Releases: aws/aws-application-networking-k8s
Release v1.1.0
Breaking Changes
Gateway API GRPCRoute
version v1alpha2
removal
Release v1.1
of the AWS Gateway API Controller is built against Gateway API v1.2
. The controller is also compatible with Gateway API v1.1
but not with v1.0
.
- Upgrade to
v1.2
of gateway API (#680)
We strongly recommend backing up your configuration as this transition particularly affects GRPCRoute
in the following ways:
- The controller requires either Gateway API
v1.1
orv1.2
to be installed. - If using Gateway API
v1.1
, existingGRPCRoutes
onv1alpha2
will automatically update to v1 when the controller reconciles them. - Alternatively, you can manually update your
GRPCRoute
versions. - Kubernetes will reject new
GRPCRoute
objects created usingv1alpha2
.
If you are upgrading to Gateway API v1.2
, you will need to take additional steps because v1alpha2
is no longer a valid version for GRPCRoute
objects. For detailed instructions, refer to the v1.2
Gateway API release notes.
To ensure a streamlined Gateway API migration, follow the guide to upgrade the controller from v.1.0.x to v1.1.y
Document Improvements
- Document updates for Gateway API v1.2 CRDs (#683)
- Upgrading to Gateway API
v1.2
Full Change log: v1.0.7...v1.1.0
Release v1.0.7
Release v1.0.7 improves route reconciliation performance via configurable max workers for route controller instances. Also improves debugging by enabling correlation of log lines using unique reconciliation IDs. Finally, includes documentation improvements and Helm chart enhancements.
What's Changed
- Add Trace IDs and metadata to better correlate log lines for a single reconciliation (#648)
- Add DISABLE_TAGGING_SERVICE_API environment variable to helm chart (#655)
- Add
PodDisruptionBudget
andtopologySpreadConstraints
to helm chart (#651) - Add configurable max workers for route controller instances (#672)
Documentation Improvements
Full Change log: v1.0.6...v1.0.7
Log Lines
Example new log lines including trace ID, start with reconcile_start
and end with reconcile_end
:
2024-11-01T15:30:40.995-0700 INFO controller.route gwlog/metadata.go:76 reconcile_start {"type": "route", "name": "drift-5-nwppj20ozc", "namespace": "e2e-test", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:40.995-0700 INFO controller.route controllers/route_controller.go:275 Found aws-vpc-lattice for Route for drift-5-nwppj20ozc, e2e-test {"trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:40.995-0700 INFO controller.route controllers/route_controller.go:190 reconcile, deleting {"name": "drift-5-nwppj20ozc", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:40.995-0700 INFO controller.route gateway/model_build_lattice_service.go:140 No custom-domain-name for route drift-5-nwppj20ozc-e2e-test {"trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:41.495-0700 INFO controller.route lattice/service_manager.go:353 Success DeleteService svc-012345012345012345 {"trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:41.524-0700 INFO controller.route controllers/route_controller.go:202 reconciled {"name": "drift-5-nwppj20ozc", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:41.556-0700 INFO controller.route gwlog/metadata.go:82 reconcile_end {"type": "route", "name": "drift-5-nwppj20ozc", "namespace": "e2e-test", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
Release v1.0.6
This release introduces support for TLSRoute, allowing users to set up TLS passthrough network connectivity.
What's Changed
- Added support for clusters running in private VPCs (#627)
- Added support for TLSRoute and TLS passthrough, please check the user guide for more it's details. (#634)
- Added TLSRoute and TLS passthrough document (#650)
NOTICE
The release v1.0.6 introduced a new TLSRoute CRD, it is already included the controller v1.0.6 helm chart. If you do not use the helm install
to install the v1.0.6 controller, please make sure to manually install the TLSRoute CRD in your k8s cluster.
Full Change log: v1.0.5...v1.0.6
Release v1.0.5
Release v1.0.5 adds logic to conditionally inject the pod readiness gates and adde support for attaching TargetGroupPolicy to ServiceExport objects.
What's Changed
- Added logic to conditionally inject pod readiness gates (#629)
- Added support for attaching Target Group policies to ServiceExport objects (#622)
Document Improvements
- Reorganized and refactored documentations (#630)
Full Change log: v1.0.4...v1.0.5
Release v1.0.4
Release v1.0.4 includes integration with the pod readiness gate to enable zero downtime rolling deployments.
What's Changed
- Fixed incorrect ipv6 cluster create command example in docs #599
- Integrated pod readiness gates to prevent sending traffic to pods before they are ready, enabling zero downtime deployments, please check the pod-readiness-gates.md doc for more detail #606, #607
- Listened to EndpointSlice events to track pod readiness status #604
- Fixed the bug when getting tags fails for a service network association. Now logs and skips deletion instead of failing #600
Full Change log: v1.0.3...v1.0.4
Release v1.0.3
Release v1.0.3 fixes the issue of not being able to find the foreign cluster’s serviceImport, and introduces the lattice target group global garbage collector to improve the controller performance.
What's Changed
- Fixed permission denied error handling for service network tags #588
- Fixed backendref serviceImport target group discovery logic #587
- e2e test stability improvement #581
- Added lattice target group garbage collector #580
- Added cross-account(RAM share) e2e Tests + conflicted gateway status #578
- Deleted the configmap in the helm chart, helm templates/deployment.yaml directly read value from values.yaml #575
- Added missing controller permissions in recommended-inline-policy.json #574
Full Change log: v1.0.2...v1.0.3
Release v1.0.2
Release includes improved status updates for HTTP/gRPC routes and CRD policies, bug fix for shared Service Networks with RAM, and documentation updates.
