mirror of
https://github.com/openappsec/openappsec.git
synced 2025-07-13 14:04:45 +03:00
1860 lines
66 KiB
Markdown
1860 lines
66 KiB
Markdown
# Changelog
|
|
|
|
## 2.38.0
|
|
|
|
### Changes
|
|
|
|
* Added support for setting `SVC.tls.appProtocol` and `SVC.http.appProtocol` values to configure the appProtocol fields
|
|
for Kubernetes Service HTTP and TLS ports. It might be useful for integration with external load balancers like GCP.
|
|
[#1018](https://github.com/Kong/charts/pull/1018)
|
|
|
|
## 2.37.1
|
|
|
|
* Rename the controller status port. This fixes a collision with the proxy status port in the Prometheus ServiceMonitor.
|
|
[#1008](https://github.com/Kong/charts/pull/1008)
|
|
|
|
## 2.37.0
|
|
|
|
### Changes
|
|
|
|
* Bumped default `kong/kubernetes-ingress-controller` image tag and updated CRDs to 3.1.
|
|
[#1011](https://github.com/Kong/charts/pull/1011)
|
|
* Bumped default `kong` image tag to 3.6.
|
|
[#1011](https://github.com/Kong/charts/pull/1011)
|
|
|
|
## 2.36.0
|
|
|
|
### Fixed
|
|
|
|
* Add `KongLicense` RBAC rules.
|
|
[#1006](https://github.com/Kong/charts/pull/1006)
|
|
|
|
## 2.35.1
|
|
|
|
### Fixed
|
|
|
|
* The plugin helper no longer sets the plugin list when not in use.
|
|
[#1002](https://github.com/Kong/charts/pull/1002)
|
|
|
|
## 2.35.0
|
|
|
|
### Added
|
|
|
|
* Added controller's RBAC rules for `KongVault` CRD (installed only when KIC
|
|
version >= 3.1.0).
|
|
[#992](https://github.com/Kong/charts/pull/992)
|
|
|
|
### Fixed
|
|
|
|
* Added a missing `envFrom` render in the main Kong proxy container.
|
|
[#994](https://github.com/Kong/charts/pull/994)
|
|
|
|
## 2.34.0
|
|
|
|
### Added
|
|
|
|
* The `envFrom` and `ingressController.envFrom` values.yaml keys now populate
|
|
the container field of the same name. This loads environment variables from
|
|
ConfigMap or Secret resource keys in bulk:
|
|
https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
|
|
[#987](https://github.com/Kong/charts/pull/987)
|
|
* Kong listens now use both IPv4 and IPv6 addresses.
|
|
[#986](https://github.com/Kong/charts/pull/986)
|
|
|
|
## 2.33.3
|
|
|
|
### Fixed
|
|
|
|
* Add RBAC rules for get, list and watch operations on namespaces so that Gateway API
|
|
controllers in KIC can access using a cached controller-runtime client.
|
|
[#974](https://github.com/Kong/charts/pull/974)
|
|
|
|
## 2.33.2
|
|
|
|
### Fixed
|
|
|
|
* Fix a template bug related to the `affinity` field for migrations Pods.
|
|
[#972](https://github.com/Kong/charts/pull/972)
|
|
|
|
## 2.33.1
|
|
|
|
### Fixed
|
|
|
|
* Use changed `incubator.ingress-controller.konghq.com` API group name in `KongServiceFacade`
|
|
RBAC rules. Refer to [KIC#5302](https://github.com/Kong/kubernetes-ingress-controller/pull/5302)
|
|
for rename reasoning.
|
|
[#968](https://github.com/Kong/charts/pull/968)
|
|
|
|
## 2.33.0
|
|
|
|
### Improvements
|
|
|
|
* Only allow `None` ClusterIPs on ClusterIP-type Services.
|
|
[#961](https://github.com/Kong/charts/pull/961)
|
|
[#962](https://github.com/Kong/charts/pull/962)
|
|
* Bumped Kong version to 3.5.
