chore(deps): Update Terraform kubernetes to ~> 2.38.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
kubernetes (source)	required_provider	minor	~> 2.21.1 → ~> 2.38.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

hashicorp/terraform-provider-kubernetes (kubernetes)

v2.38.0

Compare Source

ENHANCEMENTS:

• Add ResourceIdentity support to kubernetes_manifest [GH-2737]
• Add sub_path_expr to volume mount options pod spec [GH-2622]
• Add support for ResourceIdentity to SDKv2 resources [GH-2751]

BUG FIXES:

• Fixed goroutine-safety in the CRD and metadata cache, resulting in far fewer provider metadata requests. [GH-2699]
• data_source/kubernetes_pod_v1: fix an issue when the provider cuts out toleration under pod spec(spec.toleration) if it uses a well-known taint. [GH-2380]
• data_source/kubernetes_pod: fix an issue when the provider cuts out toleration under pod spec(spec.toleration) if it uses a well-known taint. [GH-2380]
• resource/kubernetes_cron_job: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_cron_job_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_daemon_set_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_daemonset: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_deployment: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_deployment_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_job: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_job_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_replication_controller_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_replication_controller: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_stateful_set: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]
• resource/kubernetes_stateful_set_v1: fix an issue when the provider cuts out toleration under pod spec template(*.template.spec.toleration`) if it uses a well-known taint. That could lead to a perpetual diff behavior. [GH-2380]

NOTES:

• We have updated the logic of resources that use the Pod specification template, such as kubernetes_deployment_v1, kubernetes_stateful_set_v1, etc, and now the provider will keep all tolerations(spec.toleration) returned by Kubernetes. The same is applicable for the data sources kubernetes_pod_v1 and kubernetes_pod. The behavior of resources kubernetes_pod_v1 and kubernetes_pod remains unchanged, i.e. the provider will keep removing tolerations with well-known taints since they might be attached to the object by Kubernetes controller and could lead to a perpetual diff. [GH-2380]

v2.37.1

Compare Source

BUG FIXES:

• Fixes issue #​2732 where the provider would fail when used with Terraform >= v1.12.1 due to missing GetResourceIdentitySchemas implementation. [GH-2732]

v2.37.0

Compare Source

ENHANCEMENTS:

• kubernetes_config_map_v1: Add support for ResourceIdentity [GH-2721]

v2.36.0

Compare Source

ENHANCEMENTS:

• resource/kubernetes_secret_v1: Add support for write only attributes for data_wo and binary_data_wo. [GH-2692]

v2.35.1

Compare Source

BUG FIXES:

• resource/kubernetes_job_v1: revert the changes introduced in v2.34.0, where ttl_seconds_after_finished was set to 0. [GH-2650]
• resource/kubernetes_daemon_set_v1: fix issue where fields spec.strategy.rolling_update.max_surge and spec.strategy.rolling_update.max_unavailable were not being validated correctly. [GH-2653]

v2.35.0

Compare Source

FEATURES:

• resources_kubernetes_daemon_set_v1 : Added max_surge argument for to rolling_update block. [GH-2630]

v2.34.0

Compare Source

ENHANCEMENTS:

• Added conditions attribute to kubernetes_nodes data source, which will provide detailed node health and status information [GH-2612]
• Adding the kubernetes_secret_v1_data resource to the kubernetes provider. This resource will allow users to manage kubernetes secrets [GH-2604]
• Properly handle Kubernetes Jobs with ttl_seconds_after_finished = 0 to prevent unnecessary recreation. [GH-2596]

FEATURES:

• New ephemeral resource: kubernetes_certificate_signing_request_v1 [GH-2628]
• New ephemeral resource: kubernetes_token_request_v1 [GH-2628]

v2.33.0

Compare Source

ENHANCEMENTS:

• Add backoff_per_limit_index and max_failed_indexes fields in structure_job.go [GH-2421]
• Added support for namespace_selector field in PodAffinityTerm to enhance pod affinity and anti-affinity rules, allowing selection of namespaces based on label selectors. [GH-2577]
• kubernetes_manifest - handling "404 Not Found" errors during the deletion of Kubernetes resources, particularly in cases where the resource may have already been deleted by an operator managing the CRD before Terraform attempts to delete it. [GH-2592]
• schema_container.go: Add VolumeDevices [GH-2573]

v2.32.0

Compare Source

FEATURES:

• New data source: kubernetes_server_version [GH-2306]

ENHANCEMENTS:

• resource/kubernetes_certificate_signing_request_v1: Add argument spec.expiration_seconds [GH-2559]
• resource/kubernetes_persistent_volume_v1: support ReadWriteOncePod access mode for PVs [GH-2488]

v2.31.0

Compare Source

ENHANCEMENTS:

• Add support for Terraform's experimental deferred actions [GH-2510]

v2.30.0

Compare Source

BUG FIXES:

• data_source/kubernetes_resources: fix an issue where the provider exit with an error when the data source kubernetes_resources receives multiple Kubernetes objects containing tuples with different numbers of elements. [GH-2372]
• kubernetes_manifest: fix issue preventing KUBE_PROXY_URL environment variable from being used in client configuration (#​1733) [GH-2485]
• resource/kubernetes_node_taint: Fix the error check for nonexistant nodes so that terraform does not fail if there is a taint in the state file for a node that has been deleted. [GH-2402]

DOCS:

• Migrate legacy structure to new tfplugindocs template structure [GH-2470]

v2.29.0

Compare Source

BUG FIXES:

• data-sources: revert a recently introduced deviation on datasources where querying a non-existent resource would cause an error (#​2434). [GH-2464]

v2.28.1

Compare Source

HOTFIX:

• manifest_decode(): fix handling of manifests containing null values [GH-2461]

v2.28.0

Compare Source

ENHANCEMENTS:

NOTE: Using Provider Defined Functions requires Terraform version 1.8.0.

• Add provider defined functions: manifest_encode, manifest_decode, manifest_decode_multi [GH-2428]

v2.27.0

Compare Source

ENHANCEMENTS:

• resource/kubernetes_pod_v1: add missing topology_spread_constraints: node_affinity_policy, node_taints_policy, match_label_keys, min_domains [GH-2429]

v2.26.0

Compare Source

ENHANCEMENTS:

• kubernetes/kubernetes_deployment_v1: Add support for HugePages in emptyDir.medium [GH-2395]
• resource/kubernetes_job_v1: add new attribute spec.pod_failure_policy to job spec [GH-2394]

NOTES:

• Bump Kubernetes dependencies from x.27.8 to x.28.6. [GH-2404]

v2.25.2

Compare Source

BUG FIXES:

• resource/kubernetes_cron_job_v1: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_cron_job: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_daemon_set_v1: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_daemonset: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_stateful_set_v1: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]
• resource/kubernetes_stateful_set: fix an issue when the provider forces a resource recreation after upgrading to 2.25.0 and 2.25.1 due to changes in the resource schema. [GH-2387]

NOTES:

• Resources kubernetes_cron_job_v1 and kubernetes_cron_job got a new attribute spec.job_template.metadata.namespace. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387]
• Resources kubernetes_stateful_set_v1, kubernetes_stateful_set, kubernetes_daemon_set_v1, and kubernetes_daemonset got a new attribute spec.template.metadata.namespace. It is a stub attribute that does not affect the namespace in which the Pod will be created. The Pod will be created in the same namespace as the main resource. However, modifying this field will force the resource recreation. [GH-2387]

v2.25.1

Compare Source

HOTFIX:

• kubernetes_manifest: Implement response for GetMetadata protocol function [GH-2384]

v2.25.0

Compare Source

ENHANCEMENTS:

• Add terraform-plugin-framework provider [GH-2347]
• data_source/kubernetes_persistent_volume_claim_v1: add a new attribute spec.volume_mode. [GH-2353]
• data_source/kubernetes_persistent_volume_claim: add a new attribute spec.volume_mode. [GH-2353]
• kubernetes/schema_stateful_set_spec.go: Add spec.persistentVolumeClaimRetentionPolicy in kubernetes_stateful_set [GH-2333]
• resource/kubernetes_persistent_volume_claim_v1: add a new attribute spec.volume_mode. [GH-2353]
• resource/kubernetes_persistent_volume_claim: add a new attribute spec.volume_mode. [GH-2353]
• resource/kubernetes_stateful_set_v1: add a new attribute spec.volume_claim_template.spec.volume_mode. [GH-2353]
• resource/kubernetes_stateful_set: add a new attribute spec.volume_claim_template.spec.volume_mode. [GH-2353]

