Skip to content

Latest commit

 

History

History
849 lines (705 loc) · 44 KB

CHANGELOG.md

File metadata and controls

849 lines (705 loc) · 44 KB

Changelog

Table of Contents

Unreleased

Changed

  • KonnectExtension does not require spec.serverHostname to be set by a user anymore - default is set to konghq.com. #947

Fixes

  • Fix DataPlanes with KonnectExtension and BlueGreen settings. Both the Live and preview deployments are now customized with Konnect-related settings. #910

Release date: 2024-11-28

Fixes

  • Fix setting the ServiceAccountName for DataPlane's Deployment. #897
  • Fixed setting ExternalTrafficPolicy on DataPlane's ingress Service when the requested value is empty. #898
  • Set 0 members on KonnectGatewayControlPlane which type is set to group. #896
  • Fixed a panic in KonnectAPIAuthConfigurationReconciler occuring when nil response was returned by Konnect API when fetching the organization information. #901
  • Bump sdk-konnect-go version to 0.1.10 to fix handling global API endpoints. #894

Release date: 2024-10-31

Added

  • Proper User-Agent header is now set on outgoing HTTP requests. #387
  • Introduce KongPluginInstallation CRD to allow installing custom Kong plugins distributed as container images. #400, #424, #474, #560, #615, #476
  • Extended DataPlane API with a possibility to specify PodDisruptionBudget to be created for the DataPlane deployments via spec.resources.podDisruptionBudget. #464
  • Add KonnectAPIAuthConfiguration reconciler. #456
  • Add support for Konnect tokens in Secrets in KonnectAPIAuthConfiguration reconciler. #459
  • Add KonnectControlPlane reconciler. #462
  • Add KongService reconciler for Konnect control planes. #470
  • Add KongUpstream reconciler for Konnect control planes. #593
  • Add KongConsumer reconciler for Konnect control planes. #493
  • Add KongRoute reconciler for Konnect control planes. #506
  • Add KongConsumerGroup reconciler for Konnect control planes. #510
  • Add KongCACertificate reconciler for Konnect CA certificates. #626
  • Add KongCertificate reconciler for Konnect Certificates. #643
  • Added command line flags to configure the certificate generator job's images. #516
  • Add KongPluginBinding reconciler for Konnect Plugins. #513, #535
  • Add KongTarget reconciler for Konnect Targets. #627
  • Add KongVault reconciler for Konnect Vaults. #597
  • Add KongKey reconciler for Konnect Keys. #646
  • Add KongKeySet reconciler for Konnect KeySets. #657
  • Add KongDataPlaneClientCertificate reconciler for Konnect DataPlaneClientCertificates. #694
  • The KonnectExtension CRD has been introduced. Such a CRD can be attached to a DataPlane via the extensions field to have a konnect-flavored DataPlane. #453, #578, #736
  • Entities created in Konnect are now labeled (or tagged for those that does not support labels) with origin Kubernetes object's metadata: k8s-name, k8s-namespace, k8s-uid, k8s-generation, k8s-kind, k8s-group, k8s-version. #565
  • Add KongService, KongRoute, KongConsumer, and KongConsumerGroup watchers in the KongPluginBinding reconciler. #571
  • Annotating the following resource with the konghq.com/plugins annotation results in the creation of a managed KongPluginBinding resource:
    • KongService #550
    • KongRoute #644
    • KongConsumer #676
    • KongConsumerGroup #684 These KongPluginBindings are taken by the KongPluginBinding reconciler to create the corresponding plugin objects in Konnect.
  • KongConsumer associated with ConsumerGroups is now reconciled in Konnect by removing/adding the consumer from/to the consumer groups. #592
  • Add support for KongConsumer credentials:
  • Add support for KongRoutes bound directly to KonnectGatewayControlPlanes (serviceless rotues). #669
  • Allow setting KonnectGatewayControlPlanes group membership #697
  • Apply Konnect-related customizations to DataPlanes that properly reference KonnectExtension resources. #714
  • The KonnectExtension functionality is enabled only when the --enable-controller-konnect flag or the GATEWAY_OPERATOR_ENABLE_CONTROLLER_KONNECT env var is set. #738

