chore(deps): update terraform kubernetes to v2.34.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
kubernetes (source)	required_provider	minor	2.15.0 -> 2.34.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

hashicorp/terraform-provider-kubernetes (kubernetes)

v2.34.0

Compare Source

ENHANCEMENTS:

• Added conditions attribute to kubernetes_nodes data source, which will provide detailed node health and status information [GH-2612]
• Adding the kubernetes_secret_v1_data resource to the kubernetes provider. This resource will allow users to manage kubernetes secrets [GH-2604]
• Properly handle Kubernetes Jobs with ttl_seconds_after_finished = 0 to prevent unnecessary recreation. [GH-2596]

FEATURES:

• New ephemeral resource: kubernetes_certificate_signing_request_v1 [GH-2628]
• New ephemeral resource: kubernetes_token_request_v1 [GH-2628]

v2.33.0

Compare Source

ENHANCEMENTS:

• Add backoff_per_limit_index and max_failed_indexes fields in structure_job.go [GH-2421]
• Added support for namespace_selector field in PodAffinityTerm to enhance pod affinity and anti-affinity rules, allowing selection of namespaces based on label selectors. [GH-2577]
• kubernetes_manifest - handling "404 Not Found" errors during the deletion of Kubernetes resources, particularly in cases where the resource may have already been deleted by an operator managing the CRD before Terraform attempts to delete it. [GH-2592]
• schema_container.go: Add VolumeDevices [GH-2573]

v2.32.0

Compare Source

FEATURES:

• New data source: kubernetes_server_version [GH-2306]

ENHANCEMENTS:

• resource/kubernetes_certificate_signing_request_v1: Add argument spec.expiration_seconds [GH-2559]
• resource/kubernetes_persistent_volume_v1: support ReadWriteOncePod access mode for PVs [GH-2488]

v2.31.0

Compare Source

ENHANCEMENTS:

• Add support for Terraform's experimental deferred actions [GH-2510]

v2.30.0

Compare Source

BUG FIXES:

• data_source/kubernetes_resources: fix an issue where the provider exit with an error when the data source kubernetes_resources receives multiple Kubernetes objects containing tuples with different numbers of elements. [GH-2372]
• kubernetes_manifest: fix issue preventing KUBE_PROXY_URL environment variable from being used in client configuration (#​1733) [GH-2485]
• resource/kubernetes_node_taint: Fix the error check for nonexistant nodes so that terraform does not fail if there is a taint in the state file for a node that has been deleted. [GH-2402]

DOCS:

• Migrate legacy structure to new tfplugindocs template structure [GH-2470]

v2.29.0

Compare Source

BUG FIXES:

• data-sources: revert a recently introduced deviation on datasources where querying a non-existent resource would cause an error (#​2434). [GH-2464]

v2.28.1

Compare Source

HOTFIX:

• manifest_decode(): fix handling of manifests containing null values [GH-2461]

v2.28.0

Compare Source

ENHANCEMENTS:

NOTE: Using Provider Defined Functions requires Terraform version 1.8.0.

• Add provider defined functions: manifest_encode, manifest_decode, manifest_decode_multi [GH-2428]

v2.27.0

Compare Source

ENHANCEMENTS:

• resource/kubernetes_pod_v1: add missing topology_spread_constraints: node_affinity_policy, node_taints_policy, match_label_keys, min_domains [GH-2429]

v2.26.0

Compare Source

ENHANCEMENTS:

• kubernetes/kubernetes_deployment_v1: Add support for HugePages in emptyDir.medium [GH-2395]
• resource/kubernetes_job_v1: add new attribute spec.pod_failure_policy to job spec [GH-2394]

NOTES:

• Bump Kubernetes dependencies from x.27.8 to x.28.6. [GH-2404]

v2.25.2

Compare Source

BUG FIXES:

• resource/kubernetes_cron_job_v1: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_cron_job: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_daemon_set_v1: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_daemonset: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_stateful_set_v1: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_stateful_set: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]

NOTES:

• Resources kubernetes_cron_job_v1 and kubernetes_cron_job got a new attribute spec.job_template.metadata.namespace. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387]
• Resources kubernetes_stateful_set_v1, kubernetes_stateful_set, kubernetes_daemon_set_v1, and kubernetes_daemonset got a new attribute spec.template.metadata.namespace. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387]

v2.25.1

Compare Source

HOTFIX:

• kubernetes_manifest: Implement response for GetMetadata protocol function [GH-2384]

v2.25.0

Compare Source

ENHANCEMENTS:

