Release artifacts for release v1.0.4

Author: chaoyux

README.md

@@ -55,5 +55,5 @@ This project is licensed under the Apache-2.0 License.
 [getting-started]: https://www.gateway-api-controller.eks.aws.dev/guides/getstarted/
 [spec]: https://www.gateway-api-controller.eks.aws.dev/api-reference/
 [concepts]: https://www.gateway-api-controller.eks.aws.dev/concepts/
-[gh_release]: https://github.com/aws/aws-application-networking-k8s/releases/tag/v1.0.3
+[gh_release]: https://github.com/aws/aws-application-networking-k8s/releases/tag/v1.0.4
 [godoc]: https://www.gateway-api-controller.eks.aws.dev/

config/manager/kustomization.yaml

@@ -13,4 +13,4 @@ configMapGenerator:
 images:
 - name: controller
   newName: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller
-  newTag: v1.0.3
+  newTag: v1.0.4

docs/guides/deploy.md

@@ -159,7 +159,7 @@ Alternatively, you can manually provide configuration variables when installing
 
 1. Run either `kubectl` or `helm` to deploy the controller. Check [Environment Variables](../guides/environment.md) for detailed explanation of each configuration option.
    ```bash
-   kubectl apply -f examples/deploy-v1.0.3.yaml
+   kubectl apply -f examples/deploy-v1.0.4.yaml
    ```
    or
    ```bash
@@ -168,7 +168,7 @@ Alternatively, you can manually provide configuration variables when installing
    # Run helm with either install or upgrade
    helm install gateway-api-controller \
       oci://public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller-chart\
-      --version=v1.0.3 \
+      --version=v1.0.4 \
       --set=serviceAccount.create=false --namespace aws-application-networking-system \
       # use "debug" for debug level logs
       --set=log.level=info \