What's Changed
- Added a new recommended multi-cluster architecture documents #533
- Improved presubmit workflow and add docs guide #545
- Added service export/import documents #551
- Bug fix for failing to associate Resource Access Manager(RAM) shared Service network: #566
- Added generic policy handler, refactoring IAMAuthPolicy, TargetGroupPolicy, VpcAssociationPolicy #547
- Update validations and status on route reconciler #563
- Added missing permissions in recommended-inline-policy.json #548 #574
Full Change log: v1.0.1...v1.0.2
Release v1.0.1
Release v1.0.0
What's Changed
On behalf of the entire AWS Gateway API Controller team, we are pleased to announce the GA release of the AWS Gateway API Controller v1.0.0. A big thank you to all the contributors that made this release possible.
This release completes the VPC Lattice resource ownership changes by removing the Service Network conflict which enables advanced multi-cluster setups. We also added support for the recent GA release of the Gateway API v1 CRDs.
Highlights
- Detached Gateway from VPC Lattice service network, removing service network conflict (#480, #504)
- Added
DEFAULT_SERVICE_NETWORK
environment variable that will automatically create a service network and its VPC association at the controller startup (#502) - Updated RouteRules to return 404 status code for invalid backendRefs (#497)
- Added handling of resource status for TargetGroupPolicy (#509)
- Updated controller dependencies to [email protected] / [email protected] (#503)
Breaking Changes
IAM Policies
- The required IAM policies have changed -
tag:GetResources
policy is now required for running the controller. Please update your existing service account with the new policy provided inexamples/recommended-inline-policy.json
.
Gateway/VPCAssociationPolicy
- Creating a Gateway no longer creates a service network and its VPC association. Please refer to the documentation for more details. Existing service networks and their associations will not be deleted.
- Deprecated Gateway’s
application-networking.k8s.aws/lattice-vpc-association
annotation. Instead, use VPCAssociationPolicy CRD to configure an association. - Added ownership concept to VPCAssociationPolicy. It will no longer delete VPC associations that are not owned by the controller.
TargetGroupPolicy
- Updated the CRD. The new version of controller requires the updated version of TargetGroupPolicy CRD.
General Improvements
- Fixed e2e tests and examples to be compatible with Gateway API v1 CRDs (#515)
- Added TargetGroupPolicy controller for updating resource status (#509)
- Target group reconciliation performance improvements (#495, #501)
- IAMAuthPolicy E2E test improvements (#496)
- Target de-registration E2E test improvements (#491)
- General E2E test performance improvements (#510)
Documentation Improvements
- Updated deployment instructions (#511, #512, #516)
- Replaced API references to automatically generated docs from CRDs (#505, #507)
- Updated and reorganized documentation structure (#506, #513, #517, #521, #522)
- Added API references to Gateway, xRoute, Service, and IAMAuthPolicy (#492, #500, #514, #518)
Upgrade Instructions
- TargetGroupPolicy CRD is updated. This is bundled with
deploy-*.yaml
and Helm chart, but you can also find the CRD onconfig/crds/bases/application-networking.k8s.aws_targetgrouppolicies.yaml
. - If you are upgrading from versions older than v0.0.18, please also check v0.0.18 release notes for more feature updates and breaking changes.
Full Changelog: v0.0.18...v1.0.0
v0.0.18
What's Changed
New features:
- Added AccessLogPolicy CRD to configure VPC Lattice service network or service Access Log Subscriptions (#424 #430 #442 #437 #471, @xWink)
- Added IAMAuthPolicy CRD to configure VPC Lattice service network or service Auth Policies (#448 #443 #456 #458 #478 #481, @mikhail-aws)
General Improvement and Bug Fixes:
- [Breaking change] Replaced support for multicluster.x-k8s.io ServiceExport and ServiceImport with application-networking.k8s.aws ServiceExport and ServiceImport CRDs [#475, @xWink)
- [Breaking change] Changed Target Groups naming convention and used AWS tags instead of names to identify mapping between k8s services and Lattice target groups. This resolves target group naming conflicts (#457, @erikfuller)
- Added the ownership concept for VPC Lattice services to prevent conflicting routes across clusters by tagging services with identifying information (name, namespace, routeType) and ignoring changes to non-owned services. The first created route takes effect, changes to conflicting routes are ignored. (#466), @solmonk)
- Added managedBy AWS tag to all controller managed VPC Lattice resources (#428, @mikhail-aws)
- Added e2e test for Target Group Policy CRD (#434, @scottlaiaws)
- Removed the controller's hard coded 100 Lattice Targets limit. We can now support the full VPC Lattice Target soft limit. (#470, @zijun726911 )
- Added ability to pass
LATTICE_ENDPOINT
andCLUSTER_NAME
env variable for helm chart [#446 #436, @xWink @zijun726911 )
V0.0.18 Controller Upgrade Instructions
Users of the old multicluster.x-k8s.io ServiceExport and ServiceImport need to migrate to the application-networking.k8s.aws ServiceExport and ServiceImport with the following steps:
- Install the new CRDs
- kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceexports.yaml
- kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceimports.yaml
- Replace the apiVersion of all ServiceExport or ServiceImport resources from multicluster.x-k8s.io/v1alpha1 to application-networking.k8s.aws/v1alpha1. Example files of ServiceExport and ServiceImport include:
- examples/elasticsearch-export.yaml
- examples/elasticsearch-import.yaml
The target group naming convention has changed in Controller version 0.0.18. For any existing Kubernetes Service and ServiceExport resources in the cluster with corresponding target groups, the controller upgrade will create new target groups using the new naming convention.
Users need to manually delete old target groups that use the previous naming convention.
- Old target group naming convention:
k8s-<namespace>-<route name>-<protocol>-<protocol version>
- New target group naming convention:
k8s-<namespace>-<route name>-<random suffix>