Skip to content

v3.0.0-beta1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 22 Jun 15:54
· 1 commit to master since this release
v3.0.0-beta1
5c96185
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v3 rebuilds the provider on the Terraform plugin framework (plugin protocol 6.0) and reworks kubectl_manifest drift handling. This is a pre-release for testing and will not auto-upgrade existing users. To try it, pin the version explicitly:

terraform {
  required_version = ">= 1.0"
  required_providers {
    kubectl = {
      source  = "alekc/kubectl"
      version = "= 3.0.0-beta1"
    }
  }
}

Full migration steps are in the "Upgrading from v2 to v3" guide on the provider's registry docs page.

Breaking changes

  • Framework-only, protocol 6.0 (#306, #314, #318). The SDK v2 + mux server are gone; the provider serves plugin protocol 6.0 only, so it now requires Terraform 1.0+ (or a protocol-6 OpenTofu). Terraform 0.13-0.15 must stay on the v2.x line. The provider wire schema and defaults are unchanged.
  • kubectl_manifest drift overhaul (#337). yaml_incluster and live_manifest_incluster are removed and replaced by a readable drift attribute, plus show_drift_values and drift_engine. State upgraders migrate legacy fingerprints automatically.
  • kubectl_server_version triggers attribute changes type to map(string).
  • kubectl_filename_list rotates its id hash.

New

  • Discovery read reliability (#347, fixes #344). Each discovery request is now bounded and the discovery client is shared across resources, so a slow or unhealthy aggregated APIService no longer fails reads with "timed out fetching resources from discovery client". Tunable via KUBECTL_PROVIDER_DISCOVERY_TIMEOUT (seconds; default 30; 0 disables).
  • Ephemeral kubectl_manifest (Terraform 1.10+): read Secret payloads, freshly-minted tokens, and other sensitive objects without ever writing them to state. (Consuming the value through a write-only attribute needs Terraform 1.11+.)
  • wait_for on read paths (#340) for the data source and ephemeral resource.
  • apply_retry_count provider argument (and KUBECTL_PROVIDER_APPLY_RETRY_COUNT) with hardened, ctx-aware retry and backoff.
  • New data source kubectl_kustomize_documents, and restored terraform import for kubectl_manifest (#331).
  • fields now accepts bracket-quoted segments for dotted map keys (#339).

Fixes

  • Preserve prior state when Update fails (#320); robust wait helpers for closed and error watch channels (#321, #322); stop mutating the caller's Secret manifest (#323); discovery goroutine-leak guard (#304); reject force_conflicts without server_side_apply at plan time; handle null values in extractFields (#305).

Security

  • Redact sensitive YAML in DEBUG logs.

Internal

  • Plugin-framework acceptance suite, an 80% godoc-coverage gate, an OpenTofu test matrix, cross-provider and upgrade-path smoke jobs, and CVE-clearing dependency bumps.

Please file anything you hit against the v3 milestone. Thanks for testing the beta.

Assets 18
Loading