|
|
[#957](https://github.com/Kong/charts/pull/957)
|
|
* Support for `affinity` configuration has been added to migration job templates.
|
|
* Display a warning message when Kong Manager is enabled and the Admin API is disabled.
|
|
* Validate Gateway API's `Gateway` and `HTTPRoute` resources in the controller's
|
|
admission webhook only when KIC version is 3.0 or higher.
|
|
[#954](https://github.com/Kong/charts/pull/954)
|
|
* Added controller's RBAC rules for `KongServiceFacade` CRD (installed only when
|
|
KongServiceFacade feature gate turned on and KIC version >= 3.1.0).
|
|
[#963](https://github.com/Kong/charts/pull/963)
|
|
|
|
## 2.32.0
|
|
|
|
### Improvements
|
|
|
|
* Add new `deployment.hostname` value to make identifying instances in
|
|
controlplane/dataplane configurations easier.
|
|
[#943](https://github.com/Kong/charts/pull/943)
|
|
|
|
## 2.31.0
|
|
|
|
### Improvements
|
|
|
|
* Added controller's RBAC rules for `KongUpstreamPolicy` CRD.
|
|
[#917](https://github.com/Kong/charts/pull/917)
|
|
* Added services resource to admission webhook config for KIC >= 3.0.0.
|
|
[#919](https://github.com/Kong/charts/pull/919)
|
|
* Update default ingress controller version to v3.0
|
|
[#929](https://github.com/Kong/charts/pull/929)
|
|
[#930](https://github.com/Kong/charts/pull/930)
|
|
|
|
### Fixed
|
|
|
|
* The target port for cmetrics should only be applied if the ingress controller is enabled.
|
|
[#926](https://github.com/Kong/charts/pull/926)
|
|
* Fix RBAC for Gateway API v1.
|
|
[#928](https://github.com/Kong/charts/pull/928)
|
|
* Enable Admission webhook for Gateway API v1 resources.
|
|
[#928](https://github.com/Kong/charts/pull/928)
|
|
|
|
## 2.30.0
|
|
|
|
### Improvements
|
|
|
|
* Prevent installing PodDisruptionBudget for `replicaCount: 1` or `autoscaling.minReplicas: 1`.
|
|
[#896](https://github.com/Kong/charts/pull/896)
|
|
* The admission webhook now will be triggered on Secrets creation for KIC 2.12.1+.
|
|
[#907](https://github.com/Kong/charts/pull/907)
|
|
* Container security context defaults now comply with the restricted pod
|
|
security standard. This includes an enforced run as user ID set to 1000. UID
|
|
1000 is used for official Kong images other than Alpine images (which use UID
|
|
100) and for KIC images 3.0.0+ (older images use UID 65532). Images that do
|
|
not use UID 1000 can still run with this user, as static image files are
|
|
world-accessible and runtime-created files are created in temporary
|
|
directories created for the run as user.
|
|
[#911](https://github.com/Kong/charts/pull/911)
|
|
* Allow using templates (via `tpl`) when specifying `proxy.nameOverride`.
|
|
[#914](https://github.com/Kong/charts/pull/914)
|
|
|
|
## 2.29.0
|
|
|
|
### Improvements
|
|
* Make it possible to set the admission webhook's `timeoutSeconds`.
|
|
[#894](https://github.com/Kong/charts/pull/894)
|
|
|
|
## 2.28.1
|
|
|
|
### Fixed
|
|
|
|
* The admission webhook now includes Gateway API resources and Ingress
|
|
resources for controller versions 2.12+. This version introduces new
|
|
validations for Kong's regex path implementation.
|
|
[#892](https://github.com/Kong/charts/pull/892)
|
|
|
|
## 2.28.0
|
|
|
|
### Improvements
|
|
|
|
* Bump default `kong` image tag to 3.4.
|
|
[#883](https://github.com/Kong/charts/pull/883)
|
|
* Bump default ingress controller image tag to 2.12.
