diff --git a/README.md b/README.md index 97c2680a..3641e239 100644 --- a/README.md +++ b/README.md @@ -55,5 +55,5 @@ This project is licensed under the Apache-2.0 License. [getting-started]: https://www.gateway-api-controller.eks.aws.dev/guides/getstarted/ [spec]: https://www.gateway-api-controller.eks.aws.dev/api-reference/ [concepts]: https://www.gateway-api-controller.eks.aws.dev/concepts/ -[gh_release]: https://github.com/aws/aws-application-networking-k8s/releases/tag/v1.0.3 +[gh_release]: https://github.com/aws/aws-application-networking-k8s/releases/tag/v1.0.4 [godoc]: https://www.gateway-api-controller.eks.aws.dev/ diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 9b968479..85977aff 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ configMapGenerator: images: - name: controller newName: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller - newTag: v1.0.3 + newTag: v1.0.4 diff --git a/docs/guides/deploy.md b/docs/guides/deploy.md index 355b9bcc..b608d608 100644 --- a/docs/guides/deploy.md +++ b/docs/guides/deploy.md @@ -159,7 +159,7 @@ Alternatively, you can manually provide configuration variables when installing 1. Run either `kubectl` or `helm` to deploy the controller. Check [Environment Variables](../guides/environment.md) for detailed explanation of each configuration option. ```bash - kubectl apply -f examples/deploy-v1.0.3.yaml + kubectl apply -f examples/deploy-v1.0.4.yaml ``` or ```bash @@ -168,7 +168,7 @@ Alternatively, you can manually provide configuration variables when installing # Run helm with either install or upgrade helm install gateway-api-controller \ oci://public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller-chart\ - --version=v1.0.3 \ + --version=v1.0.4 \ --set=serviceAccount.create=false --namespace aws-application-networking-system \ # use "debug" for debug level logs --set=log.level=info \ diff --git a/examples/deploy-v0.0.18.yaml b/examples/deploy-v1.0.4.yaml similarity index 99% rename from examples/deploy-v0.0.18.yaml rename to examples/deploy-v1.0.4.yaml index f48bf42a..046ef24e 100644 --- a/examples/deploy-v0.0.18.yaml +++ b/examples/deploy-v1.0.4.yaml @@ -7022,7 +7022,14 @@ spec: - targetRef type: object status: - description: TargetGroupPolicyStatus defines the observed state of TargetGroupPolicy. + default: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: NotReconciled + status: Unknown + type: Accepted + description: Status defines the current state of TargetGroupPolicy. properties: conditions: default: @@ -7036,12 +7043,12 @@ spec: reason: Pending status: Unknown type: Programmed - description: "Conditions describe the current conditions of the TargetGroupPolicy. + description: "Conditions describe the current conditions of the TargetGroup. \n Implementations should prefer to express Policy conditions using the `PolicyConditionType` and `PolicyConditionReason` constants so that operators and tools can converge on a common vocabulary - to describe TargetGroupPolicy state. \n Known condition types are: - \n * \"Accepted\" * \"Ready\"" + to describe TargetGroup state. \n Known condition types are: \n + * \"Accepted\" * \"Ready\"" items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct @@ -7119,7 +7126,8 @@ spec: type: object served: true storage: true - subresources: {} + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -7165,11 +7173,8 @@ spec: properties: associateWithVpc: description: "AssociateWithVpc indicates whether the VpcServiceNetworkAssociation - should be created for the current VPC of k8s cluster. \n Both this - flag and Gateway annotation \"application-networking.k8s.aws/lattice-vpc-association\" - are reserved tentatively for backward compatibility. Either one - of them set to true or both of them undefined will result in the - VpcServiceNetworkAssociation created." + should be created for the current VPC of k8s cluster. \n This value + will be considered true by default." type: boolean securityGroupIds: description: "SecurityGroupIds defines the security groups enforced @@ -7223,7 +7228,7 @@ spec: type: object status: description: VpcAssociationPolicyStatus defines the observed state of - AccessLogPolicy. + VpcAssociationPolicy. properties: