value that is not "disabled" for these annotations, enabling custom implementation-specific and/or future built-in heuristics to be used. ([kubernetes/kubernetes#116522](https://togithub.com/kubernetes/kubernetes/pull/116522), [@robscott](https://togithub.com/robscott)) \[SIG Apps, Network and Testing] - Pods owned by a Job now uses the labels `batch.kubernetes.io/job-name` and `batch.kubernetes.io/controller-uid`. The legacy labels `job-name` and `controller-uid` are still added for compatibility. ([kubernetes/kubernetes#114930](https://togithub.com/kubernetes/kubernetes/pull/114930), [@kannon92](https://togithub.com/kannon92)) - Promoted `CronJobTimeZone` feature to GA ([kubernetes/kubernetes#115904](https://togithub.com/kubernetes/kubernetes/pull/115904), [@soltysh](https://togithub.com/soltysh)) - Promoted `SelfSubjectReview` to Beta ([kubernetes/kubernetes#116274](https://togithub.com/kubernetes/kubernetes/pull/116274), [@nabokihms](https://togithub.com/nabokihms)) \[SIG API Machinery, Auth, CLI and Testing] - Relaxed API validation to allow pod node selector to be mutable for gated pods (additions only, no deletions or mutations). ([kubernetes/kubernetes#116161](https://togithub.com/kubernetes/kubernetes/pull/116161), [@danielvegamyhre](https://togithub.com/danielvegamyhre)) - Remove `kubernetes.io/grpc` standard appProtocol ([kubernetes/kubernetes#116866](https://togithub.com/kubernetes/kubernetes/pull/116866), [@LiorLieberman](https://togithub.com/LiorLieberman)) \[SIG API Machinery and Apps] - Remove deprecated `--enable-taint-manager` and `--pod-eviction-timeout` CLI ([kubernetes/kubernetes#115840](https://togithub.com/kubernetes/kubernetes/pull/115840), [@atosatto](https://togithub.com/atosatto)) - Removed support for the `v1alpha1` kubeletplugin API of `DynamicResourceManagement`. All plugins must be updated to `v1alpha2` in order to function properly. ([kubernetes/kubernetes#116558](https://togithub.com/kubernetes/kubernetes/pull/116558), [@klueska](https://togithub.com/klueska)) - The API server now re-uses data encryption keys while the kms v2 plugin key ID is stable. Data encryption keys are still randomly generated on server start but an atomic counter is used to prevent nonce collisions. ([kubernetes/kubernetes#116155](https://togithub.com/kubernetes/kubernetes/pull/116155), [@enj](https://togithub.com/enj)) - The PodDisruptionBudget `spec.unhealthyPodEvictionPolicy` field has graduated to beta and is enabled by default. On servers with the feature enabled, this field may be set to `AlwaysAllow` to always allow unhealthy pods covered by the PodDisruptionBudget to be evicted. ([kubernetes/kubernetes#115363](https://togithub.com/kubernetes/kubernetes/pull/115363), [@ravisantoshgudimetla](https://togithub.com/ravisantoshgudimetla)) \[SIG Apps, Auth and Node] - The `DownwardAPIHugePages` kubelet feature graduated to stable / GA. ([kubernetes/kubernetes#115721](https://togithub.com/kubernetes/kubernetes/pull/115721), [@saschagrunert](https://togithub.com/saschagrunert)) \[SIG Apps and Node] - The following feature gates for volume expansion GA features have now been removed and must no longer be referenced in `--feature-gates` flags: `ExpandCSIVolumes`, `ExpandInUsePersistentVolumes`, `ExpandPersistentVolumes` ([kubernetes/kubernetes#113942](https://togithub.com/kubernetes/kubernetes/pull/113942), [@mengjiao-liu](https://togithub.com/mengjiao-liu)) - The list-type of the alpha `resourceClaims` field introduced to `Pods` in `1.26.0` was modified from `set` to `map`, resolving an incompatibility with use of this schema in `CustomResourceDefinitions` and with server-side apply. ([kubernetes/kubernetes#114585](https://togithub.com/kubernetes/kubernetes/pull/114585), [@JoelSpeed](https://togithub.com/JoelSpeed)) - Updated API reference for Requests, specifying they must not exceed limits ([kubernetes/kubernetes#115434](https://togithub.com/kubernetes/kubernetes/pull/115434), [@ehashman](https://togithub.com/ehashman)) - Updated `KMSv2` to beta ([kubernetes/kubernetes#115123](https://togithub.com/kubernetes/kubernetes/pull/115123), [@aramase](https://togithub.com/aramase)) - Updated: Redefine AppProtocol field description and add new standard values ([kubernetes/kubernetes#115433](https://togithub.com/kubernetes/kubernetes/pull/115433), [@LiorLieberman](https://togithub.com/LiorLieberman)) \[SIG API Machinery, Apps and Network] - `/metrics/slis` is now available for control plane components allowing you to scrape health check metrics. ([kubernetes/kubernetes#114997](https://togithub.com/kubernetes/kubernetes/pull/114997), [@Richabanker](https://togithub.com/Richabanker)) - `APIServerTracing` feature