What's Changed

• fix: add PersistentVolumeClaim definition to prepare upgrade job by @wansir in #6483

Full Changelog: v4.1.3...helm-chart-1.1.5

Installation & Upgrade

helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.4.tgz --debug --wait

Enhancements

• Refine the cascading deletion logic for workspace.
• Adjust the authorization rules for workspace roles.
• Optimized the display of pod list data.
• The platform-self-provisioner role will no longer allow specifying other user as administrator when creating a workspace.
• Allow users to link with multiple identity providers.
• Support manual triggering of a repository update.
• Redirect unexpected requests to the Access Denied page.
• Adjust the cluster role configuration in the Helm chart.

Bug Fixes

• Fix the potential privilege escalation vulnerability in web kubectl.
• Fix the issue where the app release cannot be upgraded.
• Fix the compatibility issue with the prerelease K8s version number.
• Fix the configuration issue with LDAP Identity Provider for LDAPS and STARTTLS.
• Fix the issue where images could not be searched from Docker Hub and Harbor.
• Fix the issue with handling special characters in the Application Version.
• Fix the issue of unable to create ingress when the gateway extension is not installed.

What's Changed

• [release-4.1] config/ks-core: fix the CronJob API version determination issue by @ks-ci-bot in #6229
• Update Chart.yaml by @wansir in #6230
• [release-4.1] disable extensions-museum in member cluster by @ks-ci-bot in #6239
• [release-4.1] refactor: workspace cascading deletion logic by @ks-ci-bot in #6251
• [release-4.1] correct and clarify potentially misleading terms in the license file by @ks-ci-bot in #6252
• [release-4.1] fix failing unit tests by @ks-ci-bot in #6256
• [release-4.1] fix: there is a serious privilege escalation vulnerability in the kubectl terminal tool by @ks-ci-bot in #6254
• [release-4.1] fix regression bug by @ks-ci-bot in #6270
• [release-4.1] fix: resolve the apprelease upgrade issue by @ks-ci-bot in #6278
• [release-4.1] fix: make the prerelease version compatible by @ks-ci-bot in #6301
• [release-4.1] adjust the authorization rules for workspace roles by @ks-ci-bot in #6331
• [release-4.1] Fix OIDC logout redirect uri by @ks-ci-bot in #6351
• fix cve with upgrade telemetry 1.0.2 and go 1.22.11 by @smartcat999 in #6367
• [release-4.1] fix: pod list with owner filter logic by @ks-ci-bot in #6371
• feat: add category for deepseek by @ks-ci-bot in #6383
• fix: support LDAPS && STARTTLS by @ks-ci-bot in #6386
• fix: During the creation of a workspace, it will be determined whethe… by @ks-ci-bot in #6387
• feat(auth): support multiple identity provider associations by @ks-ci-bot in #6381
• [release-4.1] fix ldaps protocol by @ks-ci-bot in #6388
• feature: reduce telemetry dependence by @smartcat999 in #6390
• feat: platform config API by @smartcat999 in #6391
• fix: replace user displayname with annotation by @ks-ci-bot in #6396
• fix: incorrect redis config by @ks-ci-bot in #6405
• update ks-core helm chart (#6401) by @smartcat999 in #6407
• [release-4.1] Improve the readability of some codes by @ks-ci-bot in #6410
• Refactor FormatVersion function to handle invalid characters by @ks-ci-bot in #6411
• [release-4.1] Fix conflict and cherry-pick (cherry-pick from #0e8c6d5) by @ks-ci-bot in #6413
• Support manual triggering of a repository update. by @ks-ci-bot in #6414
• [release-4.1] fix: update license-eye version to v0.6.0 by @ks-ci-bot in #6415
• Merge master into branch release-4.1 by @wansir in #6417
• fix: helm template error by @smartcat999 in #6419
• [release-4.1] Update util.go by @ks-ci-bot in #6424
• fix: regression bugs by @ks-ci-bot in #6433
• deps: update go-jose to v4.0.5 (#6435) by @wansir in #6438
• chore: simplify telemetry config by @wansir in #6441
• feat: add imagesearch provider by @wansir in #6447
• update pod status.Phase by @wansir in #6448
• Update branch to latest state by @wansir in #6451
• deps: update dependencies by @ks-ci-bot in #6454
• chore: remove deprecated CronJob for restarting extensions museum by @ks-ci-bot in #6458
• Release 4.1.3-rc.0 by @wansir in #6456
• Release v4.1.3 by @wansir in #6459