|
|
* Added validation rule for `latency` upstream load balancing algorithm to
|
|
CRDs. [Upgrade your CRDs](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#updates-to-crds)
|
|
when installing this release.
|
|
|
|
## 2.27.0
|
|
|
|
### Improvements
|
|
|
|
* Listens now all support `.address` configuration. This was an existing
|
|
setting that was not applied properly for some listens.
|
|
[#881](https://github.com/Kong/charts/pull/881)
|
|
|
|
## 2.26.5
|
|
|
|
### Fixed
|
|
|
|
* Kuma ServiceAccount Token hints and volumes are also available in migrations
|
|
Pods.
|
|
[#877](https://github.com/Kong/charts/pull/877)
|
|
|
|
## 2.26.4
|
|
|
|
### Fixed
|
|
|
|
* updated `admin_api_uri` to `admin_gui_api_url` as per [kong documentation](https://docs.konghq.com/gateway/3.4.x/reference/configuration/#admin_api_uri).
|
|
|
|
## 2.26.3
|
|
|
|
### Fixed
|
|
|
|
* Enabled Service and Ingress in Kong Manager for non enterprise users.
|
|
|
|
## 2.26.2
|
|
|
|
### Fixed
|
|
|
|
* Add missing CRD KongConsumerGroup and extend status subresource for CRDs
|
|
|
|
## 2.26.1
|
|
|
|
### Fixed
|
|
|
|
* Fix parsing enterprise tags (like e.g. `3.4.0.0`)
|
|
[#857](https://github.com/Kong/charts/pull/857)
|
|
|
|
## 2.26.0
|
|
|
|
### Breaking changes
|
|
|
|
2.26 changes the default proxy readiness endpoint for newer Kong versions. This
|
|
causes an issue in a narrow edge case. If all of the following are true:
|
|
|
|
* You use Kong 3.3 or newer.
|
|
* You use controller 2.10 or older.
|
|
* You run the controller and proxy in separate Deployments.
|
|
|
|
you are affected and should review [the 2.26 upgrade instructions](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#2260).
|
|
|
|
### Improvements
|
|
|
|
* Use the Kong 3.3 `/status/ready` endpoint for readiness probes by default if
|
|
available. If not available, use the old `/status` default.
|
|
[#844](https://github.com/Kong/charts/pull/844)
|
|
* Add ArgoCD `Sync` and `BeforeHookCreation` [hook policies](https://argo-cd.readthedocs.io/en/stable/user-guide/resource_hooks/)
|
|
to the the init and pre-upgrade migrations Jobs.
|
|
* Add controller's RBAC rules for `KongConsumerGroups` CRD.
|
|
[#850](https://github.com/Kong/charts/pull/850)
|
|
* Updated controller version to 2.11.
|
|
|
|
## 2.25.0
|
|
|
|
- Generate the `adminApiService.name` value from `.Release.Name` rather than
|
|
hardcoding to `kong`
|
|
[#839](https://github.com/Kong/charts/pull/839)
|
|
|
|
## 2.24.0
|
|
|
|
### Improvements
|
|
|
|
* Running `tpl` against user-supplied labels and annotations used in Deployment
|
|
[#814](https://github.com/Kong/charts/pull/814)
|
|
|
|
Example:
|
|
```yaml
|
|
podLabels:
|
|
version: "{{ .Values.image.tag }}" # Will render dynamically when overridden downstream
|
|
```
|
|
|
|
* Fail to render templates when PodSecurityPolicy was requested but cluster doesn't
|
|
serve its API.
|
|
[#823](https://github.com/Kong/charts/pull/823)
|
|
* Add support for multiple hosts and tls configurations for Kong proxy `Ingress`.
|
|
[#813](https://github.com/Kong/charts/pull/813)
|
|
* Bump postgres default tag to `13.11.0-debian-11-r20` which includes arm64 images.
|
|
[#834](https://github.com/Kong/charts/pull/834)
|
|
|
|
### Fixed
|
|
|
|
* Fix Ingress and HPA API versions during capabilities checking
|
|
[#827](https://github.com/Kong/charts/pull/827)
|
|
|
|
## 2.23.0
|
|
|
|
### Improvements
|
|
|
|
* Add custom label configuration option for Kong proxy `Ingress`.