gate is now enabled by default. Tracing in the API Server is still disabled by default, and requires a config file to enable. ([kubernetes/kubernetes#116144](https://togithub.com/kubernetes/kubernetes/pull/116144), [@dashpole](https://togithub.com/dashpole)) - `NodeResourceFit` and `NodeResourcesBalancedAllocation` implement the `PreScore` extension point for a more performant calculation. ([kubernetes/kubernetes#115655](https://togithub.com/kubernetes/kubernetes/pull/115655), [@tangwz](https://togithub.com/tangwz)) - `PodSchedulingReadiness` is graduated to beta. ([kubernetes/kubernetes#115815](https://togithub.com/kubernetes/kubernetes/pull/115815), [@Huang-Wei](https://togithub.com/Huang-Wei)) - `PodSpec.Container.Resources` became mutable for CPU and memory resource types. - `PodSpec.Container.ResizePolicy` (new object) gives users control over how their containers are resized. - `PodStatus.Resize` status describes the state of a requested Pod resize. - `PodStatus.ResourcesAllocated` describes node resources allocated to Pod. - `PodStatus.Resources` describes node resources applied to running containers by CRI. - `UpdateContainerResources` CRI API now supports both Linux and Windows. ([kubernetes/kubernetes#102884](https://togithub.com/kubernetes/kubernetes/pull/102884), [@vinaykul](https://togithub.com/vinaykul)) - `SELinuxMountReadWriteOncePod` graduated to Beta. ([kubernetes/kubernetes#116425](https://togithub.com/kubernetes/kubernetes/pull/116425), [@jsafrane](https://togithub.com/jsafrane)) - `StatefulSetAutoDeletePVC` feature gate promoted to beta. ([kubernetes/kubernetes#116501](https://togithub.com/kubernetes/kubernetes/pull/116501), [@mattcary](https://togithub.com/mattcary)) - `StatefulSet` names must be DNS labels, rather than subdomains. Any `StatefulSet` which took advantage of subdomain validation (by having dots in the name) can't possibly have worked, because we eventually set `pod.spec.hostname` from the `StatefulSetName`, and that is validated as a DNS label. ([kubernetes/kubernetes#114172](https://togithub.com/kubernetes/kubernetes/pull/114172), [@thockin](https://togithub.com/thockin)) - `ValidatingAdmissionPolicy` now provides a status field that contains results of type checking the validation expression. The type checking is fully informational, and the behavior of the policy is unchanged. ([kubernetes/kubernetes#115668](https://togithub.com/kubernetes/kubernetes/pull/115668), [@jiahuif](https://togithub.com/jiahuif)) - `cacheSize` field in `EncryptionConfiguration` is not supported for KMSv2 provider ([kubernetes/kubernetes#113121](https://togithub.com/kubernetes/kubernetes/pull/113121), [@aramase](https://togithub.com/aramase)) - `k8s.io/component-base/logs` now also supports adding command line flags to a `flag.FlagSet`. ([kubernetes/kubernetes#114731](https://togithub.com/kubernetes/kubernetes/pull/114731), [@pohly](https://togithub.com/pohly)) - `kubelet`: migrated `--container-runtime-endpoint` and `--image-service-endpoint` to kubelet config ([kubernetes/kubernetes#112136](https://togithub.com/kubernetes/kubernetes/pull/112136), [@pacoxu](https://togithub.com/pacoxu)) - `resource.k8s.io/v1alpha1` was replaced with `resource.k8s.io/v1alpha2`. Before upgrading a cluster, all objects in resource.k8s.io/v1alpha1 (ResourceClaim, ResourceClaimTemplate, ResourceClass, PodScheduling) must be deleted. The changes are internal, so YAML files which create pods and resource claims don't need changes except for the newer `apiVersion`. ([kubernetes/kubernetes#116299](https://togithub.com/kubernetes/kubernetes/pull/116299), [@pohly](https://togithub.com/pohly)) - `volumes`: `resource.claims` is now cleared for PVC specs during create or update of a pod spec with inline PVC template or of a PVC because it has no effect. ([kubernetes/kubernetes#115928](https://togithub.com/kubernetes/kubernetes/pull/115928), [@pohly](https://togithub.com/pohly)) - Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`). A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([kubernetes/kubernetes#113218](https://togithub.