Fixed

  • Fixed ControlPlane cluster wide resources not migrating to new ownership labels (introduced in 1.3.0) when upgrading the operator form 1.2 (or older) to 1.3.0. #369
  • Requeue instead of reporting an error when a finalizer removal yields a conflict. #454
  • Requeue instead of reporting an error when a GatewayClass status update yields a conflict. #612
  • Guard object counters with checks whether CRDs for them exist #710
  • Do not reconcile Gateways nor assign any finalizers when the referred GatewayClass is not supported. #711
  • Fixed setting ExternalTrafficPolicy on DataPlane's ingress Service during update and patch operations. #750
  • Fixed setting ExternalTrafficPolicy on DataPlane's ingress Service. Remove the default value (Cluster). Prevent setting this field for ClusterIP Services. #812

Changes

  • Default version of ControlPlane is bumped to 3.3.1 #580
  • Default version of DataPlane is bumped to 3.8.0 #572
  • Gateway API has been bumped to v1.2.0 #674

Release date: 2024-06-24

Added

  • Add ExternalTrafficPolicy to DataPlane's ServiceOptions #241

Breaking Changes

  • Changes project layout to match kubebuilder v4. Some import paths (due to dir renames) have changed apis -> api and controllers -> controller. #84

Changes

  • Gateway do not have their Ready status condition set anymore. This aligns with Gateway API and its conformance test suite. #246
  • Gateways' listeners now have their attachedRoutes count filled in in status. #251
  • Detect when ControlPlane has its admission webhook disabled via CONTROLLER_ADMISSION_WEBHOOK_LISTEN environment variable and ensure that relevant webhook resources are not created/deleted. #326
  • The OwnerReferences on cluster-wide resources to indicate their owner are now replaced by a proper set of labels to identify kind, namespace, and name of the owning object. #259
  • Default version of ControlPlane is bumped to 3.2.0 #327

Fixes

  • Fix enforcing up to date ControlPlane's ValidatingWebhookConfiguration #225

Fixes

Release date: 2024-04-23

  • Fixes an issue where managed Gateways controller wasn't able to reduce the created DataPlane objects when too many have been created. #43
  • Gateway controller will no longer set DataPlane deployment's replicas to default value when DataPlaneOptions in GatewayConfiguration define scaling strategy. This effectively allows users to use DataPlane horizontal autoscaling with GatewayConfiguration as the generated DataPlane deployment will no longer be rejected. #79
  • Make creating a DataPlane index conditional based on enabling the ControlPlane controller. This allows running KGO without ControlPlane CRD with its controller disabled. #103

Release date: 2024-04-23

NOTE: Retracted

v1.2.2 was retracted due to a misplaced git tag. Due to golang proxy caching modules indefinitely we needed to retract this version. v1.2.3 contains all the changes that v1.2.2 intended to contain.

Release date: 2024-03-19

Fixes

  • Fixed an issue where operator wasn't able to update ControlPlane ClusterRole or ClusterRoleBinding when they got out of date. #11

Changes

  • KGO now uses GATEWAY_OPERATOR_ prefix for all flags, including the zap related logging flags. This means that the following can now be set:

    • -zap-devel (env: GATEWAY_OPERATOR_ZAP_DEVEL)
    • -zap-encoder (env: GATEWAY_OPERATOR_ZAP_ENCODER)
    • -zap-log-level (env: GATEWAY_OPERATOR_ZAP_LOG_LEVEL)
    • -zap-stacktrace-level (env: GATEWAY_OPERATOR_ZAP_STACKTRACE_LEVEL)
    • -zap-time-encoding (env: GATEWAY_OPERATOR_ZAP_TIME_ENCODING)

    For more details about those please consult zap.Options pkg.go.dev

Release date: 2024-03-15

Highlights

  • 🎓 The Managed Gateways feature is now GA.
  • 🎓 ControlPlane and GatewayConfig APIs have been promoted to v1beta1.
  • DataPlanes managed by Gateways can be now scaled horizontally through the GatewayConfiguration API.
  • Gateway listeners are dynamically mapped to the DataPlane proxy service ports.
  • 🧠 The new feature AIGateway has been released in alpha stage.

