chore(deps): Update Terraform kubernetes to v2.23.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
kubernetes (source)	required_provider	minor	2.7.1 -> 2.23.0

---

Release Notes

hashicorp/terraform-provider-kubernetes (kubernetes)

v2.23.0

Compare Source

FEATURES:

• resource/kubernetes_cron_job_v1: add a new volume type ephemeral to spec.job_template.spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_cron_job: add a new volume type ephemeral to spec.job_template.spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_daemon_set_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_daemonset: add a new volume type ephemeral to spec.template.spec..volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_deployment_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_deployment: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_job_v1: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_job: add a new volume type ephemeral to spec.template.spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_pod_v1: add a new volume type ephemeral to spec.volume to support generic ephemeral volumes. [GH-2199]
• resource/kubernetes_pod: add a new volume type ephemeral to spec.volume to support generic ephemeral volumes. [GH-2199]

ENHANCEMENTS:

• resource/kubernetes_endpoint_slice_v1: make attribute endpoint.condition optional. If you had previously included an empty block condition {} in your configuration, we request you to remove it. Doing so will prevent receiving continuous "update in-place" messages while performing the plan and apply operations. [GH-2208]
• resource/kubernetes_pod_v1: add a new attribute target_state to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]
• resource/kubernetes_pod: add a new attribute target_state to specify the Pod phase(s) that indicate whether it was successfully created. [GH-2200]

BUG FIXES:

• resource/kubernetes_manifest: update flow in wait block to fix timeout bug within tf apply where the resource is created and appears in Kubernetes but does not appear in TF state file after deadline. The fix would ensure that the resource has been created in the state file while also tainting the resource requiring the user to make the necessary changes in order for their to not be another timeout error. [GH-2163]

DOCS:

• Fix external broken links in the documentation. [GH-2221]

v2.22.0

Compare Source

FEATURES:

• kubernetes/data_source_kubernetes_persistent_volume.go: Add data source for Kubernetes Persistent Volume Resource [GH-2118]
• kubernetes/resource_kubernetes_namespace.go: Add attribute wait_for_default_service_account to namespaces which will force Terraform to wait until the default service account has been created by Kubernetes on namespace creation. [GH-2119]
• kubernetes/resource_kubernetes_endpointslice.go: Add kubernetes_endpoint_slice resource [GH-2086]

ENHANCEMENTS:

• kubernetes/provider.go: Add tls_server_name kubernetes provider options. [GH-1638]

BUG FIXES:

• resource/kubernetes_manifest: fix an issue in the kubernetes_manifest resource when it panics if tuple attributes within an object have a different number of elements. This leads to the situation when all types of end tuples are getting the same type. [GH-2164]
• resource/kubernetes_manifest: fix an issue with the kubernetes_manifest resource, where an object fails to update correctly when employing wait conditions and thus some attributes are not available for the reference after creation. [GH-2173]

v2.21.1

Compare Source

HOTFIX:

• Revert add "conflictsWith" to provider block schema. [GH-2131]

v2.21.0

Compare Source

FEATURES:

• resource/kubernetes_runtime_class_v1: Add a new resource kubernetes_runtime_class_v1. [GH-2080]

ENHANCEMENTS:

• kubernetes/provider.go: add conflictsWith rules to provider configuration schema [GH-2084]
• kubernetes/resource_kubernetes_service_account.go: Remove default_secret_name warning [GH-2085]
• resource/kubernetes_node_taint Update import documentation GH-2094

BUG FIXES:

• resource/kubernetes_node_taint: Don't fail when there is a taint in the state file for a node that no longer exists. [GH-2099]
• resource/kubernetes_job: Fixed a bug where setting backoff_limit to 6 would reset it to 0

v2.20.0

Compare Source

ENHANCEMENTS:

kubernetes/resource_kubernetes_env.go: add support for initContainers [GH-2067]
kubernetes/resource_kubernetes_node_taint.go: Remove MaxItems from taint attribute [GH-2046]

BUG FIXES:

• Fix diff after import when importing resources containing volume_mount [GH-2061]
• resource/kubernetes_node_taint: Fix an issue when updating taint does not update the ID in the state file. [GH-2077]

v2.19.0

Compare Source

FEATURES:

New Resource: kubernetes_token_request_v1. [GH-2024]

BUG FIXES:

• data_source/kubernetes_secret_v1: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]
• data_source/kubernetes_secret: Fix an issue where data_source cannot read secret created with generate_name. [GH-2028]
• kubernetes/schema_pod_spec.go: Fix unexpected volumes appearing on plan [GH-2006]
• resource/kubernetes_cron_job_v1: Fix annotation logic to prevent internalkeys from being removed in templates [GH-1983]
• resource/kubernetes_manifest: Fix a panic when constructing the diagnostic message about incompatible attribute types [GH-2054]
• resource/kubernetes_manifest: Fix crash when manifest config contains unknown values of unknown type (DynamicPseudoType) [GH-2055]

v2.18.1

Compare Source

HOTFIX:

• kubernetes_manifest: fix crash when waiting on conditions that are not yet present [GH-2008]

v2.18.0

Compare Source

FEATURES:

• New data source: data_source/kubernetes_nodes. [GH-1921]
• New data source: data_source/kubernetes_resources. [GH-1967]
• New resource: resource/kubernetes_node_taint. [GH-1921]

ENHANCEMENT:

• resource/kubernetes_annotations: Add a new attribute template_annotations that allows adding annotations to resources with pod templates. [GH-1972]
• resource/kubernetes_cron_job_v1: Add a new attribute spec.timezone. [GH-1971]

BUG FIXES:

• resource/kubernetes_mutating_webhook_configuration: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_network_policy_v1: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_network_policy: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_persistent_volume_claim_v1: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_persistent_volume_claim: Fix an issue when the delete operation may not be idempotent. [GH-1999]
• resource/kubernetes_storage_class_v1: Fix an issue when changing the value of the attribute allow_volume_expansion does not alter Kubernetes resource. [GH-1519]
• resource/kubernetes_storage_class: Fix an issue when changing the value of the attribute allow_volume_expansion does not alter Kubernetes resource. [GH-1519]

DOCS:

• New data source: data_source/kubernetes_nodes. [GH-1921]
• New data source: data_source/kubernetes_resources. [GH-1967]
• New resource: resource/kubernetes_node_taint. [GH-1921]
• provider: Add a note regarding the KUBECONFIG environment variable. [GH-1989]
• resource/kubernetes_annotations: Add a new attribute template_annotations. [GH-1972]
• resource/kubernetes_job_v1: Add documentation for the attribute spec.completion_mode. [GH-1997]
• resource/kubernetes_job: Add documentation for the attribute spec.completion_mode. [GH-1997]
• resource/resource_kubernetes_cron_job_v1: Add a new attribute spec.timezone. [GH-1971]

v2.17.0

Compare Source

ENHANCEMENT:

• Add a new optional attribute grpc to pod.spec.container.liveness_probe, pod.spec.container.readiness_probe, and pod.spec.container.startup_probe. That affects all resources and data sources that use mentioned pod.spec.container probes directly or as a template. [GH-1915]
• resource/kubernetes_cluster_role_binding_v1: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_cluster_role_binding: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_cluster_role_v1: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_cluster_role: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_ingress_v1: add create and delete timeouts [GH-1936]
• resource/kubernetes_ingress_v1: make the attribute spec.ingress_class_name computed [GH-1947]
• resource/kubernetes_persistent_volume_v1: add additional validation on the delete operation to make it idempotent [GH-1935]
• resource/kubernetes_persistent_volume: add additional validation on the delete operation to make it idempotent [GH-1935]
• resource/kubernetes_role_binding_v1: add attribute generate_name to produce a unique random name [GH-1899]
• resource/kubernetes_role_binding: add attribute generate_name to produce a unique random name [GH-1899]

v2.16.1

Compare Source

ENHANCEMENTS:

• Add additional validation on the delete operation to make it idempotent. [GH-1914], [GH-1919], [GH-1898]

This affects the following resources:

• kubernetes_api_service
• kubernetes_api_service_v1
• kubernetes_cluster_role
• kubernetes_cluster_role_v1
• kubernetes_cluster_role_binding
• kubernetes_cluster_role_binding_v1
• kubernetes_config_map
• kubernetes_config_map_v1
• kubernetes_daemonset
• kubernetes_daemon_set_v1
• kubernetes_deployment
• kubernetes_deployment_v1
• kubernetes_endpoints
• kubernetes_endpoints_v1
• kubernetes_horizontal_pod_autoscaler
• kubernetes_horizontal_pod_autoscaler_v1
• kubernetes_horizontal_pod_autoscaler_v2beta2
• kubernetes_horizontal_pod_autoscaler_v2
• kubernetes_mutating_webhook_configuration
• kubernetes_mutating_webhook_configuration_v1
• kubernetes_network_policy
• kubernetes_network_policy_v1
• kubernetes_persistent_volume_claim
• kubernetes_persistent_volume_claim_v1
• kubernetes_pod
• kubernetes_pod_v1
• kubernetes_pod_disruption_budget
• kubernetes_pod_disruption_budget_v1
• kubernetes_pod_security_policy
• kubernetes_pod_security_policy_v1beta1
• kubernetes_priority_class
• kubernetes_replication_controller
• kubernetes_resource_quota
• kubernetes_role
• kubernetes_role_binding
• kubernetes_secret
• kubernetes_namespace
• kubernetes_service
• kubernetes_service_account
• kubernetes_stateful_set
• kubernetes_storage_class
• kubernetes_validating_webhook_configuration
• kubernetes_validating_webhook_configuration_v1