Full Changelog: v4.1.2...v4.1.3

What's Changed

• [release-4.1] config/ks-core: fix the CronJob API version determination issue by @ks-ci-bot in #6229
• Update Chart.yaml by @wansir in #6230
• [release-4.1] disable extensions-museum in member cluster by @ks-ci-bot in #6239
• [release-4.1] refactor: workspace cascading deletion logic by @ks-ci-bot in #6251
• [release-4.1] correct and clarify potentially misleading terms in the license file by @ks-ci-bot in #6252
• [release-4.1] fix failing unit tests by @ks-ci-bot in #6256
• [release-4.1] fix: there is a serious privilege escalation vulnerability in the kubectl terminal tool by @ks-ci-bot in #6254
• [release-4.1] fix regression bug by @ks-ci-bot in #6270
• [release-4.1] fix: resolve the apprelease upgrade issue by @ks-ci-bot in #6278
• [release-4.1] fix: make the prerelease version compatible by @ks-ci-bot in #6301
• [release-4.1] adjust the authorization rules for workspace roles by @ks-ci-bot in #6331
• [release-4.1] Fix OIDC logout redirect uri by @ks-ci-bot in #6351
• fix cve with upgrade telemetry 1.0.2 and go 1.22.11 by @smartcat999 in #6367
• [release-4.1] fix: pod list with owner filter logic by @ks-ci-bot in #6371
• feat: add category for deepseek by @ks-ci-bot in #6383
• fix: support LDAPS && STARTTLS by @ks-ci-bot in #6386
• fix: During the creation of a workspace, it will be determined whethe… by @ks-ci-bot in #6387
• feat(auth): support multiple identity provider associations by @ks-ci-bot in #6381
• [release-4.1] fix ldaps protocol by @ks-ci-bot in #6388
• feature: reduce telemetry dependence by @smartcat999 in #6390
• feat: platform config API by @smartcat999 in #6391
• fix: replace user displayname with annotation by @ks-ci-bot in #6396
• fix: incorrect redis config by @ks-ci-bot in #6405
• update ks-core helm chart (#6401) by @smartcat999 in #6407
• [release-4.1] Improve the readability of some codes by @ks-ci-bot in #6410
• Refactor FormatVersion function to handle invalid characters by @ks-ci-bot in #6411
• [release-4.1] Fix conflict and cherry-pick (cherry-pick from #0e8c6d5) by @ks-ci-bot in #6413
• Support manual triggering of a repository update. by @ks-ci-bot in #6414
• [release-4.1] fix: update license-eye version to v0.6.0 by @ks-ci-bot in #6415
• Merge master into branch release-4.1 by @wansir in #6417
• fix: helm template error by @smartcat999 in #6419
• [release-4.1] Update util.go by @ks-ci-bot in #6424
• fix: regression bugs by @ks-ci-bot in #6433
• deps: update go-jose to v4.0.5 (#6435) by @wansir in #6438
• chore: simplify telemetry config by @wansir in #6441
• feat: add imagesearch provider by @wansir in #6447
• update pod status.Phase by @wansir in #6448
• Update branch to latest state by @wansir in #6451
• deps: update dependencies by @ks-ci-bot in #6454
• chore: remove deprecated CronJob for restarting extensions museum by @ks-ci-bot in #6458
• Release 4.1.3-rc.0 by @wansir in #6456

Full Changelog: v4.1.2...v4.1.3-rc.0

Installation & Upgrade

helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz --debug --wait

Bug Fixes

• Fix the CronJob API version determination issue.