Added

  • Added support for specifying command line flags through environment variables having the GATEWAY_OPERATOR_ prefix. For example, you can specify the value of flag --controller-name through the environment variable GATEWAY_OPERATOR_CONTROLLER_NAME. Kong/gateway-operator-archive#1616
  • Add horizontal autoscaling for DataPlanes using its scaling.horizontal spec field. Kong/gateway-operator-archive#1281
  • ControlPlanes now use Gateway Discovery by default, with Service DNS Strategy. Additionally, the DataPlane readiness probe has been changed to /status/ready when the DataPlane is managed by a Gateway. Kong/gateway-operator-archive#1261
  • Gateways and Listeners Accepted and Conflicted conditions are now set and enforced based on the Gateway API specifications. Kong/gateway-operator-archive#1398
  • ControlPlane ClusterRoles and ClusterRoleBindings are enforced and kept up to date by the ControlPlane controller. Kong/gateway-operator-archive#1259
  • The Gateway listeners are now dynamically mapped to DataPlane ingress service ports. This means that the change of a Gateway spec leads to a DataPlane reconfiguration, along with an ingress service update. Kong/gateway-operator-archive#1363
  • --enable-controller-gateway and --enable-controller-controlplane command line flags are set to true by default to enable controllers for Gateways and ControlPlanes. Kong/gateway-operator-archive#1519
  • When the Gateway controller provisions a ControlPlane, it sets the CONTROLLER_GATEWAY_TO_RECONCILE env variable to let the ControlPlane reconcile that specific Gateway only. Kong/gateway-operator-archive#1529
  • ControlPlane is now deployed with a validating webhook server turned on. This involves creating ValidatingWebhookConfiguration, a Service that exposes the webhook and a Secret that holds a TLS certificate. The Secret is mounted in the ControlPlane's Pod for the webhook server to use it. Kong/gateway-operator-archive#1539 Kong/gateway-operator-archive#1545
  • Added konnectCertificate field to the DataPlane resource. Kong/gateway-operator-archive#1517
  • Added v1alpha1.AIGateway as an experimental API. This can be enabled by manually deploying the AIGateway CRD and enabling the feature on the controller manager with the --enable-controller-aigateway flag. Kong/gateway-operator-archive#1399 Kong/gateway-operator-archive#1542
  • Added validation on checking if ports in KONG_PORT_MAPS and KONG_PROXY_LISTEN environment variables of deployment options in DataPlane match the ports in the ingress service options of the DataPlane. Kong/gateway-operator-archive#1521

Changes

Fixes

  • Fixed a problem where the operator would not set the defaults to PodTemplateSpec patch and because of that it would detect a change and try to reconcile the owned resource where in fact the change was not there. One of the symptoms of this bug could have been a StartupProbe set in PodSpec preventing the DataPlane from getting correct status information. Kong/gateway-operator-archive#1224
  • If the Gateway controller is enabled, DataPlane and ControlPlane controllers get enabled as well. Kong/gateway-operator-archive#1242
  • Fix applying the PodTemplateSpec patch so that it's not applied when the calculated patch (resulting from the generated manifest and current in-cluster state) is empty. One of the symptoms of this bug was that when users tried to apply a ReadinessProbe which specified a port name instead of a number (which is what's generated by the operator) it would never reconcile and the status conditions would never get up to date ObservedGeneration. Kong/gateway-operator-archive#1238
  • Fix manager RBAC permissions which prevented the operator from being able to create ControlPlane's ClusterRoles, list pods or list EndpointSlices. Kong/gateway-operator-archive#1255
  • DataPlanes with BlueGreen rollout strategy enabled will now have its Ready status condition updated to reflect "live" Deployment and Services status. Kong/gateway-operator-archive#1308
  • The ControlPlane election-id has been changed so that every ControlPlane has its own election-id, based on the ControlPlane name. This prevents pods belonging to different ControlPlanes from competing for the same lease. Kong/gateway-operator-archive#1349
  • Fill in the defaults for env and volumes when comparing the in-cluster spec with the generated spec. Kong/gateway-operator-archive#1446
  • Do not flap DataPlane's Ready status condition when e.g. ingress Service can't get an address assigned and spec.network.services.ingress.annotations` is non-empty. Kong/gateway-operator-archive#1447
  • Update or recreate a ClusterRoleBinding for control planes if the existing one does not contain the ServiceAccount used by ControlPlane, or ClusterRole is changed. Kong/gateway-operator-archive#1501
  • Retry reconciling Gateways when provisioning owned DataPlane fails. Kong/gateway-operator-archive#1553