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://togithub.com/ahmedtd)) \[SIG API Machinery, Auth and Testing] - Remove `kubernetes.io/grpc` standard appProtocol ([kubernetes/kubernetes#116866](https://togithub.com/kubernetes/kubernetes/pull/116866), [@LiorLieberman](https://togithub.com/LiorLieberman)) \[SIG API Machinery and Apps] - API: resource.k8s.io/v1alpha1.PodScheduling was renamed to resource.k8s.io/v1alpha2.PodSchedulingContext. ([kubernetes/kubernetes#116556](https://togithub.com/kubernetes/kubernetes/pull/116556), [@pohly](https://togithub.com/pohly)) \[SIG API Machinery, Apps, Auth, CLI, Node, Scheduling and Testing] - APIServerTracing feature gate is now enabled by default. Tracing in the API Server is still disabled by default, and requires a config file to enable. ([kubernetes/kubernetes#116144](https://togithub.com/kubernetes/kubernetes/pull/116144), [@dashpole](https://togithub.com/dashpole)) \[SIG API Machinery and Testing] - Added CEL runtime cost calculation into ValidatingAdmissionPolicy, matching the evaluation cost restrictions that already apply to CustomResourceDefinition. If rule evaluation uses more compute than the limit, the API server aborts the evaluation and the admission check that was being performed is aborted; the `failurePolicy` for the ValidatingAdmissionPolicy determines the outcome. ([kubernetes/kubernetes#115747](https://togithub.com/kubernetes/kubernetes/pull/115747), [@cici37](https://togithub.com/cici37)) \[SIG API Machinery] - Added `messageExpression` to `ValidatingAdmissionPolicy`, to set custom failure message via CEL expression. ([kubernetes/kubernetes#116397](https://togithub.com/kubernetes/kubernetes/pull/116397), [@jiahuif](https://togithub.com/jiahuif)) \[SIG API Machinery] - Added a new IPAddress object kind - Added a new ClusterIP allocator. The new allocator removes previous Service CIDR block size limitations for IPv4, and limits IPv6 size to a /64 ([kubernetes/kubernetes#115075](https://togithub.com/kubernetes/kubernetes/pull/115075), [@aojea](https://togithub.com/aojea)) \[SIG API Machinery, Apps, Auth, CLI, Cluster Lifecycle, Network and Testing] - Added a new alpha API: ClusterTrustBundle (`certificates.k8s.io/v1alpha1`). A ClusterTrustBundle may be used to distribute [X.509](https://www.itu.int/rec/T-REC-X.509) trust anchors to workloads within the cluster. ([kubernetes/kubernetes#113218](https://togithub.com/kubernetes/kubernetes/pull/113218), [@ahmedtd](https://togithub.com/ahmedtd)) \[SIG API Machinery, Auth and Testing] - Added authorization check support to the CEL expressions of ValidatingAdmissionPolicy via a `authorizer` variable with expressions. The new variable provides a builder that allows expressions such `authorizer.group('').resource('pods').check('create').allowed()`. ([kubernetes/kubernetes#116054](https://togithub.com/kubernetes/kubernetes/pull/116054), [@jpbetz](https://togithub.com/jpbetz)) \[SIG API Machinery and Testing] - Added matchConditions field to ValidatingAdmissionPolicy, enabled support for CEL based custom match criteria. ([kubernetes/kubernetes#116350](https://togithub.com/kubernetes/kubernetes/pull/116350), [@maxsmythe](https://togithub.com/maxsmythe)) \[SIG API Machinery and Testing] - Added messageExpression field to ValidationRule. ([#115969](https://togithub.com/kubernetes-client/python/issues/115969), [@DangerOnTheRanger](https://togithub.com/DangerOnTheRanger)) ([kubernetes/kubernetes#115969](https://togithub.com/kubernetes/kubernetes/pull/115969), [@DangerOnTheRanger](https://togithub.com/DangerOnTheRanger)) \[SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Instrumentation, Node and Testing] - Added the `MatchConditions` field to `ValidatingWebhookConfiguration` and `MutatingWebhookConfiguration` for the v1beta and v1 apis. The `AdmissionWebhookMatchConditions` featuregate is now in Alpha ([kubernetes/kubernetes#116261](https://togithub.com/kubernetes/kubernetes/pull/116261), [@ivelichkovich](https://togithub.com/ivelichkovich)) \[SIG API Machinery and Testing] - Added validation to ensure that if `service.kubernetes.io/topology-aware-hints` and `service.kubernetes.io/topology-mode` annotations are both set, they are set to the same value. - Added deprecation warning if `service.kubernetes.io/topology-aware-hints` annotation is used. ([kubernetes/kubernetes#116612](https://togithub.com/kubernetes/kubernetes/pull/116612), [@robscott](https://togithub.com/robscott)) \[SIG Apps, Network and Testing] - Adds auditAnnotations to ValidatingAdmissionPolicy, enabling CEL to be used to add audit annotations to request audit events. Adds validationActions to ValidatingAdmissionPolicyBinding, enabling validation failures to be handled by any combination of the warn, audit and deny enforcement actions. ([kubernetes/kubernetes#115973](https://togithub.com/kubernetes/kubernetes/pull/115973), [@jpbetz](https://togithub.com/jpbetz)) \[SIG API Machinery and Testing] - Adds feature gate `NodeLogQuery` which provConfiguration
📅 Schedule: Branch creation - "before 1pm on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.