Special thanks to @​sheneska for making these changes as part of her internship @​hashicorp! 🚀

v2.16.0

Compare Source

FEATURES:

• New data source: kubernetes_endpoints_v1 [GH-1805]

ENHANCEMENT:

• Add a new optional attribute runtime_class_name to pod.spec. That affects all resources and data sources that use pod.spec directly or as a template. [GH-1895]
• Add a new optional attribute fs_group_change_policy to pod.spec.security_context. That affects all resources and data sources that use pod.spec directly or as a template. [GH-1892]
• The kubernetes status field is now available in the kubernetes_resource datasource [GH-1802]
• r/kubernetes_pod_v1: changing values of spec.container.resources.limits or spec.container.resources.requests will force resource recreation. [GH-1889]
• r/kubernetes_pod: changing values of spec.container.resources.limits or spec.container.resources.requests will force resource recreation. [GH-1889]

BUG FIXES:

• Fix an issue when changing values of spec.container.resources.limits or spec.container.resources.requests does not update appropriate Kubernetes resources. Affected resources: kubernetes_pod, kubernetes_pod_v1. [GH-1889]
• Fix an issue when empty values of spec.container.resources.limits or spec.container.resources.requests produce continuous diff output during plan although no real changes were made. Affected resources: kubernetes_pod, kubernetes_pod_v1, kubernetes_daemonset, kubernetes_daemon_set_v1, kubernetes_deployment, kubernetes_deployment_v1. [GH-1889]
• Fix an issue with timeouts for StatefulSet, Deployment, and DaemonSet resources when in some cases changes of Update or Create timeout doesn't affect related actions. [GH-1902]

DOCS:

• resource/kubernetes_service_account_v1: mark attribute default_secret_name as deprecated [GH-1883]
• resource/kubernetes_service_account: mark attribute default_secret_name as deprecated [GH-1883]

Thanks to all our contributors! 🎉

v2.15.0

Compare Source

ENHANCEMENT:

• Add new resource resource_kubernetes_env [GH-1838]
• Add "field_manager" attribute to kubernetes_labels, kubernetes_annotations, kubernetes_config_map_v1_data [GH-1831]
• r/kubernetes_horizontal_pod_autoscaler_v2: make attribute spec.behavior.scale_down computed [GH-1853]
• r/kubernetes_horizontal_pod_autoscaler_v2: make attribute spec.behavior.scale_up computed [GH-1853]
• r/kubernetes_horizontal_pod_autoscaler_v2: make attribute spec.behavior computed [GH-1853]
• r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute spec.behavior.scale_down computed [GH-1853]
• r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute spec.behavior.scale_up computed [GH-1853]
• r/kubernetes_horizontal_pod_autoscaler_v2beta2: make attribute spec.behavior computed [GH-1853]

v2.14.0

Compare Source

ENHANCEMENT:

• Added "preemption_policy" attribute to the priority_class resource. [GH-1846]
• new attribute: Add immutable attribute to resource_config_map [GH-1849]
• resource/kubernetes_secret: Add a new attribute wait_for_service_account_token and corresponding create timeout
  resource/kubernetes_secret_v1: Add a new attribute wait_for_service_account_token and corresponding create timeout [GH-1833]

DOCS:

• r/kubernetes_service: make spec.port block optional [GH-1856]
• r/kubernetes_service_v1: make spec.port block optional [GH-1856]

v2.13.1

Compare Source

BUG FIXES:

• [TK-78009] Fix propagation of non-fatal Diagnostics in the type morphing logic

v2.13.0

Compare Source

BUG FIXES:

• Starting from Kubernetes 1.24.0 service account token is not automatically generated, thus it has to create separately. The following resources were updated to handle this change: d/kubernetes_service_account, r/kubernetes_default_service_account, r/kubernetes_service_account. For Kubernetes clusters running v1.24+ default_secret_name will be empty. A warning message will be printed once any of the above resources are in use. (#​1792)

IMPROVEMENTS:

• r/kubernetes_manifest: Better error messages from OpenAPI schema transformations (#​1780)
• Update documentation and correct some errors (#​1768, #​1786)
• Update acceptance tests infrastructure code for GKE and AKE and related GitHub Actions

v2.12.1

Compare Source

IMPROVEMENTS:

• Update documentation and correct some errors (#​1759)

BUG FIXES:

• Fix type morphing of nested tuples that causes Failed to morph errors (#​1756)
• Fix an issue when provider crashes intermittently in version v2.12.0 (#​1762)

v2.12.0

Compare Source

NEW:

• Attribute ignore_annotations of provider (#​746)
• Attribute ignore_labels of provider (#​746)
• Attribute condition to wait block of kubernetes_manifest (#​1595)
• Attribute allocate_load_balancer_node_ports of kubernetes_service(_v1) (#​1683)
• Attribute cluster_ips of kubernetes_service(_v1) (#​1683)
• Attribute internal_traffic_policy of kubernetes_service(_v1) (#​1683)
• Attribute load_balancer_class of kubernetes_service(_v1) (#​1683)
• Attribute session_affinity_config of kubernetes_service(_v1) (#​1683)

IMPROVEMENTS:

• Update documentation and correct some errors (#​1706, #​1708)
• Fix security scan alerts (#​1727, #​1730, #​1731)
• Attribute topology_key of kubernetes_deployment(_v1) marked as Required (#​1736)

BUG FIXES:

• Fix kubernetes_default_service_account doesn't set the automount_service_account_token to false (#​1247)
• Fix an issue when the imported kubernetes_manifest resource is replaced instead of getting updated (#​1712)
• Fix provider crash when image_pull_secret of kubernetes_service_account(_v1) is null

v2.11.0

Compare Source

NEW:

• Add a new resource kubernetes_horizontal_pod_autoscaler_v2 (#​1674)

IMPROVEMENTS:

• Add ip_families and ip_family_policy attributes to kubernetes_service (#​1662)
• Handle x-kubernetes-preserve-unknown-fields type annotation from OpenAPI: changes to attributes of this type trigger whole resource recreation. (#​1646)
• Upgrade terraform-plugin-mux to v0.6.0 (#​1686)
• Add GitHub action for EKS acceptance tests (#​1656)
• Add github action for acceptance tests using kind (#​1691)

BUG FIXES:

• Fix conversion of big.Float to float64 in kubernetes_manifest (#​1661)
• Fix identification of int-or-string type attributes to include 3rd party types defined by aggregated APIs (#​1640)
• Fix not handling multiple cluster_role_selectors of kubernetes_cluster_role(_v1) (#​1360)

v2.10.0

Compare Source

NEW:

• Resource kubernetes_labels (#​692)
• Resource kubernetes_annotations (#​692)
• Resource kubernetes_config_map_v1_data (#​723)
• Block wait with attribute rollout of kubernetes_manifest (#​1549)
• Data source and resource attributes app_protocol of kubernetes_service (#​1554)
• Attribute container_resource of resource kubernetes_horizontal_pod_autoscaler_v2beta2 (#​1637)

IMPROVEMENTS:

• Deprecate wait_for attribute in favor of wait block in kubernetes_manifest (#​1549)
• Make attribute rule optional of kubernetes_validating_webhook_configuration(_v1) and kubernetes_mutating_webhook_configuration(_v1) (#​1618, #​1643)
• Update documentation and correct some errors (#​1622, #​1628, #​1657, #​1681)

BUG FIXES:

• Fix crash when multiple match_expression are used in kubernetes_resource_quota (#​1561)
• Fix issue when in some circumstances changes of seLinuxOptions.Type doesn't reflect in the state file (#​1650)
• Ignore service account volumes with kube-api-access prefix (#​1663)

v2.9.0

Compare Source

IMPROVEMENTS:

• Add attribute csi to pod spec (#​1092)
• Add kubernetes_resource data source (#​1548)
• kubernetes_manifest resource force the re-creation of the resource when either apiVersion or kind attributes change (#​1593)
• Make attribute http of resource kubernetes_ingress_v1 optional (#​1613)
• Add a new attribute seccomp_profile to pod and container spec (#​1617)
• Add additional check to resource kubernetes_job_v1 when attributes wait_for_completion and ttl_seconds_after_finished are used together (#​1619)
• Update documentation examples and correct some errors (#​1597, #​1611, #​1612, #​1626)

BUG FIXES:

• Fix logic of wait_for_rollout attribute of kubernetes_deployment (#​1405)
• Fix fail when the provider cannot determine default_secret_name (#​1634)

v2.8.0

Compare Source

IMPROVEMENTS:

• Add mutating_webhook_configuration_v1 data source (#​1423)
• Remove enabling experiment section (#​1564)
• Update kubernetes dependencies (#​1574)
• Update terraform-plugin-go and terraform-plugin-sdk (#​1551)

BUG FIXES:

• Fix panic: lists must only contain one type of element errors on kubernetes_manifest
• Attribute backend.service.port.name in kubernetes_ingress_v1 should be type String (#​1541)

---

Configuration

📅 Schedule: Branch creation - "after 5pm on the 2nd day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.