Release date: 2023-11-20

Added

Changes

Fixes

Release date: 2023-11-06

Fixes

Added

  • Setting spec.deployment.podTemplateSpec.spec.volumes and spec.deployment.podTemplateSpec.spec.containers[*].volumeMounts on ControlPlanes is now allowed. Kong/gateway-operator-archive#1175

Release date: 2023-10-18

Fixes

  • Bump dependencies

Release date: 2023-10-02

Fixes

Changes

Release date: 2023-09-26

Changes

  • Operator managed subresources are now labelled with gateway-operator.konghq.com/managed-by additionally to the old konghq.com/gateway-operator label. The value associated with this label stays the same and it still indicates the type of a resource that owns the subresrouce. The old label should not be used as it will be deleted in the future. Kong/gateway-operator-archive#1098
  • Enable DataPlane Blue Green rollouts controller by default. Kong/gateway-operator-archive#1106

Fixes

  • Fixes handling Volumes and VolumeMounts when customizing through DataPlane's spec.deployment.podTemplateSpec.spec.containers[*].volumeMounts and/or spec.deployment.podTemplateSpec.spec.volumes. Sample manifests are updated accordingly. Kong/gateway-operator-archive#1095

Release date: 2023-09-13

Added

  • Added gateway-operator.konghq.com/service-selector-override as the dataplane annotation to override the default Selector of both the admin and proxy services. Kong/gateway-operator-archive#921
  • Added deploying of preview Admin API service when Blue Green rollout strategy is enabled for DataPlanes. DataPlane's status.rollout.service is updated accordingly. Kong/gateway-operator-archive#931
  • Added gateway-operator.konghq.com/promote-when-ready DataPlane annotation to allow users to signal the operator should proceed with promoting the new resources when BreakBeforePromotion promotion strategy is used. Kong/gateway-operator-archive#938
  • Added deploying of preview Deployment when Blue Green rollout strategy is enabled for DataPlanes. Kong/gateway-operator-archive#930
  • Added appropriate label selectors to DataPlanes with enabled Blue Green rollout strategy. Now Admin Service and DataPlane Deployments correctly select their Pods. Added DataPlane's status.selector and status.rollout.deployment.selector fields. Kong/gateway-operator-archive#951
  • Added setting rollout status with RolledOut condition Kong/gateway-operator-archive#960
  • Added deploying of preview ingress service for Blue Green rollout strategy. Kong/gateway-operator-archive#956
  • Implemented an actual promotion of a preview deployment to live state when BlueGreen rollout strategy is used. Kong/gateway-operator-archive#966
  • Added PromotionFailed condition which is set on DataPlanes with Blue Green rollout strategy when promotion related activities (like updating DataPlane service selector) fail. Kong/gateway-operator-archive#1005
  • Added spec.deployment.rollout.strategy.blueGreen.resources.plan.deployment which controls how operator manages DataPlane Deployment's during and after a rollout. This can currently take 1 value:
    • ScaleDownOnPromotionScaleUpOnRollout which will scale down the DataPlane preview deployment to 0 replicas before a rollout is triggered via a spec change. Kong/gateway-operator-archive#1000
  • Added admission webhook validation on of DataPlane spec updates when the Blue Green promotion is in progress. Kong/gateway-operator-archive#1051
  • Added gateway-operator.konghq.com/wait-for-owner finalizer to all dependent resources owned by DataPlane to prevent them from being mistakenly deleted. Kong/gateway-operator-archive#1052