|
|
[#812](https://github.com/Kong/charts/pull/812)
|
|
* Bump default `kong/kubernetes-ingress-controller` image tag to 2.10.
|
|
Bump default `kong` image tag to 3.3.
|
|
[#815](https://github.com/Kong/charts/pull/815)
|
|
|
|
## 2.22.0
|
|
|
|
### Improvements
|
|
|
|
* Removed redundant RBAC permissions for non-existing subresources `secrets/status`
|
|
and `endpoints/status`.
|
|
[#798](https://github.com/Kong/charts/pull/798)
|
|
* For Kong Ingress Controller in version >= 2.10, RBAC permissions for `Endpoints`
|
|
are not configured anymore (because it uses `EndpointSlices`).
|
|
[#798](https://github.com/Kong/charts/pull/798)
|
|
* Added support for setting `certificates.cluster.commonName`. This allows a custom
|
|
certificate `CommonName` to be provided when deploying Kong Gateway in hybrid
|
|
mode using Cert Manager [#804](https://github.com/Kong/charts/pull/804)
|
|
|
|
## 2.21.0
|
|
|
|
### Improvements
|
|
|
|
* Added support for `startupProbe` on Kong pods. This can be configured via
|
|
`.Values.startupProbe`. To maintain backward compatibility, it is disabled by default.
|
|
[#792](https://github.com/Kong/charts/pull/792)
|
|
* Customize Admission Webhook namespaceSelectors and compose them from values.
|
|
[#794](https://github.com/Kong/charts/pull/794)
|
|
* Added `CustomResourceDefinition` `list` and `watch` permissions to controller's ClusterRole.
|
|
[#796](https://github.com/Kong/charts/pull/796)
|
|
|
|
## 2.20.2
|
|
|
|
### Fixed
|
|
|
|
* Automatic license provisioning for Gateways managed by Ingress Controllers in Konnect mode
|
|
is disabled by default.
|
|
To enable it, set `.Values.ingressController.konnect.license.enabled=true`.
|
|
[#793](https://github.com/Kong/charts/pull/793)
|
|
|
|
## 2.20.1
|
|
|
|
### Fixed
|
|
|
|
* Fix correct timestamp format and remove `isCA` in certificates
|
|
[#791](https://github.com/Kong/charts/pull/791)
|
|
|
|
## 2.20.0
|
|
|
|
### Improvements
|
|
|
|
* Added support for automatic license provisioning for Gateways managed by
|
|
Ingress Controllers in Konnect mode (`.Values.ingressController.konnect.enabled=true`).
|
|
[#787](https://github.com/Kong/charts/pull/787)
|
|
|
|
## 2.19.1
|
|
|
|
### Fixed
|
|
|
|
* Fix `webhook-cert` being mounted regardless if `.Values.ingressController.enabled`
|
|
is set.
|
|
[#779](https://github.com/Kong/charts/pull/779)
|
|
|
|
## 2.19.0
|
|
|
|
### Improvements
|
|
|
|
* Security context enforces read-only root filesystem by default. This is not
|
|
expected to affect most configurations, but [will affect custom plugins that
|
|
write to the container filesystem](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#2170).
|
|
[#770](https://github.com/Kong/charts/pull/770)
|
|
|
|
## 2.18.0
|
|
|
|
### Improvements
|
|
|
|
* Added support for the Admin API service TLS client verification.
|
|
[#780](https://github.com/Kong/charts/pull/780
|
|
|
|
## 2.17.1
|
|
|
|
### Fixed
|
|
|
|
* The `-redhat` suffix on official KIC images is no longer considered part of
|
|
the semver string for version checks.
|
|
[#779](https://github.com/Kong/charts/pull/779)
|
|
|
|
## 2.17.0
|
|
|
|
### Improvements
|
|
|
|
* Added support for controller's gateway discovery.
