v0.8.5

Highlight

• Fixed context building to properly distinguish between "not yet observed" (nil) and "observed but empty" ([]) collections. This was causing instances with empty forEach results to get stuck in IN_PROGRESS forever - dependents couldn't evaluate CEL expressions like size(entries) because empty collections were being excluded from context entirely.

• CEL programs are now compiled once at build time and reused across reconciles. Previously we were re-parsing, re-compiling, and throwing away the program on every single evaluation. The new runtime now holds both the original string and the compiled program, so runtime skips straight to evaluation.

• Schema lookups now handle additionalProperties, which is how Kubernetes represents map types like ConfigMap.data. Without this, the CEL type checker couldn't validate writes to map fields and silently missed type mismatches.

🚀 Features

• Compile CEL programs at build time and reuse at runtime by @a-hilaly in #1014
• fix: validate status schema by @michaelhtm in #1023
• feat(validation): block kro-owned labels in resource templates by @spattk in #1016

🐛 Bug fixes

• fix(runtime): handle empty forEach collections and their dependents by @a-hilaly in #1018
• Fix empty arrays being converted to null instead of [] by @a-hilaly in #1026
• fix(graph): handle additionalProperties in schema lookups by @a-hilaly in #1019
• fix(dynamiccontroller): fix ctx race condition by @a-hilaly in #1015
• Handle CRD deletion so RGDs don't get stuck in Active by @Aman-Cool in #1029
• fix(rt/resolver): remove dead code and fix path handling asymmetry by @a-hilaly in #1004

🔧 Refactoring

• refactor(simpleschema): rework type system for easier extension by @a-hilaly in #998

🧹 Chores

• chore(ci): add -race for all unit tests by @jakobmoellerdev in #1021
• add gcal meeting link to readme by @olamilekan000 in #1013

New Contributors

• @olamilekan000 made their first contribution in #1013
• @spattk made their first contribution in #1016
• @Aman-Cool made their first contribution in #1029

Full Changelog: v0.8.4...v0.8.5

v0.8.4

Highlight

Removed the managed-by label from kro instances and fixed integration test coverage to actually measure pkg/ code.

🧹 Chores

• chore: remove managed-by label from kro instances by @shabbskagalwala in #997
• fix(test): measure pkg/ coverage in integration tests by @a-hilaly in #996

Full Changelog: v0.8.3...v0.8.4

v0.8.3

Highlight

Fixed a bug where finalizer and label patches were reverting each other when applied as separate operations. Combined into a single patch.

🐛 Bug fixes

• fix: unify finalizer and label patches, add cascading deletion integration test by @jakobmoellerdev in #1000

Full Changelog: v0.8.2...v0.8.3

v0.8.2

Highlight

Fixed child resource events triggering reconciliation on the wrong instance controller, and fixed release builds getting tagged with a dirty suffix.

🐛 bug fixes

• fix: filter child events by parent instance GVK by @shabbskagalwala in #986

🌱 Other

• update kro cli go.mod to use kro v0.8.1 by @michaelhtm in #992
• Fix cmd/kro by updating Kro dependency to v0.8.1 by @chrisdoherty4 in #994
• fix: remove GIT_VERSION suffix by @michaelhtm in #991

New Contributors

• @chrisdoherty4 made their first contribution in #994

Full Changelog: v0.8.1...v0.8.2

v0.8.1

Highlight

Fixed a schema defaulting edge case where generated CRDs could produce invalid OpenAPI when parent fields had required children with defaults.