Fixes

  • Fixes setting status.ready and status.conditions on the DataPlane when it's waiting for an address to be assigned to its LoadBalancer Ingress Service. Kong/gateway-operator-archive#942
  • Correctly set the observedGeneration on DataPlane and ControlPlane status conditions. Kong/gateway-operator-archive#944
  • Added annotation gateway-operator.konghq.com/last-applied-annotations to resources (e.g, Ingress Servicess) owned by DataPlanes to store last applied annotations to the owned resource. If an annotation is present in the gateway-operator.konghq.com/last-applied-annotations annotation of an ingress Service but not present in the current specification of ingress Service annotations of the owning DataPlane, the annotation will be removed in the ingress Service. Kong/gateway-operator-archive#936
  • Correctly set the Ready condition in DataPlane status field during Blue Green promotion. The DataPlane is considered ready whenever it has its Deployment's AvailableReplicas equal to desired number of replicas (as per spec.replicas) and its Service has an IP assigned if it's of type LoadBalancer. Kong/gateway-operator-archive#986
  • Properly handles missing CRD during controller startup. Now whenever a CRD is missing during startup a clean log entry will be printed to inform a user why the controller was disabled. Additionally a check for discovery.ErrGroupDiscoveryFailed was added during CRD lookup. Kong/gateway-operator-archive#1059

Changes

  • Default the leader election namespace to controller namespace (POD_NAMESPACE env) instead of hardcoded "kong-system" Kong/gateway-operator-archive#927
  • Renamed DataPlane proxy service name and label to ingress Kong/gateway-operator-archive#971
  • Removed DataPlane status.ready as it couldn't be used reliably to represent DataPlane's status. Users should now use status.conditions's Ready condition and compare its observedGeneration with DataPlane metadata.generation to get an accurate representation of DataPlane's readiness. Kong/gateway-operator-archive#989
  • Disable ControlPlane and Gateway controllers by default. Users who want to enable those can use the command line flags:
    • -enable-controller-controlplane and
    • -enable-controller-gateway At this time, the Gateway API and ControlPlane resources that these flags are considered a feature preview, and are not supported. Use these only in non-production scenarios until these features are graduated to GA. Kong/gateway-operator-archive#1026
  • Bump ControlPlane default version to v2.11.1 and remove support for older versions. To satisfy this change, use Programmed condition instead of Ready in Gateway Listeners status conditions to make ControlPlane be able to attach routes to those listeners. This stems from the fact that KIC v2.11 bumped support for Gateway API to v0.7.1. Kong/gateway-operator-archive#1041
  • Bump Gateway API to v0.7.1. Kong/gateway-operator-archive#1047
  • Operator doesn't change the DataPlane resource anymore by filling it with Kong Gateway environment variables. Instead this is now happening on the fly so the DataPlane resources applied by users stay as submitted. Kong/gateway-operator-archive#1034
  • Don't use Provisioned status condition type on DataPlanes. From now on DataPlanes are only expressing their status through Ready status condtion. Kong/gateway-operator-archive#1043
  • Bump default DataPlane image to 3.4 Kong/gateway-operator-archive#1067
  • When rollout strategy is removed from a DataPlane spec, preview subresources are removed. Kong/gateway-operator-archive#1066