conditions: default: @@ -7232,17 +7237,12 @@ spec: reason: Pending status: Unknown type: Accepted - - lastTransitionTime: "1970-01-01T00:00:00Z" - message: Waiting for controller - reason: Pending - status: Unknown - type: Programmed - description: "Conditions describe the current conditions of the AccessLogPolicy. + description: "Conditions describe the current conditions of the VpcAssociationPolicy. \n Implementations should prefer to express Policy conditions using the `PolicyConditionType` and `PolicyConditionReason` constants so that operators and tools can converge on a common vocabulary - to describe AccessLogPolicy state. \n Known condition types are: - \n * \"Accepted\" * \"Ready\"" + to describe VpcAssociationPolicy state. \n Known condition types + are: \n * \"Accepted\"" items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct @@ -7320,7 +7320,8 @@ spec: type: object served: true storage: true - subresources: {} + subresources: + status: {} --- apiVersion: v1 kind: ServiceAccount @@ -7361,6 +7362,26 @@ rules: - get - patch - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices/status + verbs: + - get + - patch + - update - apiGroups: - "" resources: @@ -7623,6 +7644,14 @@ rules: - targetgrouppolicies/finalizers verbs: - update +- apiGroups: + - application-networking.k8s.aws + resources: + - targetgrouppolicies/status + verbs: + - get + - patch + - update - apiGroups: - application-networking.k8s.aws resources: @@ -7641,6 +7670,14 @@ rules: - vpcassociationpolicies/finalizers verbs: - update +- apiGroups: + - application-networking.k8s.aws + resources: + - vpcassociationpolicies/status + verbs: + - get + - patch + - update - apiGroups: - application-networking.k8s.aws resources: @@ -7767,6 +7804,16 @@ metadata: name: manager-config --- apiVersion: v1 +data: + tls.crt: Cg== + tls.key: Cg== +kind: Secret +metadata: + name: webhook-cert + namespace: aws-application-networking-system +type: kubernetes.io/tls +--- +apiVersion: v1 kind: Service metadata: labels: @@ -7782,6 +7829,18 @@ spec: selector: control-plane: gateway-api-controller --- +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: aws-application-networking-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: gateway-api-controller +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -7790,7 +7849,7 @@ metadata: name: gateway-api-controller namespace: aws-application-networking-system spec: - replicas: 1 + replicas: 2 selector: matchLabels: control-plane: gateway-api-controller @@ -7819,7 +7878,10 @@ spec: - --leader-elect command: - /manager - image: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller:v0.0.18 + env: + - name: WEBHOOK_ENABLED + value: "" + image: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller:v1.0.4 livenessProbe: httpGet: path: /healthz @@ -7844,9 +7906,55 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/webhook-cert + name: webhook-cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: gateway-api-controller terminationGracePeriodSeconds: 10 + volumes: + - name: webhook-cert + secret: + defaultMode: 420 + secretName: webhook-cert +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: aws-appnet-gwc-mutating-webhook +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: aws-application-networking-system + path: /mutate-pod + failurePolicy: Fail + name: mpod.gwc.k8s.aws + namespaceSelector: + matchExpressions: + - key: application-networking.k8s.aws/pod-readiness-gate-inject + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: NotIn + values: + - gateway-api-controller + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 519dfaf6..51b2ae53 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: aws-gateway-controller-chart description: A Helm chart for the Gateway Controller for AWS VPC Lattice -version: v1.0.3 -appVersion: v1.0.3 +version: v1.0.4 +appVersion: v1.0.4 home: https://github.com/aws/aws-application-networking-k8s icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/values.yaml b/helm/values.yaml index bba9322e..a04ab6dc 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller - tag: v1.0.3 + tag: v1.0.4 pullPolicy: IfNotPresent pullSecrets: []