What's New ✨

Discover new features from the current version in one place.

Features

  • Admission Webhooks return warnings for deprecated fields in Capsule resources. You are encouraged to update your resources accordingly.

  • Added --enable-pprof flag to enable pprof endpoint for profiling Capsule controller performance. Not recommended for production environments. Read More.

  • Added --workers flag to define the MaxConcurrentReconciles for relevant controllers Read More.

  • Combined Capsule Users Configuration for defining all users and groups which should be considered for Capsule tenancy. This simplifies the configuration and avoids confusion between users and groups. Read More

  • All namespaced items, which belong to a Capsule Tenant, are now labeled with the Tenant name (eg. capsule.clastix.io/tenant: solar). This allows easier filtering and querying of resources belonging to a specific Tenant or Namespace. Note: This happens at admission, not in the background. If you want your existing resources to be labeled, you need to reapply them or patch them manually to get the labels added.

  • Delegate Administrators for capsule tenants. Administrators have full control (ownership) over all tenants and their namespaces. Read More

  • All available Classes for a tenant (StorageClasses, GatewayClasses, RuntimeClasses, PriorityClasses, DeviceClasses) are now reported in the Tenant Status. These values can be used by Admission to integrate other resources validation or by external systems for reporting purposes (Example).

apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: solar
...
status:
  classes:
    priority:
    - system-cluster-critical
    - system-node-critical
    runtime:
    - customer-containerd
    - customer-runu
    - customer-virt
    - default-runtime
    - disallowed
    - legacy
    storage:
    - standard
  • All available Owners for a tenant are now reported in the Tenant Status. This allows external systems to query the Tenant resource for its owners instead of querying the RBAC system.
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: solar
...
status:
  owners:
  - clusterRoles:
    - admin
    - capsule-namespace-deleter
    kind: Group
    name: oidc:org:devops:a
  - clusterRoles:
    - admin
    - capsule-namespace-deleter
    - mega-admin
    - controller
    kind: ServiceAccount
    name: system:serviceaccount:capsule:controller
  - clusterRoles:
    - admin
    - capsule-namespace-deleter
    kind: User
    name: alice
  • Introduction of the TenantOwner CRD. Read More
apiVersion: capsule.clastix.io/v1beta2
kind: TenantOwner
metadata:
  labels:
    team: devops
  name: devops
spec:
  kind: Group
  name: "oidc:org:devops:a"
  clusterRoles:
    - "mega-admin"
    - "controller"

Fixes

  • Admission Webhooks for namespaces had certain dependencies on the first reconcile of a tenant (namespace being allocated to this tenant). This bug has been fixed and now namespaces are correctly assigned to the tenant (at admission) even if the tenant has not yet been reconciled.

  • The entire core package and admission webhooks have been majorly refactored to improve maintainability and extensibility of Capsule.

Documentation

We have added new documentation for a better experience. See the following Topics:

Ecosystem

Newly added documentation to integrate Capsule with other applications:

Last modified December 5, 2025: feat: prepare 0.12.0 release (#58) (e487e6a)