Release v1.0.5

Release v1.0.5 adds logic to conditionally inject the pod readiness gates and adde support for attaching TargetGroupPolicy to ServiceExport objects.

What's Changed

• Added logic to conditionally inject pod readiness gates (#629)
• Added support for attaching Target Group policies to ServiceExport objects (#622)

Document Improvements

• Reorganized and refactored documentations (#630)

Full Change log: v1.0.4...v1.0.5

Release v1.0.4

Release v1.0.4 includes integration with the pod readiness gate to enable zero downtime rolling deployments.

What's Changed

• Fixed incorrect ipv6 cluster create command example in docs #599
• Integrated pod readiness gates to prevent sending traffic to pods before they are ready, enabling zero downtime deployments, please check the pod-readiness-gates.md doc for more detail #606, #607
• Listened to EndpointSlice events to track pod readiness status #604
• Fixed the bug when getting tags fails for a service network association. Now logs and skips deletion instead of failing #600

Full Change log: v1.0.3...v1.0.4

Release v1.0.3

Release v1.0.3 fixes the issue of not being able to find the foreign cluster’s serviceImport, and introduces the lattice target group global garbage collector to improve the controller performance.

What's Changed

• Fixed permission denied error handling for service network tags #588
• Fixed backendref serviceImport target group discovery logic #587
• e2e test stability improvement #581
• Added lattice target group garbage collector #580
• Added cross-account(RAM share) e2e Tests + conflicted gateway status #578
• Deleted the configmap in the helm chart, helm templates/deployment.yaml directly read value from values.yaml #575
• Added missing controller permissions in recommended-inline-policy.json #574

Full Change log: v1.0.2...v1.0.3

Release v1.0.2

Release includes improved status updates for HTTP/gRPC routes and CRD policies, bug fix for shared Service Networks with RAM, and documentation updates.

What's Changed

• Added a new recommended multi-cluster architecture documents #533
• Improved presubmit workflow and add docs guide #545
• Added service export/import documents #551
• Bug fix for failing to associate Resource Access Manager(RAM) shared Service network: #566
• Added generic policy handler, refactoring IAMAuthPolicy, TargetGroupPolicy, VpcAssociationPolicy #547
• Update validations and status on route reconciler #563
• Added missing permissions in recommended-inline-policy.json #548 #574

Full Change log: v1.0.1...v1.0.2

Release v1.0.1

This release fixes an issue on helm chart permission, and enables debug level logs to help troubleshooting.

What's Changed

• Fixes helm chart issue with missing RBAC permission for VpcAssociationPolilcy and TargetGroupPolicy #532
• Added LOG_LEVEL env variable and updated helm chart accordingly #534

Release v1.0.0

What's Changed

On behalf of the entire AWS Gateway API Controller team, we are pleased to announce the GA release of the AWS Gateway API Controller v1.0.0. A big thank you to all the contributors that made this release possible.

This release completes the VPC Lattice resource ownership changes by removing the Service Network conflict which enables advanced multi-cluster setups. We also added support for the recent GA release of the Gateway API v1 CRDs.

Highlights

• Detached Gateway from VPC Lattice service network, removing service network conflict (#480, #504)
• Added DEFAULT_SERVICE_NETWORK environment variable that will automatically create a service network and its VPC association at the controller startup (#502)
• Updated RouteRules to return 404 status code for invalid backendRefs (#497)
• Added handling of resource status for TargetGroupPolicy (#509)
• Updated controller dependencies to [email protected] / [email protected] (#503)

Breaking Changes

IAM Policies

• The required IAM policies have changed - tag:GetResources policy is now required for running the controller. Please update your existing service account with the new policy provided in examples/recommended-inline-policy.json.

Gateway/VPCAssociationPolicy

• Creating a Gateway no longer creates a service network and its VPC association. Please refer to the documentation for more details. Existing service networks and their associations will not be deleted.
• Deprecated Gateway’s application-networking.k8s.aws/lattice-vpc-association annotation. Instead, use VPCAssociationPolicy CRD to configure an association.
• Added ownership concept to VPCAssociationPolicy. It will no longer delete VPC associations that are not owned by the controller.