Release date: 2023-07-20

Added

Changes

WARN: Breaking changes included

  • Renamed Services options in DataPlaneOptions to Network options, which now includes IngressService as one of the sub-attributes. This is a breaking change which requires some renaming and reworking of struct attribute access. Kong/gateway-operator-archive#849
  • Bump Gateway API to v0.6.2 and enable Gateway API conformance testing. Kong/gateway-operator-archive#853
  • Add PodTemplateSpec to DeploymentOptions to allow applying strategic merge patcher on top of Pods generated by the operator. This is a breaking change which requires manual porting from Pods field to PodTemplateSpec. More info on strategic merge patch can be found in official Kubernetes docs at sig-api-machinery/strategic-merge-patch.md. Kong/gateway-operator-archive#862
  • Added v1beta1 version of the DataPlane API, which replaces the v1alpha1 version. The v1alpha1 version of the API has been removed entirely in favor of the new version to reduce maintenance costs. Kong/gateway-operator-archive#905

Fixes

  • Fixes setting Affinity when generating Deployments for DataPlanes ControlPlanes which caused 2 ReplicaSets to be created where the first one should already have the Affinity set making the update unnecessary. Kong/gateway-operator-archive#894

Release date: 2023-06-20

Added

  • Added AddressSourceType to DataPlane status Address Kong/gateway-operator-archive#798
  • Add pod Affinity field to PodOptions and support for both DataPlane and ControlPlane
  • Add Kong Gateway enterprise image - kong/kong-gateway - to the set of supported DataPlane images. Kong/gateway-operator-archive#749
  • Moved pod related options in DeploymentOptions to PodsOptions and added pod labels option. Kong/gateway-operator-archive#742
  • Added Volumes and VolumeMounts field in DeploymentOptions of DataPlane specs. Users can attach custom volumes and mount the volumes to proxy container of pods in Deployments of dataplanes. Note: Volumes and VolumeMounts are not supported for ControlPlane specs now. Kong/gateway-operator-archive#681
  • Added possibility to replicas on DataPlane deployments This allows users to define DataPlanes - without ControlPlane - to be horizontally scalable. Kong/gateway-operator-archive#737
  • Added possibility to specify DataPlane proxy service type Kong/gateway-operator-archive#739
  • Added possibility to specify resources through DataPlane and ControlPlane spec.deployment.resources Kong/gateway-operator-archive#712
  • The DataPlane spec has been updated with a new field related to the proxy service. By using such a field, it is possible to specify annotations to be set on the DataPlane proxy service. Kong/gateway-operator-archive#682

Changed

Fixes

Release date: 2022-01-25

Added

Release date: 2022-11-30

Maturity: ALPHA

Changed

Added

Fixes

Release date: 2022-10-26

Maturity: ALPHA

Added

  • Updated default Kong version to 3.0.0
  • Updated default Kubernetes Ingress Controller version to 2.7
  • Update DataPlane and ControlPlane Ready condition when underlying Deployment changes Ready condition Kong/gateway-operator-archive#451
  • Update DataPlane NetworkPolicy to match KONG_PROXY_LISTEN and KONG_ADMIN_LISTEN environment variables set in DataPlane Kong/gateway-operator-archive#473
  • Added Container image and version validation for ControlPlanes and DataPlanes. The operator now only supports the Kubernetes-ingress-controller (2.7) as the ControlPlane, and Kong (3.0) as the DataPlane. Kong/gateway-operator-archive#490
  • DataPlane resources get a new Status field: Addresses which will contain backing service addresses. Kong/gateway-operator-archive#483

Release date: 2022-09-24

Maturity: ALPHA

Added

  • HTTPRoute support was added. If version of control plane image is at least 2.6, the Gateway=true feature gate is enabled, so the control plane can pick up the HTTPRoute and configure it on data plane. Kong/gateway-operator-archive#302

Release date: 2022-09-15

Maturity: ALPHA

This is the initial release which includes basic functionality at an alpha level of maturity and includes some of the fundamental APIs needed to create gateways for ingress traffic.

Initial Features

Known issues

When deploying the gateway-operator through the bundle, there might be some leftovers from previous operator deployments in the cluster. The user needs to delete all the cluster-wide leftovers (clusterrole, clusterrolebinding, validatingWebhookConfiguration) before re-installing the operator through the bundle.