🐛 Bug fixes

• fix(transform): update parent default logic for schemas with required fields by @jakobmoellerdev in #983

Full Changelog: v0.8.0...v0.8.1

v0.8.0

🔆 Highlights

Collections Support (KREP-002)

RGDs now support Collections: define one template and kro expands it into many resources at runtime. Collections introduce a new forEach directive that lets a CEL expression drive the iteration, and the controller keeps each generated resource in sync as items are added, changed, or removed. This makes multi‑resource expansion practical without hand‑authoring repeated blocks. (Docs, #936, #679)

Recursive Custom Types in RGD Schema

RGD schemas now allow custom types to reference other custom types, so you can build reusable, nested data structures instead of duplicating field definitions. This improves schema hygiene for complex specs and statuses while keeping validation intact. (Docs, #950)

Breaking Schema Change Detection

kro now diffs RGD schemas before updating CRDs and blocks incompatible changes (like removing fields, changing types, or adding required properties) by default. This prevents accidental breaking updates to existing instances; use the kro.run/allow-breaking-changes: "true" annotation to intentionally override. (Docs, #352)

✨ Features

• feat: add Collections support + runtime/controller rewrite by @a-hilaly in #936
• feat: KREP-002 declarative resource collections support by @a-hilaly in #679
• feat(simpleschema): add support for recursive custom types by @shivansh-gohem in #950
• feat(crd): Detect and prevent breaking schema changes in RGDs by @a-hilaly in #352
• feat: add early validation for apiVersion and kind to fail fast by @antcybersec in #980
• feat: add controller warmup support for faster leader failover by @a-hilaly in #955
• feat: add DurationType and TimestampType conversion to go native types by @shabbskagalwala in #960
• feat: add bytes conversion to go native types by @shabbskagalwala in #951
• feat: add support for labels and annotations in the generated CRDs by @cnvergence in #916

🐛 Bugfixes

• fix(graph): reject cluster-scoped resources with namespace set by @a-hilaly in #976
• fix(schema): preserve nested array/object paths in status schema by @a-hilaly in #972
• fix(schema): use date-time format for timestamps by @a-hilaly in #973
• fix(dag): preserve vertex order when dependencies are satisfied by @a-hilaly in #958
• fix: Convert CEL type to Go type recursively by @cirias in #940
• fix: Support []object and map[string]object types in RGD schema by @kunalvirwal in #939
• fix: Prevent random.* from being classified as a resource in #919
• fix(release): capture GIT_VERSION once to prevent -dirty suffix in LDFLAGS by @a-hilaly in #982
• fix(cluster-mgmt): ensure access to workload cluster is granted before argocd secret create by @iamahgoub in #966
• fix(graph): replace panic in CRD graph builder with proper error handling by @AnshulPatil2005 in #901

⚡ Performance

• chore: cache compiled CEL programs by @bschaatsbergen in #943

📖 Documentation

• docs: expand collections gotchas and cross-references by @a-hilaly in #971
• docs(cel): explain multiline expressions and YAML chomping by @a-hilaly in #974
• fix(website): version CRD with docs snapshots by @a-hilaly in #978
• Docs: manifests download URL changed to match actual URL by @hatofmonkeys in #925
• fix: Fixed Quickstart instance.yaml sample on document by @ricky9408 in #913
• docs: correct apiVersion for Application example by @birapjr in #899
• fix: url in kubectl commands for upgrade and delete by @Fsero in #938

🧪 Testing

• test: improve unit test coverage for pkg/graph/variable by @shivansh-gohem in #949

🌱 Other

• refactor(instance): align node state tracking by @a-hilaly in #970
• chore: bump controller-runtime to v0.23.0 and k8s deps to v0.35.0 by @a-hilaly in #956
• chore: dependency bumps (go1.25.6, golangci-lint, helm, ko, chainsaw, and more) by @jakobmoellerdev in #963
• chore: bump kro in kro command by @tjamet in #952
• cleanup: use variadic append for enum values by @PhantomInTheWire in #910
• Improve CRD cleanup skip log clarity by @skools-here in #923
• Update AWS cluster management example to use EKS capabilities by @iamahgoub in #946
• chore: regenerate CRDs to reflect new schema.metadata field by @a-hilaly in #977