TargetGroupPolicy

• Updated the CRD. The new version of controller requires the updated version of TargetGroupPolicy CRD.

General Improvements

• Fixed e2e tests and examples to be compatible with Gateway API v1 CRDs (#515)
• Added TargetGroupPolicy controller for updating resource status (#509)
• Target group reconciliation performance improvements (#495, #501)
• IAMAuthPolicy E2E test improvements (#496)
• Target de-registration E2E test improvements (#491)
• General E2E test performance improvements (#510)

Documentation Improvements

• Updated deployment instructions (#511, #512, #516)
• Replaced API references to automatically generated docs from CRDs (#505, #507)
• Updated and reorganized documentation structure (#506, #513, #517, #521, #522)
• Added API references to Gateway, xRoute, Service, and IAMAuthPolicy (#492, #500, #514, #518)

Upgrade Instructions

• TargetGroupPolicy CRD is updated. This is bundled with deploy-*.yaml and Helm chart, but you can also find the CRD on config/crds/bases/application-networking.k8s.aws_targetgrouppolicies.yaml.
• If you are upgrading from versions older than v0.0.18, please also check v0.0.18 release notes for more feature updates and breaking changes.

Full Changelog: v0.0.18...v1.0.0

v0.0.18

What's Changed

New features:

• Added AccessLogPolicy CRD to configure VPC Lattice service network or service Access Log Subscriptions (#424 #430 #442 #437 #471, @xWink)
• Added IAMAuthPolicy CRD to configure VPC Lattice service network or service Auth Policies (#448 #443 #456 #458 #478 #481, @mikhail-aws)

General Improvement and Bug Fixes:

• [Breaking change] Replaced support for multicluster.x-k8s.io ServiceExport and ServiceImport with application-networking.k8s.aws ServiceExport and ServiceImport CRDs [#475, @xWink)
• [Breaking change] Changed Target Groups naming convention and used AWS tags instead of names to identify mapping between k8s services and Lattice target groups. This resolves target group naming conflicts (#457, @erikfuller)
• Added the ownership concept for VPC Lattice services to prevent conflicting routes across clusters by tagging services with identifying information (name, namespace, routeType) and ignoring changes to non-owned services. The first created route takes effect, changes to conflicting routes are ignored. (#466), @solmonk)
• Added managedBy AWS tag to all controller managed VPC Lattice resources (#428, @mikhail-aws)
• Added e2e test for Target Group Policy CRD (#434, @scottlaiaws)
• Removed the controller's hard coded 100 Lattice Targets limit. We can now support the full VPC Lattice Target soft limit. (#470, @zijun726911 )
• Added ability to pass LATTICE_ENDPOINT and CLUSTER_NAME env variable for helm chart [#446 #436, @xWink @zijun726911 )

V0.0.18 Controller Upgrade Instructions

Users of the old multicluster.x-k8s.io ServiceExport and ServiceImport need to migrate to the application-networking.k8s.aws ServiceExport and ServiceImport with the following steps:

• Install the new CRDs
  • kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceexports.yaml
  • kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceimports.yaml
• Replace the apiVersion of all ServiceExport or ServiceImport resources from multicluster.x-k8s.io/v1alpha1 to application-networking.k8s.aws/v1alpha1. Example files of ServiceExport and ServiceImport include:
  • examples/elasticsearch-export.yaml
  • examples/elasticsearch-import.yaml

The target group naming convention has changed in Controller version 0.0.18. For any existing Kubernetes Service and ServiceExport resources in the cluster with corresponding target groups, the controller upgrade will create new target groups using the new naming convention.
Users need to manually delete old target groups that use the previous naming convention.

• Old target group naming convention: k8s-<namespace>-<route name>-<protocol>-<protocol version>
• New target group naming convention: k8s-<namespace>-<route name>-<random suffix>

v0.0.17...v0.0.18

v0.0.17

What's Changed

This release includes Security Groups support for VPC Lattice Service Network Vpc Associations and several bug fixes and user experience improvements. We improved logging clarity and refactored the Controller Data Store to prepare for a larger refactor of the Target Group naming strategy in a future release.