|
|
With `ingressController.gatewayDiscovery.enabled` set to `true` Kong Ingress Controller
|
|
will enable gateway discovery using an Admin API service.
|
|
For more information on this please see [the corresponding README.md section][kic_gateway_discovery_readme].
|
|
This feature is only available when deploying chart with Kong Ingress Controller in version 2.9 or higher.
|
|
[#747](https://github.com/Kong/charts/pull/747)
|
|
* Added experimental support for the ingress controller's Konnect sync feature via `ingressController.konnect.*` values.
|
|
This feature is only available when deploying chart with Kong Ingress Controller in version 2.9 or higher and
|
|
requires `ingressController.gatewayDiscovery.enabled` set to `true`.
|
|
[#746](https://github.com/Kong/charts/pull/746)
|
|
* Added support for annotations on the admission webhook ValidatingWebhookConfiguration.
|
|
[#760](https://github.com/Kong/charts/pull/760)
|
|
* Added support for `subject` and `privateKey` properties on certificates.
|
|
[#762](https://github.com/Kong/charts/pull/762)
|
|
* Added support for loadBalancerClass in LoadBalancer type services.
|
|
[#767](https://github.com/Kong/charts/pull/767)
|
|
* Added support for `GRPCRoute`s.
|
|
[#772](https://github.com/Kong/charts/pull/772)
|
|
* Default Kong version is bumped to 3.2.
|
|
[#773](https://github.com/Kong/charts/pull/773)
|
|
* Added support for admissionhook to include labels.
|
|
[#768](https://github.com/Kong/charts/pull/768)
|
|
|
|
### Under the hood
|
|
|
|
* Add kube-linter to the CI pipeline to ensure produced manifests comply
|
|
with community best practices.
|
|
[#751](https://github.com/Kong/charts/pull/751)
|
|
|
|
[kic_gateway_discovery_readme]: ./README.md#the-gatewaydiscovery-section
|
|
|
|
## 2.16.5
|
|
|
|
### Fixed
|
|
|
|
* Fix autoscaling version detection.
|
|
[#752](https://github.com/Kong/charts/pull/752)
|
|
* Don't include a clear-stale-pid initContainer when kong gateway is not
|
|
enabled in the deployment.
|
|
[#749](https://github.com/Kong/charts/pull/749)
|
|
|
|
## 2.16.4
|
|
|
|
### Fixed
|
|
|
|
* HorizontalPodAutoscaler's API version is detected properly.
|
|
[#744](https://github.com/Kong/charts/pull/744)
|
|
|
|
## 2.16.3
|
|
|
|
### Fixed
|
|
|
|
* Fix template issue preventing custom dblessconfig volume from being mounted.
|
|
[#741](https://github.com/Kong/charts/pull/741)
|
|
|
|
## 2.16.2
|
|
|
|
### Fixed
|
|
|
|
* The admission webhook is disabled when the ingress controller is disabled, as
|
|
the admission webhook requires a service provided by the ingress controller.
|
|
|
|
## 2.16.1
|
|
|
|
### Fixed
|
|
|
|
* serviceAccount projected volume is properly provisioned for GKE clusters >= 1.20.
|
|
[#735](https://github.com/Kong/charts/pull/735)
|
|
|
|
## 2.16.0
|
|
|
|
### Improvements
|
|
|
|
* Let users specify their own labels and annotations for generated PodSecurityPolicy.
|
|
[#721](https://github.com/Kong/charts/pull/721)
|
|
* Enable the admission webhook by default. This can reject configuration, but
|
|
is not expected to be a meaningfully breaking change. Existing configuration
|
|
is not affected, and any new changes that the webhook would reject would also
|
|
be rejected by Kong.
|
|
[#727](https://github.com/Kong/charts/pull/727)
|
|
* Replaced static secret with projected volume in deployment.
|
|
[#722](https://github.com/Kong/charts/pull/722)
|
|
* Reject invalid log config values.