• Add terraform-plugin-framework provider [GH-2347]
• data_source/kubernetes_persistent_volume_claim_v1: add a new attribute spec.volume_mode. [GH-2353]
• data_source/kubernetes_persistent_volume_claim: add a new attribute spec.volume_mode. [GH-2353]
• kubernetes/schema_stateful_set_spec.go: Add spec.persistentVolumeClaimRetentionPolicy in kubernetes_stateful_set [GH-2333]
• resource/kubernetes_persistent_volume_claim_v1: add a new attribute spec.volume_mode. [GH-2353]
• resource/kubernetes_persistent_volume_claim: add a new attribute spec.volume_mode. [GH-2353]
• resource/kubernetes_stateful_set_v1: add a new attribute spec.volume_claim_template.spec.volume_mode. [GH-2353]
• resource/kubernetes_stateful_set: add a new attribute spec.volume_claim_template.spec.volume_mode. [GH-2353]

BUG FIXES:

• resource/kubernetes_cron_job_v1: Change the schema to include a namespace in jobTemplate
resource/kubernetes_stateful_set_v1: Change the schema to include a namespace in template [GH-2362]
• resource/kubernetes_ingress_v1: Fix an issue where the empty tls attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]
• resource/kubernetes_ingress: Fix an issue where the empty tls attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]

NOTES:

• We have updated the logic of data sources and now the provider will return all annotations and labels attached to the object, regardless of the ignore_annotations and ignore_labels provider settings. In addition to that, a list of ignored labels when they are attached to kubernetes_job(_v1) and kubernetes_cron_job(_v1) resources were extended with labels batch.kubernetes.io/controller-uid and batch.kubernetes.io/job-name since they aim to replace controller-uid and job-name in the future Kubernetes releases. [GH-2345]

A special and warm welcome to the first contribution from our teammate @​SarahFrench! 🚀

v2.24.0

Compare Source

ENHANCEMENTS:

kubernetes/schema_affinity_spec.go: Add match_fields to nodeAffinity [GH-2296]
kubernetes/schema_pod_spec.go: Add os to podSpecFields [GH-2290]
resource/kubernetes_config_map_v1_data: improve error handling while validating the existence of the target ConfigMap. [GH-2230]

BUG FIXES:

• resource/kubernetes_labels: Add ["f:metadata"] check in kubernetes_labels to prevent crash with kubernetes_node_taints [GH-2246]

DOCS:

• Add example module for configuring OIDC authentication on EKS [GH-2287]
• Add example module for configuring OIDC authentication on GKE [GH-2319]

NOTES:

• Bump Go version from 1.20 to 1.21. [GH-2337]
• Bump Kubernetes dependencies from x.25.11 to x.27.8.

v2.23.0

Compare Source

FEATURES:

• resource/kubernetes_cron_job_v1: add a new volume type ephemeral to spec.job_template.spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_cron_job: add a new volume type ephemeral to spec.job_template.spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_daemon_set_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_daemonset: add a new volume type ephemeral to spec.template.spec..volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_deployment_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_deployment: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_job_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_job: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_pod_v1: add a new volume type ephemeral to spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_pod: add a new volume type ephemeral to spec.volume to support generic ephemeral volumes. [GH-2199]

ENHANCEMENTS:

• resource/kubernetes_endpoint_slice_v1: make attribute endpoint.condition optional. If you had previously included an empty block condition {} in your configuration, we request you to remove it. Doing so will prevent receiving continuous "update in-place" messages while performing the plan and apply operations. [GH-2208]
• resource/kubernetes_pod_v1: add a new attribute target_state to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]
• resource/kubernetes_pod: add a new attribute target_state to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]

BUG FIXES:

• resource/kubernetes_manifest: update flow in wait block to fix timeout bug within tf apply where the resource is created and appears in Kubernetes but does not appear in TF state file after deadline. The fix would ensure that the resource has been created in the state file while also tainting the resource requiring the user to make the necessary changes in order for their to not be another timeout error. [GH-2163]

DOCS:

• Fix external broken links in the documentation. [GH-2221]

v2.22.0

Compare Source

FEATURES:

• kubernetes/data_source_kubernetes_persistent_volume.go: Add data source for Kubernetes Persistent Volume Resource [GH-2118]
• kubernetes/resource_kubernetes_namespace.go: Add attribute wait_for_default_service_account to namespaces which will force Terraform to wait until the default service account has been created by Kubernetes on namespace creation. [GH-2119]
• kubernetes/resource_kubernetes_endpointslice.go: Add kubernetes_endpoint_slice resource [GH-2086]