What's Changed

• Update build-multiarch.yaml by @wansir in #6213
• [release-4.1] config/ks-core: fix the CronJob API version determination issue by @ks-ci-bot in #6229
• Update Chart.yaml by @wansir in #6230

Full Changelog: helm-chart-1.1.2...helm-chart-1.1.3

Installation & Upgrade

helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.2.tgz --debug --wait

New Features

• Support oci-based helm chart repository.

Enhancements

• Add the default extension repository.

Bug Fixes

• Fix the blank page issue of some extensions.
• Fix the issue of resource residue when uninstalling ks-core.
• Fixing installation issuesin Kubernetes 1.19 environment.

What's Changed

• [release-4.1] fix typo (#1965) by @ks-ci-bot in #6173
• [release-4.1] Update telemetry config by @ks-ci-bot in #6172
• [release-4.1] feat: add extension-museum in helm by @ks-ci-bot in #6174
• [release-4.1] Use responsewriter.UserProvidedDecorator instead of auto flush response by @ks-ci-bot in #6175
• [release-4.1] fix: cronjob.batch/v1 is invalid in k8s v1.19 by @ks-ci-bot in #6188
• [release-4.1] fix: graceful delete ks-core by @ks-ci-bot in #6189
• [release-4.1] fix: add tls when get repository index. by @ks-ci-bot in #6198
• [release-4.1] fix: add annotation checksum/cert to extensions-museum pod by @ks-ci-bot in #6202
• [release-4.1] feat: Adapt to oci-based helmchart repo by @ks-ci-bot in #6203
• [release-4.1] adjust the log level of unexpected exceptions by @ks-ci-bot in #6208
• [release-4.1] fix: remove the incorrect RBAC rule merging logic by @ks-ci-bot in #6210
• Release v4.1.2 by @wansir in #6212
• Update build-multiarch.yaml by @wansir in #6213

Full Changelog: v4.1.1...v4.1.2

Bug Fixes

Fix the issue of resource residue when uninstalling ks-core.
Fixing installation issuesin Kubernetes 1.19 environment.

New Features

• Reconstructed KubeSphere LuBan based on a new microkernel architecture
• Built-in KubeSphere extension marketplace
• Supports unified management of extension components through the extension center
• Supports UI and API extensions
• One-click import of member clusters using kubeconfig
• Supports KubeSphere service accounts
• Supports dynamic expansion of Resource API
• Allows adding clusters, enterprise spaces, and projects to quick access
• Supports file uploads and downloads through the container terminal
• Compatible with native cloud gateways from different vendors (Kubernetes Ingress API)
• Supports API rate limiting
• Supports creating persistent volumes on the page

Enhancements

• When creating an enterprise space, support selecting all clusters
• Optimized web kubectl, supports dynamic recycling of pods and fuzzy search when switching clusters
• Optimized node management list, changed default sorting to ascending
• Only allow trusted OAuth clients to validate user identities directly using username and password
• Streamlined Agent components deployed in member clusters
• Split some configurations in KubeSphere Config into independent configuration items
• Adjusted container image search to sort by reverse chronological order
• Supports editing user aliases
• Added display of scheduling status in the cluster list
• Configuration dictionary detail page supports displaying binaryData
• Reconstructed the management page of the workspace
• Removed unnecessary extension components
• Supports quick deployment and uninstallation via helm
• Simplified the deployment of agents in member clusters
• Supports disabling control plane node terminals
• Supports proactive triggering of cluster resource synchronization
• Optimized user experience on the workload page under clusters
• Optimized user experience on the application list page
• Optimized user experience on the persistent volume claims and storage class list pages
• Improved display of excessively long resource names
• Supports global enabling of fieldValidation
• The list page of cluster nodes supports horizontal scrolling