|
|
[#733](https://github.com/Kong/charts/pull/733)
|
|
* Update custom resource definitions to latest v2.8.1 from
|
|
kong/kubernetes-ingress-controller
|
|
[#730](https://github.com/Kong/charts/pull/730)
|
|
* Respect setting `.Values.deployment.serviceAccount.automountServiceAccountToken` in
|
|
migrations Jobs. This was already the case for the Deployment.
|
|
[#729](https://github.com/Kong/charts/pull/729)
|
|
|
|
## 2.15.3
|
|
|
|
### Fixed
|
|
|
|
* Changed `ingressController.readinessProbe` to use `/readyz` to prevent pods from becoming ready and serving 404s prior to the `ingress-controller` first syncing config to the `proxy` [#716](https://github.com/Kong/charts/pull/716).
|
|
* Fixed incorrect `if` block order in volume mount templates.
|
|
|
|
## 2.15.2
|
|
|
|
### Fixed
|
|
|
|
* Do not attempt to mount DB-less config if none provided by chart.
|
|
|
|
## 2.15.1
|
|
|
|
### Fixed
|
|
|
|
* Remove unnecessary failure condition from [#695](https://github.com/Kong/charts/pull/695).
|
|
|
|
## 2.15.0
|
|
|
|
### Improvements
|
|
|
|
* Add the `dblessConfig.secret` key to the values file, allowing the user to
|
|
supply a Secret for their dbless config file.
|
|
[#695](https://github.com/Kong/charts/pull/695)
|
|
* Add support for version `v1beta1` of the Gateway API when generating RBAC rules.
|
|
* Add support for version `v1beta1` of the Gateway API when generating RBAC rules.
|
|
([#706](https://github.com/Kong/charts/pull/706))
|
|
* Prevent supplying duplicate plugin inclusion to `KONG_PLUGINS` env variable.
|
|
([#711](https://github.com/Kong/charts/pull/711))
|
|
|
|
### Fixed
|
|
|
|
* Removed appProtocol to fix AKS load balancer
|
|
([#705](https://github.com/Kong/charts/pull/705))
|
|
* Fix lookup for CA certificate secret for admission webhook.
|
|
([#704](https://github.com/Kong/charts/pull/704))
|
|
|
|
## 2.14.0
|
|
|
|
Note: KIC 2.8 does include several updates to CRDs, but only for documentation and validation.
|
|
You can [upgrade CRDs](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#updates-to-crds),
|
|
but doing so is not required.
|
|
|
|
### Improvements
|
|
|
|
* Default Kong and KIC versions bumped to 3.1 and 2.8.
|
|
* UDP proxy (udpProxy) assumes the UDP protocol by default for stream entries (udpProxy.stream).
|
|
This can be still overridden to TCP by specifying the protocol explicitly, but it is not recommended to do so.
|
|
[#682](https://github.com/Kong/charts/pull/682)
|
|
* Supported `autoscaling/v2` API
|
|
([#679](https://github.com/Kong/charts/pull/679))
|
|
* Add support for specifying the minium number of seconds for which newly created pods should be ready without
|
|
any of its container crashing, for it to be considered available. (`deployment.minReadySeconds`)
|
|
([#688](https://github.com/Kong/charts/pull/688))
|
|
* Increased the default memory requests and limits for the Kong pod to 2G
|
|
([#690](https://github.com/Kong/charts/pull/690))
|
|
* Add a rule for `KongIngress` to the ValidatingWebhookConfiguration.
|
|
([#702](https://github.com/Kong/charts/pull/702))
|
|
|
|
### Fixed
|
|
|
|
* Removed `PodSecurityPolicy` if the API is not supported in k8s cluster
|
|
to be compatible to k8s 1.25+.
|
|
[#680](https://github.com/Kong/charts/pull/680)
|
|
|
|
|
|
## 2.13.1
|
|
|
|
### Improvements
|
|
|
|
* Updated default controller version to [KIC 2.7](https://github.com/Kong/kubernetes-ingress-controller/blob/main/CHANGELOG.md#270).
