Skip to content

Releases: aws/aws-application-networking-k8s

Release v1.1.0

18 Dec 23:20
Compare
Choose a tag to compare

Breaking Changes

Gateway API GRPCRoute version v1alpha2 removal

Release v1.1 of the AWS Gateway API Controller is built against Gateway API v1.2. The controller is also compatible with Gateway API v1.1 but not with v1.0.

  • Upgrade to v1.2 of gateway API (#680)

We strongly recommend backing up your configuration as this transition particularly affects GRPCRoute in the following ways:

  • The controller requires either Gateway API v1.1 or v1.2 to be installed.
  • If using Gateway API v1.1, existing GRPCRoutes on v1alpha2 will automatically update to v1 when the controller reconciles them.
  • Alternatively, you can manually update your GRPCRoute versions.
  • Kubernetes will reject new GRPCRoute objects created using v1alpha2.

If you are upgrading to Gateway API v1.2, you will need to take additional steps because v1alpha2 is no longer a valid version for GRPCRoute objects. For detailed instructions, refer to the v1.2 Gateway API release notes.

To ensure a streamlined Gateway API migration, follow the guide to upgrade the controller from v.1.0.x to v1.1.y

Document Improvements

  • Document updates for Gateway API v1.2 CRDs (#683)
  • Upgrading to Gateway API v1.2

Full Change log: v1.0.7...v1.1.0

Release v1.0.7

05 Nov 23:51
Compare
Choose a tag to compare

Release v1.0.7 improves route reconciliation performance via configurable max workers for route controller instances. Also improves debugging by enabling correlation of log lines using unique reconciliation IDs. Finally, includes documentation improvements and Helm chart enhancements.

What's Changed

  • Add Trace IDs and metadata to better correlate log lines for a single reconciliation (#648)
  • Add DISABLE_TAGGING_SERVICE_API environment variable to helm chart (#655)
  • Add PodDisruptionBudget and topologySpreadConstraints to helm chart (#651)
  • Add configurable max workers for route controller instances (#672)

Documentation Improvements

  • Minor fixes for typos and version numbers (#654, #662, #664)

Full Change log: v1.0.6...v1.0.7

Log Lines

Example new log lines including trace ID, start with reconcile_start and end with reconcile_end:

2024-11-01T15:30:40.995-0700	INFO	controller.route	gwlog/metadata.go:76	reconcile_start	{"type": "route", "name": "drift-5-nwppj20ozc", "namespace": "e2e-test", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:40.995-0700	INFO	controller.route	controllers/route_controller.go:275	Found aws-vpc-lattice for Route for drift-5-nwppj20ozc, e2e-test	{"trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:40.995-0700	INFO	controller.route	controllers/route_controller.go:190	reconcile, deleting	{"name": "drift-5-nwppj20ozc", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:40.995-0700	INFO	controller.route	gateway/model_build_lattice_service.go:140	No custom-domain-name for route drift-5-nwppj20ozc-e2e-test	{"trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:41.495-0700	INFO	controller.route	lattice/service_manager.go:353	Success DeleteService svc-012345012345012345	{"trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:41.524-0700	INFO	controller.route	controllers/route_controller.go:202	reconciled	{"name": "drift-5-nwppj20ozc", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}
2024-11-01T15:30:41.556-0700	INFO	controller.route	gwlog/metadata.go:82	reconcile_end	{"type": "route", "name": "drift-5-nwppj20ozc", "namespace": "e2e-test", "trace_id": "1d3cb3c5-c8e1-4c2f-b313-4a19c6f85e6d"}

Release v1.0.6

14 Jun 23:18
Compare
Choose a tag to compare

This release introduces support for TLSRoute, allowing users to set up TLS passthrough network connectivity.

What's Changed

  • Added support for clusters running in private VPCs (#627)
  • Added support for TLSRoute and TLS passthrough, please check the user guide for more it's details. (#634)
  • Added TLSRoute and TLS passthrough document (#650)

NOTICE

The release v1.0.6 introduced a new TLSRoute CRD, it is already included the controller v1.0.6 helm chart. If you do not use the helm install to install the v1.0.6 controller, please make sure to manually install the TLSRoute CRD in your k8s cluster.

