Features
Filter Kubernetes API Groups and Versions
You can filter the paths from the OpenAPI specification. This is useful when you want to use a specific version of the
api, or when you want to use a specific group of resources.
(def k8s (k8s/client "http://some.host" {:token "..."
:apis ["some.api/v1alpha1", "another.api"]}))Warning
[BREAKING] If you use this library to interact with CRDs, you need to explicit set the :apis. If you need both (CRDs and k8s resources), you can use kubernetes-api.core/default-apis to select k8s default apis too.
This might break some clients, but it's required to make our client more resilient. Right now, the addition of any openapi schema (which is done automatically when you install a CRD or Aggregated API) can break the client even if you're not interacting with it.
Authentication
Support for certificates and keys as base64-encoded strings
We have 3 new fields:
:certificate-authority-data - a base64 encoded string with the certificate
authority data
:client-certificate-data - a base64 encoded string with the client certificate
alternative to :client-cert
:client-key-data - a base64 encoded string with the client key alternative
to :client-key
These new fields can be used interchangeably with the existing fields :client-cert/:ca-cert/:client-key, meaning that you can mix and match file references and base64-encoded strings.
Self-Signed CA Certificate
Before this release, if you created a client with :token and :ca-cert, it would ignore the :ca-cert since we required the 3 components for a mTLS connection: CA certificate, client key and client cert.
Now you can set CA certificate independently, which means you can have secure connections over self-signed CAs, assuming you have a safe way of distributing such certificate.