ENHANCEMENTS:

• kubernetes/provider.go: Add tls_server_name kubernetes provider options. [GH-1638]

BUG FIXES:

• resource/kubernetes_manifest: fix an issue in the kubernetes_manifest resource when it panics if tuple attributes within an object have a different number of elements. This leads to the situation when all types of end tuples are getting the same type. [GH-2164]
• resource/kubernetes_manifest: fix an issue with the kubernetes_manifest resource, where an object fails to update correctly when employing wait conditions and thus some attributes are not available for the reference after creation. [GH-2173]

v2.21.1

Compare Source

HOTFIX:

• Revert add "conflictsWith" to provider block schema. [GH-2131]

v2.21.0

Compare Source

FEATURES:

• resource/kubernetes_runtime_class_v1: Add a new resource kubernetes_runtime_class_v1. [GH-2080]

ENHANCEMENTS:

• kubernetes/provider.go: add conflictsWith rules to provider configuration schema [GH-2084]
• kubernetes/resource_kubernetes_service_account.go: Remove default_secret_name warning [GH-2085]
• resource/kubernetes_node_taint Update import documentation GH-2094

BUG FIXES:

• resource/kubernetes_node_taint: Don't fail when there is a taint in the state file for a node that no longer exists. [GH-2099]
• resource/kubernetes_job: Fixed a bug where setting backoff_limit to 6 would reset it to 0

v2.20.0

Compare Source

ENHANCEMENTS:

kubernetes/resource_kubernetes_env.go: add support for initContainers [GH-2067]
kubernetes/resource_kubernetes_node_taint.go: Remove MaxItems from taint attribute [GH-2046]

BUG FIXES:

• Fix diff after import when importing resources containing volume_mount [GH-2061]
• resource/kubernetes_node_taint: Fix an issue when updating taint does not update the ID in the state file. [GH-2077]

v2.19.0

Compare Source

FEATURES:

New Resource: kubernetes_token_request_v1. [GH-2024]

BUG FIXES:

• data_source/kubernetes_secret_v1: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]
• data_source/kubernetes_secret: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]
• kubernetes/schema_pod_spec.go: Fix unexpected volumes appearing on plan [GH-2006]
• resource/kubernetes_cron_job_v1: Fix annotation logic to prevent internalkeys from being removed in templates [GH-1983]
• resource/kubernetes_manifest: Fix a panic when constructing the diagnostic message about incompatible attribute types [GH-2054]
• resource/kubernetes_manifest: Fix crash when manifest config contains unknown values of unknown type (DynamicPseudoType) [GH-2055]

v2.18.1

Compare Source

HOTFIX:

• kubernetes_manifest: fix crash when waiting on conditions that are not yet present [GH-2008]

v2.18.0

Compare Source

FEATURES:

• New data source: data_source/kubernetes_nodes. [GH-1921]
• New data source: data_source/kubernetes_resources. [GH-1967]
• New resource: resource/kubernetes_node_taint. [GH-1921]

ENHANCEMENT:

• resource/kubernetes_annotations: Add a new attribute template_annotations that allows adding annotations to resources with pod templates. [GH-1972]
• resource/kubernetes_cron_job_v1: Add a new attribute spec.timezone. [GH-1971]

BUG FIXES:

• resource/kubernetes_mutating_webhook_configuration: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_network_policy_v1: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_network_policy: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_persistent_volume_claim_v1: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_persistent_volume_claim: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_storage_class_v1: Fix an issue when changing the value of the attribute allow_volume_expansion does not alter Kubernetes resource. [GH-1519]
• resource/kubernetes_storage_class: Fix an issue when changing the value of the attribute allow_volume_expansion does not alter Kubernetes resource. [GH-1519]

DOCS:

• New data source: data_source/kubernetes_nodes. [GH-1921]
• New data source: data_source/kubernetes_resources. [GH-1967]
• New resource: resource/kubernetes_node_taint. [GH-1921]
• provider: Add a note regarding the KUBECONFIG environment variable. [GH-1989]
• resource/kubernetes_annotations: Add a new attribute template_annotations. [GH-1972]
• resource/kubernetes_job_v1: Add documentation for the attribute spec.completion_mode. [GH-1997]
• resource/kubernetes_job: Add documentation for the attribute spec.completion_mode. [GH-1997]
• resource/resource_kubernetes_cron_job_v1: Add a new attribute spec.timezone. [GH-1971]

v2.17.0

Compare Source

ENHANCEMENT:

• Add a new optional attribute grpc to pod.spec.container.liveness_probe, pod.spec.container.readiness_probe, and pod.spec.container.startup_probe. That affects all resources and data sources that use mentioned pod.spec.container probes directly or as a template. [GH-1915]
• resource/kubernetes_cluster_role_binding_v1: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_cluster_role_binding: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_cluster_role_v1: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_cluster_role: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_ingress_v1: add create and delete timeouts [GH-1936]
• resource/kubernetes_ingress_v1: make the attribute spec.ingress_class_name computed [GH-1947]
• resource/kubernetes_persistent_volume_v1: add additional validation on the delete operation to make it idempotent [GH-1935]
• resource/kubernetes_persistent_volume: add additional validation on the delete operation to make it idempotent [GH-1935]
• resource/kubernetes_role_binding_v1: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_role_binding: add attribute generate_name to produce a unique random name [GH-1899]

v2.16.1

Compare Source

ENHANCEMENTS:

• Add additional validation on the delete operation to make it idempotent. [GH-1914], [GH-1919], [GH-1898]

This affects the following resources:

• kubernetes_api_service
• kubernetes_api_service_v1
• kubernetes_cluster_role
• kubernetes_cluster_role_v1
• kubernetes_cluster_role_binding
• kubernetes_cluster_role_binding_v1
• kubernetes_config_map
• kubernetes_config_map_v1
• kubernetes_daemonset
• kubernetes_daemon_set_v1
• kubernetes_deployment
• kubernetes_deployment_v1
• kubernetes_endpoints
• kubernetes_endpoints_v1
• kubernetes_horizontal_pod_autoscaler
• kubernetes_horizontal_pod_autoscaler_v1
• kubernetes_horizontal_pod_autoscaler_v2beta2
• kubernetes_horizontal_pod_autoscaler_v2
• kubernetes_mutating_webhook_configuration
• kubernetes_mutating_webhook_configuration_v1
• kubernetes_network_policy
• kubernetes_network_policy_v1
• kubernetes_persistent_volume_claim
• kubernetes_persistent_volume_claim_v1
• kubernetes_pod
• kubernetes_pod_v1
• kubernetes_pod_disruption_budget
• kubernetes_pod_disruption_budget_v1
• kubernetes_pod_security_policy
• kubernetes_pod_security_policy_v1beta1
• kubernetes_priority_class
• kubernetes_replication_controller
• kubernetes_resource_quota
• kubernetes_role
• kubernetes_role_binding
• kubernetes_secret
• kubernetes_namespace
• kubernetes_service
• kubernetes_service_account
• kubernetes_stateful_set
• kubernetes_storage_class
• kubernetes_validating_webhook_configuration
• kubernetes_validating_webhook_configuration_v1

Special thanks to @​sheneska for making these changes as part of her internship @​hashicorp! 🚀

v2.16.0

Compare Source

FEATURES:

• New data source: kubernetes_endpoints_v1 [GH-1805]

ENHANCEMENT:

• Add a new optional attribute runtime_class_name to pod.spec. That affects all resources and data sources that use pod.spec directly or as a template. [GH-1895]
• Add a new optional attribute fs_group_change_policy to pod.spec.security_context. That affects all resources and data sources that use pod.spec directly or as a template. [GH-1892]
• The kubernetes status field is now available in the kubernetes_resource datasource [GH-1802]
• r/kubernetes_pod_v1: changing values of spec.container.resources.limits or spec.container.resources.requests will force resource recreation. [GH-1889]
• r/kubernetes_pod: changing values of spec.container.resources.limits or spec.container.resources.requests will force resource recreation. [GH-1889]

BUG FIXES:

• Fix an issue when changing values of spec.container.resources.limits or spec.container.resources.requests does not update appropriate Kubernetes resources. Affected resources: kubernetes_pod, kubernetes_pod_v1. [GH-1889]
• Fix an issue when empty values of spec.container.resources.limits or spec.container.resources.requests produce continuous diff output during plan although no real changes were made. Affected resources: kubernetes_pod, kubernetes_pod_v1, kubernetes_daemonset, kubernetes_daemon_set_v1, kubernetes_deployment, kubernetes_deployment_v1. [GH-1889]
• Fix an issue with timeouts for StatefulSet, Deployment, and DaemonSet resources when in some cases changes of Update or Create timeout doesn't affect related actions. [GH-1902]

DOCS:

• resource/kubernetes_service_account_v1: mark attribute default_secret_name as deprecated [GH-1883]
• resource/kubernetes_service_account: mark attribute default_secret_name as deprecated [GH-1883]

Thanks to all our contributors! 🎉

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.