Full Change log: v1.0.5...v1.0.6

Release v1.0.5

09 May 17:54
Compare
Choose a tag to compare

Release v1.0.5 adds logic to conditionally inject the pod readiness gates and adde support for attaching TargetGroupPolicy to ServiceExport objects.

What's Changed

  • Added logic to conditionally inject pod readiness gates (#629)
  • Added support for attaching Target Group policies to ServiceExport objects (#622)

Document Improvements

  • Reorganized and refactored documentations (#630)

Full Change log: v1.0.4...v1.0.5

Release v1.0.4

27 Mar 18:16
Compare
Choose a tag to compare

Release v1.0.4 includes integration with the pod readiness gate to enable zero downtime rolling deployments.

What's Changed

  • Fixed incorrect ipv6 cluster create command example in docs #599
  • Integrated pod readiness gates to prevent sending traffic to pods before they are ready, enabling zero downtime deployments, please check the pod-readiness-gates.md doc for more detail #606, #607
  • Listened to EndpointSlice events to track pod readiness status #604
  • Fixed the bug when getting tags fails for a service network association. Now logs and skips deletion instead of failing #600

Full Change log: v1.0.3...v1.0.4

Release v1.0.3

19 Jan 19:48
Compare
Choose a tag to compare

Release v1.0.3 fixes the issue of not being able to find the foreign cluster’s serviceImport, and introduces the lattice target group global garbage collector to improve the controller performance.

What's Changed

  • Fixed permission denied error handling for service network tags #588
  • Fixed backendref serviceImport target group discovery logic #587
  • e2e test stability improvement #581
  • Added lattice target group garbage collector #580
  • Added cross-account(RAM share) e2e Tests + conflicted gateway status #578
  • Deleted the configmap in the helm chart, helm templates/deployment.yaml directly read value from values.yaml #575
  • Added missing controller permissions in recommended-inline-policy.json #574

Full Change log: v1.0.2...v1.0.3

Release v1.0.2

15 Dec 23:38
Compare
Choose a tag to compare

Release includes improved status updates for HTTP/gRPC routes and CRD policies, bug fix for shared Service Networks with RAM, and documentation updates.

What's Changed

  • Added a new recommended multi-cluster architecture documents #533
  • Improved presubmit workflow and add docs guide #545
  • Added service export/import documents #551
  • Bug fix for failing to associate Resource Access Manager(RAM) shared Service network: #566
  • Added generic policy handler, refactoring IAMAuthPolicy, TargetGroupPolicy, VpcAssociationPolicy #547
  • Update validations and status on route reconciler #563
  • Added missing permissions in recommended-inline-policy.json #548 #574

Full Change log: v1.0.1...v1.0.2

Release v1.0.1

22 Nov 00:49
Compare
Choose a tag to compare

This release fixes an issue on helm chart permission, and enables debug level logs to help troubleshooting.

What's Changed

  • Fixes helm chart issue with missing RBAC permission for VpcAssociationPolilcy and TargetGroupPolicy #532
  • Added LOG_LEVEL env variable and updated helm chart accordingly #534

Release v1.0.0

18 Nov 03:30
f69e34c
Compare
Choose a tag to compare

What's Changed

On behalf of the entire AWS Gateway API Controller team, we are pleased to announce the GA release of the AWS Gateway API Controller v1.0.0. A big thank you to all the contributors that made this release possible.

This release completes the VPC Lattice resource ownership changes by removing the Service Network conflict which enables advanced multi-cluster setups. We also added support for the recent GA release of the Gateway API v1 CRDs.

Highlights

  • Detached Gateway from VPC Lattice service network, removing service network conflict (#480, #504)
  • Added DEFAULT_SERVICE_NETWORK environment variable that will automatically create a service network and its VPC association at the controller startup (#502)
  • Updated RouteRules to return 404 status code for invalid backendRefs (#497)
  • Added handling of resource status for TargetGroupPolicy (#509)
  • Updated controller dependencies to [email protected] / [email protected] (#503)

Breaking Changes

IAM Policies

  • The required IAM policies have changed - tag:GetResources policy is now required for running the controller. Please update your existing service account with the new policy provided in examples/recommended-inline-policy.json.