Bug Fixes

• Fixed issue where the node terminal always displayed "connecting"
• Fixed potential unauthorized access to enterprise space resources
• Fixed potential unauthorized access to enterprise space cluster authorization API
• Fixed session abnormal logout issue due to misconfiguration
• Fixed issue with pulling images from a specified repository when adding image service information
• Fixed loss of ownerReferences when editing secret dictionaries
• Fixed white screen and page redirection errors on first login
• Fixed scrolling issue with selection boxes in Windows environment
• Fixed issue where cluster-admin could not find cluster management entry
• Fixed issue where closing pod in kubectl container terminal did not stop it
• Fixed issue where cluster selection was not available when downloading kubeconfig
• Fixed issue of truncated resource names in some lists
• Fixed missing translations in some pages
• Fixed blank display issue on container detail page
• Fixed default skipping of certificate validation when creating image service address with https
• Fixed inability to edit project roles for service accounts in member clusters
• Fixed inability to edit and set configurations without key-value pairs
• Fixed issues with editing and deleting key-value data in configuration dictionaries of member clusters
• Fixed style issue with pop-up when removing unready clusters on the cluster management page
• Fixed display issue of progress bar when removing clusters on the cluster management page
• Fixed issue where previously selected clusters lost their selected state after searching for clusters in the "Add Tags to Cluster" pop-up
• Fixed pagination issue for container groups on workload detail page
• Fixed HTML comment display issue in update logs on extension component detail page
• Fixed incomplete display of floating elements on list pages in certain cases
• Fixed abnormal display of error messages in the upper right corner
• Fixed style issues in the "Create Enterprise Space" pop-up
• Fixed issue with searching for Harbor (versions 2.8.0 and above) images
• Fixed slow loading of console under https
• Default creator for cluster creation is set to cluster administrator
• Fixed abnormal issue when deleting node label data
• Fixed issue where the page did not update in real time when adding member clusters
• Added prompt information for container uploads
• Fixed issue where clusters were not filtered based on user permissions when selecting a cluster
• Fixed potential privilege escalation and unauthorized risks in helm application deployment
• Fixed hang issue when uploading files while creating application templates
• Fixed issue where applications created in one project were visible in others
• Fixed synchronization issue with Bitnami source in application repository
• Fixed no data issue in application templates
• Fixed white screen issue for unauthorized users deploying applications from the app store
• Fixed incorrect type display for secret dictionaries
• Fixed display issue in the enterprise space list
• Fixed status error in persistent volume list
• Fixed failure in creating PVC based on snapshot
• Removed unnecessary prompt during persistent volume expansion
• Fixed incorrect display of type drop-down when creating secret dictionaries
• Fixed data filling errors when creating secret dictionaries of "Image Service Information" type
• Fixed inability to retrieve all projects in the workload list
• Fixed abnormal display of prompt information for container groups in workloads
• Fixed display of outdated versions in customized resource definition pages
• Fixed display issues when searching for clusters in the cluster list
• Fixed issue where web kubectl terminal could not be used in EKS environment

API Updates

APIs Removed

In version 4.1, the following APIs will no longer be available:

Multi-cluster

/API_PREFIX/clusters/{cluster}/API_GROUP/API_VERSION/... multi-cluster proxy request API has been removed. Please use the new multi-cluster proxy request path rule: /clusters/{cluster}/API_PREFIX/API_GROUP/API_VERSION/....

Access Control

• The iam.kubesphere.io/v1alpha2 API version has been removed. Please use iam.kubesphere.io/v1beta1 API version instead.

• Significant changes in iam.kubesphere.io/v1beta1:
  The API Group for Role, RoleBinding, ClusterRole, and ClusterRoleBinding resources has changed from rbac.authorization.k8s.io to iam.kubesphere.io.