BUG FIXES:

• resource/kubernetes_cron_job_v1: Change the schema to include a namespace in jobTemplate
resource/kubernetes_stateful_set_v1: Change the schema to include a namespace in template [GH-2362]
• resource/kubernetes_ingress_v1: Fix an issue where the empty tls attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]
• resource/kubernetes_ingress: Fix an issue where the empty tls attribute in the configuration does not generate the corresponding Ingress object without any TLS configuration. [GH-2344]

NOTES:

• We have updated the logic of data sources and now the provider will return all annotations and labels attached to the object, regardless of the ignore_annotations and ignore_labels provider settings. In addition to that, a list of ignored labels when they are attached to kubernetes_job(_v1) and kubernetes_cron_job(_v1) resources were extended with labels batch.kubernetes.io/controller-uid and batch.kubernetes.io/job-name since they aim to replace controller-uid and job-name in the future Kubernetes releases. [GH-2345]

A special and warm welcome to the first contribution from our teammate @​SarahFrench! 🚀

v2.24.0

Compare Source

ENHANCEMENTS:

kubernetes/schema_affinity_spec.go: Add match_fields to nodeAffinity [GH-2296]
kubernetes/schema_pod_spec.go: Add os to podSpecFields [GH-2290]
resource/kubernetes_config_map_v1_data: improve error handling while validating the existence of the target ConfigMap. [GH-2230]

BUG FIXES:

• resource/kubernetes_labels: Add ["f:metadata"] check in kubernetes_labels to prevent crash with kubernetes_node_taints [GH-2246]

DOCS:

• Add example module for configuring OIDC authentication on EKS [GH-2287]
• Add example module for configuring OIDC authentication on GKE [GH-2319]

NOTES:

• Bump Go version from 1.20 to 1.21. [GH-2337]
• Bump Kubernetes dependencies from x.25.11 to x.27.8.

v2.23.0

Compare Source

FEATURES:

• resource/kubernetes_cron_job_v1: add a new volume type ephemeral to spec.job_template.spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_cron_job: add a new volume type ephemeral to spec.job_template.spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_daemon_set_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_daemonset: add a new volume type ephemeral to spec.template.spec..volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_deployment_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_deployment: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_job_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_job: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_pod_v1: add a new volume type ephemeral to spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_pod: add a new volume type ephemeral to spec.volume to support generic ephemeral volumes. [GH-2199]

ENHANCEMENTS:

• resource/kubernetes_endpoint_slice_v1: make attribute endpoint.condition optional. If you had previously included an empty block condition {} in your configuration, we request you to remove it. Doing so will prevent receiving continuous "update in-place" messages while performing the plan and apply operations. [GH-2208]
• resource/kubernetes_pod_v1: add a new attribute target_state to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]
• resource/kubernetes_pod: add a new attribute target_state to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]

BUG FIXES:

• resource/kubernetes_manifest: update flow in wait block to fix timeout bug within tf apply where the resource is created and appears in Kubernetes but does not appear in TF state file after deadline. The fix would ensure that the resource has been created in the state file while also tainting the resource requiring the user to make the necessary changes in order for their to not be another timeout error. [GH-2163]

DOCS:

• Fix external broken links in the documentation. [GH-2221]

v2.22.0

Compare Source

FEATURES:

• kubernetes/data_source_kubernetes_persistent_volume.go: Add data source for Kubernetes Persistent Volume Resource [GH-2118]
• kubernetes/resource_kubernetes_namespace.go: Add attribute wait_for_default_service_account to namespaces which will force Terraform to wait until the default service account has been created by Kubernetes on namespace creation. [GH-2119]
• kubernetes/resource_kubernetes_endpointslice.go: Add kubernetes_endpoint_slice resource [GH-2086]

ENHANCEMENTS:

• kubernetes/provider.go: Add tls_server_name kubernetes provider options. [GH-1638]

BUG FIXES:

• resource/kubernetes_manifest: fix an issue in the kubernetes_manifest resource when it panics if tuple attributes within an object have a different number of elements. This leads to the situation when all types of end tuples are getting the same type. [GH-2164]
• resource/kubernetes_manifest: fix an issue with the kubernetes_manifest resource, where an object fails to update correctly when employing wait conditions and thus some attributes are not available for the reference after creation. [GH-2173]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.