Version 2.0 of the Kubernetes and Helm providers includes a more declarative authentication flow, alignment of resource behaviors and attributes with upstream APIs, normalized wait conditions across several resources, and removes support for Helm v2.
The HashiCorp Terraform Strategic Integrations team is excited to announce the release of major version 2.0 for the Kubernetes and Helm providers for HashiCorp Terraform. This major release includes some significant changes to authentication, an upgrade to the new Terraform SDK as well as improvements to resources to improve consistency and align more closely with the Kubernetes API. We discuss a select few changes in detail below, and for the full list of changes you can look to the Helm provider changelog and Kubernetes provider changelog.
The Kubernetes and Helm providers’ v1.x authentication scheme made it easy for new users to start out with a single cluster. However, we found that it made things more complicated for users who were managing multiple Kubernetes clusters, a common scenario among the providers’ users. For these users, the providers’ default assumption that users wanted to use the configuration set in the KUBECONFIG environment variable sometimes resulted in accidental application of configuration to the wrong cluster.
In order to promote explicit declaration of access credentials and avoid accidental misconfiguration of the Kubernetes and Helm providers, we are removing support for the
KUBECONFIG environment variable and the
load_config_file attribute in the provider configuration block. Instead, we are now offering the ability to set an explicit
KUBE_CONFIG_PATHS in the provider configuration block to allow you to configure the provider with a given
In November 2019, we announced that we would be deprecating support for Terraform v0.11. With the upgrade to the new Terraform SDK in these new providers, we now no longer support Terraform v0.11. Please upgrade your terraform version before proceeding with the upgrade to the 2.0 version of the Helm and Kubernetes providers.
We have removed support for Helm v2 in accordance with the Helm v2 deprecation timeline. The last version of the provider that supports Helm v2 is provider version v0.10.6. We will no longer be accepting pull requests for bug fixes related to this version going forward.
Besides the authentication changes discussed above, we took the opportunity to align many of the resources in the Kubernetes provider with the upstream Kubernetes API and with each other. Included in these changes is an update to the
automount_service_account_token default on all resources that include PodSpec - it now defaults to
true. See the changelog and upgrade guides above for a comprehensive list of updates.
We would love to hear your feedback on these updates! You can post bugs and feature requests for the Helm provider by opening an issue at hashicorp/terraform-provider-helm, or the Kubernetes provider at hashicorp/terraform-provider-kubernetes. You can also engage with us and the community on HashiCorp Discuss and in #terraform-providers on the Kubernetes Slack (Sign up here).
To discover more about managing Kubernetes with Terraform, review the guides in our Manage Kubernetes with Terraform collection on HashiCorp Learn. There you can find tutorials for our Kubernetes and Helm providers.
Native Open Policy Agent (OPA) support allows customers who have standardized on OPA to bring their policies into Terraform Cloud.
Dynamic provider credentials for Terraform Cloud provide a simple and safe authentication workflow for Vault and official cloud providers.
CDK for Terraform (CDKTF) 0.15 improves on its ease of use with Terraform Cloud and Terraform Enterprise through automatic Terraform workspace creation.