New Contributors

• @AnshulPatil2005 made their first contribution in #901
• @birapjr made their first contribution in #899
• @PhantomInTheWire made their first contribution in #910
• @ricky9408 made their first contribution in #913
• @benzaidfoued made their first contribution in #919
• @skools-here made their first contribution in #923
• @hatofmonkeys made their first contribution in #925
• @Fsero made their first contribution in #938
• @kunalvirwal made their first contribution in #939
• @cirias made their first contribution in #940
• @shabbskagalwala made their first contribution in #951
• @shivansh-gohem made their first contribution in #949
• @cnvergence made their first contribution in #916

Full Changelog: v0.7.1...v0.8.0

v0.7.1

🔆 Highlights

Static Installation Manifests

KRO now publishes static installation manifests with each release, making it easier to install without Helm. Two variants are available: a standard manifest and one with Prometheus metrics enabled. (#820)

CEL Library Extensions

Added support for Kubernetes CEL library extensions including URLs and Regex functions, expanding the expressiveness of CEL expressions in ResourceGraphDefinitions. (#882)

Improved CEL AST Analysis

Rewrote the CEL AST inspector to use native CEL AST, improving analysis accuracy for complex expressions. (#884)

✨ Features

• feat(website): add custom syntax highlighting for kro code blocks (RGDs) by @a-hilaly in #887
• Support Kubernetes CEL library extensions (URLs and Regex) by @antcybersec in #882
• Publish static kro manifests on release by @tjamet in #820

🐛 Bugfixes

• fix: add app.kubernetes.io/managed-by label to child resources by @a-hilaly in #869
• Make schema.group field immutable by @a-hilaly in #870

📖 Documentation

• docs: cutoff 0.7.0 by @jakobmoellerdev in #865
• docs: update make command to install crds by @heylongdacoder in #867
• docs: major docs revamp and website redesign by @a-hilaly in #857
• docs: fix some docs about saas-multi-tenant examples by @kennygt51 in #876
• docs: add URLs and Regex to available CEL libraries by @antcybersec in #891
• chore: Add K8s examples to doc by @kennygt51 in #874
• Update FAQ5 in README to match the website FAQ content by @a-hilaly in #875
• Add docs-tests presubmit script by @a-hilaly in #888

🧪 Testing

• test: add unit tests for InstanceState by @kennygt51 in #872

🌱 Other

• chore(deps): bump node-forge from 1.3.1 to 1.3.2 in /website by @dependabot in #868
• chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /website by @dependabot in #879
• refactor(cel/ast): rewrite inspector to use native CEL AST and improve analysis accuracy by @jakobmoellerdev in #884
• Correct grammar in code base and examples by @majst01 in #881
• chore: small refactor of dynamic controller funcs by @jakobmoellerdev in #774

New Contributors

• @heylongdacoder made their first contribution in #867
• @antcybersec made their first contribution in #882
• @majst01 made their first contribution in #881

Full Changelog: v0.7.0...v0.7.1

v0.7.0

🔆 Highlights

External CRD References in CEL Expressions

KRO now supports referencing external Custom Resource Definitions in CEL expressions, enabling validation and type checking against CRDs that exist in your cluster but aren't defined within the ResourceGraphDefinition. This unlocks scenarios where your composed resources need to reference fields from external operators or platform CRDs, such as exposing an external CRD's metadata.generation in your instance status. (#840)

Improved CEL Expression Handling

Significant improvements to the CEL AST inspector for handling complex expressions. kro now properly processes struct literals, map expressions, list expressions (enabling patterns like "%s:%s".format([namespace, name])), and timestamp references. These fixes resolve validation failures and panics that occurred with advanced CEL patterns. (#849, #850, #853)

Standard Controller-Runtime Logging

Breaking Change: ⚠️ Adopted controller-runtime's standard logging flags, replacing the custom --log-level flag with --zap-log-level and related options. The default log level is now info instead of the previous overly-verbose level 10. Existing deployments using --log-level will need to migrate to --zap-log-level. JSON logging can be enabled with --zap-encoder=json. (#791)