Multi-Tenancy

• The tenant.kubesphere.io/v1alpha1 and tenant.kubesphere.io/v1alpha2 API versions have had some APIs removed. Please use tenant.kubesphere.io/v1beta1 API version instead.

• Significant changes in tenant.kubesphere.io/v1beta1:
  spec.networkIsolation has been removed from Workspace.

kubectl

• The /resources.kubesphere.io/v1alpha2/users/{user}/kubectl interface has been removed; terminal-related operations no longer require this interface.
• The user web kubectl terminal API path has been changed from /kapis/terminal.kubesphere.io/v1alpha2/namespaces/{namespace}/pods/{pod}/exec to /kapis/terminal.kubesphere.io/v1alpha2/users/{user}/kubectl.

Gateway

The gateway.kubesphere.io/v1alpha1 API version has been removed.

• The API for querying gateways related to Ingress has been adjusted to /kapis/gateway.kubesphere.io/v1alpha2/namespaces/{namespace}/availableingressclassscopes.

APIs Deprecated

The following APIs are marked as deprecated and will be removed in future versions:

• Cluster validation API
• Config configz API
• OAuth token review API
• Operations job rerun API
• Resources v1alpha2 API
• Resources v1alpha3 API
• Tenant v1alpha3 API
• Legacy version API

Known Issues

• Currently, upgrading from version 3.x to 4.x is not supported; this will be enabled in future versions.
• The following features are temporarily unavailable and will be provided as extension components later:
  • Monitoring
  • Alerts
  • Notifications
  • Istio
  • DevOps
  • Project gateways and cluster gateways
  • Volume snapshots
  • Network isolation
  • OpenPitrix for application management
• The following features are temporarily unavailable and will be supported in future versions:
  • Department management functionality for enterprise spaces

Others

• Removed all language options except English and Simplified Chinese by default
• Removed content related to system components

What's Changed

• update README.md by @wansir in #5885
• Validate clusterRole when adding a cluster by @iawia002 in #5878
• update 3.4 changelog by @zhuxiujuan28 in #5894
• change v3.4.0 release note url by @win5923 in #5895
• update go-restful/v3 to v3.11.0 by @inksnw in #5907
• Update base image version to alpine 3.18.3 by @zhou1203 in #5909
• Add more devops supported k8s version by @chilianyi in #5908
• Feat: Support search pods by pod ip by @zhou1203 in #5921
• update storageclass-accessor webhook by @stoneshi-yunify in #5927
• Fixed an issue where categories were not updated in the App Store aft… by @king-119 in #5925
• chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 by @hongzhouzi in #5940
• utils/clusterclient: fix the deadlock issu...

What’s Changed

• fix: when helm application modify, but UpdateTime not update (#5948) @king-119
• Fixed an issue where categories were not updated in the App Store aft… (#5925) @king-119
• Feat: Support search pods by pod ip (#5921) @zhou1203
• Add more devops supported k8s version (#5908) @chilianyi
• update 3.4 changelog (#5894) @zhuxiujuan28

🚀 Features

• Images tag (#5957) @zhou1203
• update storageclass-accessor webhook (#5927) @stoneshi-yunify
• Update base image version to alpine 3.18.3 (#5909) @zhou1203

🐛 Bug Fixes

• fix: gateway address is not displayed (#5950) @hongzhouzi
• utils/clusterclient: fix the deadlock issue when getting the cluster client (#5941) @iawia002
• chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 (#5940) @hongzhouzi
• update storageclass-accessor webhook (#5927) @stoneshi-yunify
• update go-restful/v3 to v3.11.0 (#5907) @inksnw
• Validate clusterRole when adding a cluster (#5878) @iawia002

📝 Documentation updates

• change v3.4.0 release note url (#5895) @win5923
• update README.md (#5885) @wansir

👻 Maintenance

• chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0 (#5940) @hongzhouzi