Kubernetes Plugin Release Notes
0.1.3
Requires formae >= 0.86.0.
New features and improvements
K8s 1.35 and 1.36 supported
The schema package now ships per-version subtrees for K8s minors 1.21 → 1.36 (16 minors). Target a specific cluster's API version through the kubernetesVersion field on the K8s Config:
new k8s.Config {
kubernetesVersion = "1.36"
auth = new k8s.KubeconfigAuth {}
}Each per-version subtree under @k8s/v<X.Y>/ carries only fields that are valid for that minor; @formae evaluates against the matching subtree at extract and apply time, surfacing field-availability errors before any RPC reaches the cluster.
The client-go dependency is pinned to v0.36.0 in lockstep with the highest supported minor. The plugin's pkg/config/version.go records MinSupportedK8sVersion = "1.31" and MaxSupportedK8sVersion = "1.36"; users on a cluster outside that window get a clear preflight error.
Service LoadBalancer resolvables
core/Service now exposes its assigned LoadBalancer endpoint through resolvables: lbIngressIp, lbIngressHostname, and lbIngressUrl. The URL form is synthesized by the plugin as http://<host>[:port] from the first ingress address and the first service port, so a cross-plugin Target can take its endpoint directly from a $ref on the Service.
lgtm-observability example
New example composing three plugins in a single forma: a cloud plugin provisions a managed cluster (AWS, Azure, GCP, or OCI), the k8s plugin deploys the LGTM stack onto it, and the grafana plugin configures Grafana (folder, data sources, dashboards) over its HTTP API. Target chaining wires it together: the K8s target's auth is a $ref on the cluster endpoint, and the Grafana target's URL is a $ref on the Grafana Service's LoadBalancer ingress URL.
Versioned conformance CI
A new Conformance K8s 1.35 workflow runs on every push to main, joining the existing per-minor chain (1.35 → 1.34 → ... → 1.21). The PR conformance suite now exercises 1.35 against kindest/node:v1.35.1. K8s 1.36 conformance is tracked separately and will land once kind publishes a 1.36 node image; see issue #9 for the wire-up checklist.
Schema layout
The published schema/pkl/ tree now splits responsibility cleanly between the package root and the per-version subtrees:
schema/pkl/
├── target.pkl # NEW root: Config + Auth (version-agnostic)
├── shared.pkl # version-agnostic typealiases + K8sVersion annotation
├── helm/ # helm-chart wrappers (per-version + shared)
├── v1.21/
│ ├── k8s.pkl # SubResource classes valid in 1.21
│ ├── apps/Deployment.pkl
│ ├── core/Pod.pkl
│ └── …
├── …
└── v1.36/
├── k8s.pkl # SubResource classes valid in 1.36
└── …target.pklis the version-agnostic package root. It carriesConfig(includingkubernetesVersion) and theAuthhierarchy (KubeconfigAuth,EKSAuth,GKEAuth,AKSAuth,OVHAuth,OCIAuth).v<X.Y>/k8s.pklis the per-version SubResource module:PodSpec,Container,EnvVar,ObjectMeta, and every other inline type whose accepted field set varies per K8s minor. Each per-version fileextends "../target.pkl", so importing@k8s/v1.34/k8s.pklalso gives youConfig+Authvia inheritance.- Resource files (
@k8s/v<X.Y>/<api-group>/<Kind>.pkl) sit under each per-version subtree and import the matchingk8s.pklfor their subresource dependencies.
Authoring forma.pkl files against the new layout:
import "@k8s/target.pkl" as k8s
import "@k8s/v1.34/core/Namespace.pkl" as ns
import "@k8s/v1.34/apps/Deployment.pkl" as dep
new k8s.Config { kubernetesVersion = "1.34"; auth = new k8s.KubeconfigAuth {} }Bug fixes
Example formae files
The example forma.pkl files under examples/formations/ now import @k8s/k8s-subresources.pkl as k8s against the master schema, restoring chart-conformance test compatibility that broke during the earlier schema split. Per-version example files (examples/helm/{nginx,memcached,postgresql}-v1.{31,34}.pkl) import the per-version @k8s/v<X.Y>/k8s.pkl subresources file.
0.1.2
Initial release of the Kubernetes plugin as a standalone package on the platform.engineering Hub. Manages K8s resources via Server-Side Apply with typed Pkl schemas pinned to your cluster's K8s version.