Managed-By Labels for KRO Resources

All resources owned by KRO now include the app.kubernetes.io/managed-by label, following Kubernetes recommended labels conventions. This makes it easier to identify and query KRO-managed resources across your cluster. (#851)

✨ Features

• feat: allow CEL expressions to reference external CRDs by @a-buck in #840
• chore: add managedby label to kro owned resources by @michaelhtm in #851
• refactor: adopt controller-runtime standard logging flags by @bschaatsbergen in #791

🐛 Bugfixes

• fix: crd external ref metadata namespace - optional by @sk31337 in #847
• fix: allow properly referencing timestamp expressions by @jakobmoellerdev in #850
• fix: add list expression handling and format statement tests by @jakobmoellerdev in #849
• fix(cel): handle struct and map expressions in AST inspector by @a-hilaly in #853
• fix: prevent panic due to missing runtime by @jakobmoellerdev in #863
• fix: handle nil schemas in additional properties and add RGD reference test by @jakobmoellerdev in #864

📖 Documentation

• dogsvscat app example commit by @7navyasa in #765
• docs: add SaaS Multi-Tenant examples by @kennygt51 in #808
• docs: add examples for Secret use-case with base64 decoding by @sk31337 in #846
• feat(website): add Mermaid diagram support to Docusaurus by @kennygt51 in #838

🌱 Other

• chore(deps): bump js-yaml from 3.14.1 to 3.14.2 in /website by @dependabot in #830
• chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 in /tools/lsp/server by @dependabot in #837
• chore: remove stale GHA workflow by @bschaatsbergen in #854
• chore: remove unused validation by @bschaatsbergen in #855

New Contributors

• @sk31337 made their first contribution in #847

Full Changelog: v0.6.3...v0.7.0

v0.6.3

🔆 Highlights

Fixed several regressions in static type analysis introduced in v0.6.0, including: restoring support for struct-to-map and map-to-struct assignments, allowing optional fields without requiring .orValue() when zero values are acceptable, correcting additional properties type handling from map-any to dyn, and re-enabling assignments to structs defined with x-kubernetes-preserve-unknown-fields. (#833)

What's Changed

• fix: various fixes on static type analysis in our structural type checking by @jakobmoellerdev in #833

Full Changelog: v0.6.2...v0.6.3

v0.6.2

🔆 Highlights

Improved Unknown Fields Handling

Enhanced support for schemas with x-kubernetes-preserve-unknown-fields by migrating to a more lenient type provider implementation. KRO now properly handles CRDs that allow unknown properties without breaking validation. This makes KRO more accurante in enforcing field validation, improving compatibility with dynamic schemas. (#823)

Structural Type Compatibility for CEL Validation

Resolved false positive type errors in CEL expression validation by implementing structural type compatibility checking. Previously, CEL's nominal type checking would reject structurally identical types with different names (e.g pod.spec.containers vs deployment.spec.template.spec.containers), causing validation failures even when the underlying structures matched perfectly. The new implementation performs deep structural comparison, enabling cross resource references like copying entire structs between resources (#813)

CRD Adoption for Recreated RGDs

Removed the RGD owner ID check that prevented ResourceGraphDefinitions from adopting CRDs after being deleted and recreated. When an RGD with the same name is recreated, it can now properly adopt the CRD left behind by the previous instance, with appropriate logging when ownership changes occur. (#826)

✨ Features

• fix: remove RGD owner ID check to allow RGDs to adopt their CRD by @michaelhtm in #826

🐛 Bugfixes

• fix: loosen up static type checker unknown field handling by @jakobmoellerdev in #823
• fix: Add structural type compatibility checking for CEL validation by @a-hilaly in #813

🌱 Other

• perf: optimize isKROReservedWord function by @kennygt51 in #829
• chore: add lint script for Prow job by @bschaatsbergen in #815
• chore: remove golangci-lint workflow by @bschaatsbergen in #817
• Delete unused kustomize configuration by @tjamet in #819

Full Changelog: v0.6.1...v0.6.2