Gateway/VPCAssociationPolicy

  • Creating a Gateway no longer creates a service network and its VPC association. Please refer to the documentation for more details. Existing service networks and their associations will not be deleted.
  • Deprecated Gateway’s application-networking.k8s.aws/lattice-vpc-association annotation. Instead, use VPCAssociationPolicy CRD to configure an association.
  • Added ownership concept to VPCAssociationPolicy. It will no longer delete VPC associations that are not owned by the controller.

TargetGroupPolicy

  • Updated the CRD. The new version of controller requires the updated version of TargetGroupPolicy CRD.

General Improvements

  • Fixed e2e tests and examples to be compatible with Gateway API v1 CRDs (#515)
  • Added TargetGroupPolicy controller for updating resource status (#509)
  • Target group reconciliation performance improvements (#495, #501)
  • IAMAuthPolicy E2E test improvements (#496)
  • Target de-registration E2E test improvements (#491)
  • General E2E test performance improvements (#510)

Documentation Improvements

  • Updated deployment instructions (#511, #512, #516)
  • Replaced API references to automatically generated docs from CRDs (#505, #507)
  • Updated and reorganized documentation structure (#506, #513, #517, #521, #522)
  • Added API references to Gateway, xRoute, Service, and IAMAuthPolicy (#492, #500, #514, #518)

Upgrade Instructions

  • TargetGroupPolicy CRD is updated. This is bundled with deploy-*.yaml and Helm chart, but you can also find the CRD on config/crds/bases/application-networking.k8s.aws_targetgrouppolicies.yaml.
  • If you are upgrading from versions older than v0.0.18, please also check v0.0.18 release notes for more feature updates and breaking changes.

Full Changelog: v0.0.18...v1.0.0

v0.0.18

14 Nov 20:12
Compare
Choose a tag to compare

What's Changed

New features:

General Improvement and Bug Fixes:

  • [Breaking change] Replaced support for multicluster.x-k8s.io ServiceExport and ServiceImport with application-networking.k8s.aws ServiceExport and ServiceImport CRDs [#475, @xWink)
  • [Breaking change] Changed Target Groups naming convention and used AWS tags instead of names to identify mapping between k8s services and Lattice target groups. This resolves target group naming conflicts (#457, @erikfuller)
  • Added the ownership concept for VPC Lattice services to prevent conflicting routes across clusters by tagging services with identifying information (name, namespace, routeType) and ignoring changes to non-owned services. The first created route takes effect, changes to conflicting routes are ignored. (#466), @solmonk)
  • Added managedBy AWS tag to all controller managed VPC Lattice resources (#428, @mikhail-aws)
  • Added e2e test for Target Group Policy CRD (#434, @scottlaiaws)
  • Removed the controller's hard coded 100 Lattice Targets limit. We can now support the full VPC Lattice Target soft limit. (#470, @zijun726911 )
  • Added ability to pass LATTICE_ENDPOINT and CLUSTER_NAME env variable for helm chart [#446 #436, @xWink @zijun726911 )

V0.0.18 Controller Upgrade Instructions

Users of the old multicluster.x-k8s.io ServiceExport and ServiceImport need to migrate to the application-networking.k8s.aws ServiceExport and ServiceImport with the following steps:

  • Install the new CRDs
    • kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceexports.yaml
    • kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceimports.yaml
  • Replace the apiVersion of all ServiceExport or ServiceImport resources from multicluster.x-k8s.io/v1alpha1 to application-networking.k8s.aws/v1alpha1. Example files of ServiceExport and ServiceImport include:
    • examples/elasticsearch-export.yaml
    • examples/elasticsearch-import.yaml

The target group naming convention has changed in Controller version 0.0.18. For any existing Kubernetes Service and ServiceExport resources in the cluster with corresponding target groups, the controller upgrade will create new target groups using the new naming convention.
Users need to manually delete old target groups that use the previous naming convention.

  • Old target group naming convention: k8s-<namespace>-<route name>-<protocol>-<protocol version>
  • New target group naming convention: k8s-<namespace>-<route name>-<random suffix>

v0.0.17...v0.0.18