New feature:

• Added VpcAssociationPolicy CRD that allows user to define VPC Lattice Service Network Vpc Association Security Groups #396 #398 #407 #409

General Improvement and bug fixes:

• Fixed bug #386: create lattice resources when no endpoints in K8s services #406
• Fixed bug #331: k8s service deletion do not trigger de-registering vpc lattice targets #387
• Fixed bug #369: Remove healthCheck section in TargetGroupPolicy cannot trigger controller to reconcile TargetGroupPolicy #405
• Logging readability and clarity improvements, removal of struct embedding in info logs, removal of unnecessary error and info logs, and addition of route reconciler logs #410 #413 #414 #416 #419
• Removed the internal data store for Services and Services Networks and refactored to improve readability #394 #391
• General readability improvements, refactoring of large methods, more descriptive naming for variables and functions, and consistent naming in package imports #418
• Added e2e cleanup script#383
• Updated docs with latest guide on health checks #377
• Added GRPCRoute E2E test cases #363 #370

Full Changelog: v0.0.16...v0.0.17

v0.0.16

What's Changed

New feature

• Add TargetGroupPolicy CRD that allows granular upstream network configuration #349 #357 #361
  • Support TLS connection on upstream #304
  • Support target health checks #69
  • Support HTTP/2 targets
• GRPCRoute support #341 #350
  • GRPCRoute with ServiceImport as backendRef is not supported yet - only single cluster use case is supported at the moment.
• Add support to route requests by HTTP method #332
• Add support for IPv6 automatically if your EKS cluster supports IPv6 (documentation) #329
• Allow configurable ports for HTTPRoute, GRPCRoute BackendRef ports and ServiceExport port using annotations #335 #351
• Increase name length limit for generated VPC Lattice TargetGroups #357

General Improvement and bug fixes

• Fixed bug that was deleting ServiceNetworkServiceAssociations for shared accounts #356
• Refactor k8s resource event handling and service reconciler #360
• Added HTTPRoute Creation/Update E2E Tests #312
• E2E test framework improvement, shorten the whole e2etest suite time #330 #344
• Remove aws-sdk override, use vpc lattice sdk directly from aws-sdk-go #320
• Log improvement, migrate to zap logger and make log to be more clear #318
• Quote accountId in Helm chart ConfigMap #333
• Refactor service_manager.go #345
• Mock IMDS in controller config tests #338

Upgrade Instructions

• If you have installed the controller manually, make sure to install below CRDs in your cluster before running the upgraded controller. The CRDs are located at:
  • TargetGroupPolicy - config/crds/bases/application-networking.k8s.aws_targetgrouppolicies.yaml
  • GRPCRoute - config/crds/bases/k8s-gateway-v0.6.1.yaml
• IAM policy required for the controller’s serviceaccount has been changed; it now requires ec2:DescribeTags permission. Please review the new permissions in examples/recommended-inline-policy.json and update the service account if needed.

Breaking Changes

• If using a multi-cluster environment, make sure to update all controllers in the environment to v0.0.16. The naming scheme has been changed for VPC Lattice target groups generated by the controller. When the controller is upgraded, it will automatically create new target groups and replace old ones with them. Due to this change, v0.0.16 controllers will not be able to recognize ServiceImports created from controllers with version v0.0.15 or lower, and vice versa.

New Contributors

• @rlymbur made their first contribution in #311
• @csantanapr made their first contribution in #333
• @erikfuller made their first contribution in #332
• @klyubin made their first contribution in #338

Full Changelog: v0.0.15...v0.0.16

v0.0.15

What's Changed

• Use log level 2 when controller can not find Parent Gateway for HTTPRoute by @graehren in #289
• Fix small issue with getting started doc by @graehren in #290
• Bump go version to 1.20 by @solmonk in #292
• Support ExternalDNS integration by DNSEndpoint by @solmonk in #294
• fix: clean up resources after test run by @scottlaiaws in #296
• update e2etest instructions; update gitignore for local files by @mikhail-aws in #297
• 299: removed outdated comments by @vavrajosef in #301

New Contributors

• @graehren made their first contribution in #289
• @mikhail-aws made their first contribution in #297
• @vavrajosef made their first contribution in #301

Full Changelog: v0.0.14...v0.0.15