examples/deploy-v0.0.18.yaml renamed to examples/deploy-v1.0.4.yaml

@@ -7022,7 +7022,14 @@ spec:
             - targetRef
             type: object
           status:
-            description: TargetGroupPolicyStatus defines the observed state of TargetGroupPolicy.
+            default:
+              conditions:
+              - lastTransitionTime: "1970-01-01T00:00:00Z"
+                message: Waiting for controller
+                reason: NotReconciled
+                status: Unknown
+                type: Accepted
+            description: Status defines the current state of TargetGroupPolicy.
             properties:
               conditions:
                 default:
@@ -7036,12 +7043,12 @@ spec:
                   reason: Pending
                   status: Unknown
                   type: Programmed
-                description: "Conditions describe the current conditions of the TargetGroupPolicy.
+                description: "Conditions describe the current conditions of the TargetGroup.
                   \n Implementations should prefer to express Policy conditions using
                   the `PolicyConditionType` and `PolicyConditionReason` constants
                   so that operators and tools can converge on a common vocabulary
-                  to describe TargetGroupPolicy state. \n Known condition types are:
-                  \n * \"Accepted\" * \"Ready\""
+                  to describe TargetGroup state. \n Known condition types are: \n
+                  * \"Accepted\" * \"Ready\""
                 items:
                   description: "Condition contains details for one aspect of the current
                     state of this API Resource. --- This struct is intended for direct
@@ -7119,7 +7126,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -7165,11 +7173,8 @@ spec:
             properties:
               associateWithVpc:
                 description: "AssociateWithVpc indicates whether the VpcServiceNetworkAssociation
-                  should be created for the current VPC of k8s cluster. \n Both this
-                  flag and Gateway annotation \"application-networking.k8s.aws/lattice-vpc-association\"
-                  are reserved tentatively for backward compatibility. Either one
-                  of them set to true or both of them undefined will result in the
-                  VpcServiceNetworkAssociation created."
+                  should be created for the current VPC of k8s cluster. \n This value
+                  will be considered true by default."
                 type: boolean
               securityGroupIds:
                 description: "SecurityGroupIds defines the security groups enforced
@@ -7223,7 +7228,7 @@ spec:
             type: object
           status:
             description: VpcAssociationPolicyStatus defines the observed state of
-              AccessLogPolicy.
+              VpcAssociationPolicy.
             properties:
               conditions:
                 default:
@@ -7232,17 +7237,12 @@ spec:
                   reason: Pending
                   status: Unknown
                   type: Accepted
-                - lastTransitionTime: "1970-01-01T00:00:00Z"
-                  message: Waiting for controller
-                  reason: Pending
-                  status: Unknown
-                  type: Programmed
-                description: "Conditions describe the current conditions of the AccessLogPolicy.
+                description: "Conditions describe the current conditions of the VpcAssociationPolicy.
                   \n Implementations should prefer to express Policy conditions using
                   the `PolicyConditionType` and `PolicyConditionReason` constants
                   so that operators and tools can converge on a common vocabulary
-                  to describe AccessLogPolicy state. \n Known condition types are:
-                  \n * \"Accepted\" * \"Ready\""
+                  to describe VpcAssociationPolicy state. \n Known condition types
+                  are: \n * \"Accepted\""
                 items:
                   description: "Condition contains details for one aspect of the current
                     state of this API Resource. --- This struct is intended for direct
@@ -7320,7 +7320,8 @@ spec:
         type: object
     served: true
     storage: true
-    subresources: {}
+    subresources:
+      status: {}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -7361,6 +7362,26 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - ""
   resources:
@@ -7623,6 +7644,14 @@ rules:
   - targetgrouppolicies/finalizers
   verbs:
   - update
+- apiGroups:
+  - application-networking.k8s.aws
+  resources:
+  - targetgrouppolicies/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - application-networking.k8s.aws
   resources:
@@ -7641,6 +7670,14 @@ rules:
   - vpcassociationpolicies/finalizers
   verbs:
   - update
+- apiGroups:
+  - application-networking.k8s.aws
+  resources:
+  - vpcassociationpolicies/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - application-networking.k8s.aws
   resources:
@@ -7767,6 +7804,16 @@ metadata:
   name: manager-config
 ---
 apiVersion: v1
+data:
+  tls.crt: Cg==
+  tls.key: Cg==
+kind: Secret
+metadata:
+  name: webhook-cert
+  namespace: aws-application-networking-system
+type: kubernetes.io/tls
+---
+apiVersion: v1
 kind: Service
 metadata:
   labels:
@@ -7782,6 +7829,18 @@ spec:
   selector:
     control-plane: gateway-api-controller
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: webhook-service
+  namespace: aws-application-networking-system
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+  selector:
+    control-plane: gateway-api-controller
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -7790,7 +7849,7 @@ metadata:
   name: gateway-api-controller
   namespace: aws-application-networking-system
 spec:
-  replicas: 1
+  replicas: 2
   selector:
     matchLabels:
       control-plane: gateway-api-controller
@@ -7819,7 +7878,10 @@ spec:
         - --leader-elect
         command:
         - /manager
-        image: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller:v0.0.18
+        env:
+        - name: WEBHOOK_ENABLED
+          value: ""
+        image: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller:v1.0.4
         livenessProbe:
           httpGet:
             path: /healthz
@@ -7844,9 +7906,55 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
-              - ALL
+            - ALL
           readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /etc/webhook-cert
+          name: webhook-cert
+          readOnly: true
       securityContext:
         runAsNonRoot: true
       serviceAccountName: gateway-api-controller
       terminationGracePeriodSeconds: 10
+      volumes:
+      - name: webhook-cert
+        secret:
+          defaultMode: 420
+          secretName: webhook-cert
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: aws-appnet-gwc-mutating-webhook
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: aws-application-networking-system
+      path: /mutate-pod
+  failurePolicy: Fail
+  name: mpod.gwc.k8s.aws
+  namespaceSelector:
+    matchExpressions:
+    - key: application-networking.k8s.aws/pod-readiness-gate-inject
+      operator: In
+      values:
+      - enabled
+  objectSelector:
+    matchExpressions:
+    - key: app.kubernetes.io/name
+      operator: NotIn
+      values:
+      - gateway-api-controller
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    resources:
+    - pods
+  sideEffects: None

helm/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: aws-gateway-controller-chart
 description: A Helm chart for the Gateway Controller for AWS VPC Lattice
-version: v1.0.3
-appVersion: v1.0.3
+version: v1.0.4
+appVersion: v1.0.4
 home: https://github.com/aws/aws-application-networking-k8s
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

helm/values.yaml

@@ -4,7 +4,7 @@
 
 image:
   repository: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller
-  tag: v1.0.3
+  tag: v1.0.4
   pullPolicy: IfNotPresent
   pullSecrets: []