|
|
|
|
## 2.13.0
|
|
|
|
### Improvements
|
|
|
|
* Added cert-manager issuer support for proxy default and cluster mtls certificates
|
|
([#592](https://github.com/Kong/charts/pull/592))
|
|
* Updated CRDs with the new ordering field for KongPlugins, the new
|
|
IngressClassParameters resource, and assorted field description updates.
|
|
These [require a manual update](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#updates-to-crds).
|
|
* Updated default tags to Kong 3.0 and KIC 2.6.
|
|
|
|
## 2.12.0
|
|
|
|
### Improvements
|
|
|
|
* Added ClusterRole for cluster-scoped resources when using watchNamespaces.
|
|
[#611](https://github.com/Kong/charts/issues/611)
|
|
* Added `extraObjects` to create additional k8s resources as part of the helm release.
|
|
[#652](https://github.com/Kong/charts/issues/652)
|
|
|
|
## 2.11.0
|
|
|
|
### Fixed
|
|
|
|
* Fixed Deployment missing if in case of empty tolerations
|
|
[#630](https://github.com/Kong/charts/issues/630)
|
|
* Use stdout and stderr by default for all logs. Several were writing to prefix
|
|
directory files.
|
|
[#634](https://github.com/Kong/charts/issues/634)
|
|
* Remove `terminationGracePeriodSeconds` from KIC's container spec since this
|
|
field is only applicable for pods, not containers.
|
|
[#640](https://github.com/Kong/charts/issues/640)
|
|
|
|
### Improvements
|
|
|
|
* Bump controller version to 2.5.
|
|
[#642](https://github.com/Kong/charts/issues/642)
|
|
* Added `fullnameOverride` to override the normal resource name string.
|
|
[#635](https://github.com/Kong/charts/issues/635)
|
|
* Added size limits for emptyDir mounts.
|
|
[#632](https://github.com/Kong/charts/issues/632)
|
|
|
|
## 2.10.2
|
|
|
|
### Fixed
|
|
|
|
* Kuma now also mounts ServiceAccount tokens on releases without a controller
|
|
container.
|
|
|
|
## 2.10.1
|
|
|
|
### Fixed
|
|
|
|
* Updated manual ServiceAccount Secret mount format for compatibility with
|
|
Kuma.
|
|
|
|
## 2.10.0
|
|
|
|
### Added
|
|
|
|
* Added option to disable test job pods.
|
|
[#598](https://github.com/Kong/charts/issues/598)
|
|
* Changed default admission failure policy from `Fail` to `Ignore`.
|
|
[#612](https://github.com/Kong/charts/issues/612)
|
|
* ServiceAccount tokens are now only mounted in the controller container to
|
|
limit attack surface.
|
|
[#619](https://github.com/Kong/charts/issues/619)
|
|
|
|
## 2.9.1
|
|
|
|
### Fixed
|
|
|
|
* Fixed another unwanted newline chomp that broke GatewayClass
|
|
permissions.
|
|
|
|
## 2.9.0
|
|
|
|
* Added terminationDelaySeconds for Ingress Controller.
|
|
([597](https://github.com/Kong/charts/pull/597))
|
|
* Made KNative permissions conditional on CRD availability.
|
|
|
|
### Fixed
|
|
|
|
* Removed KNative permission from the Gateway permissions set.
|
|
|
|
## 2.8.2
|
|
|
|
### Fixed
|
|
|
|
* Fixed an unwanted newline chomp in fix PR #595.
|
|
([594](https://github.com/Kong/charts/pull/594))
|
|
|
|
## 2.8.1
|
|
|
|
### Fixed
|
|
|
|
* Fixed the stream default type, which should have been an empty array, not an
|
|
empty map. This had no effect on chart behavior, but resulted in warning
|
|
messages when user values.yamls contained non-empty stream configuration.
|
|
([594](https://github.com/Kong/charts/pull/594))
|
|
* Gateway API permissions are no longer created if Gateway API CRDs are not
|
|
installed on the cluster. This would block installs by non-super admin users.
|
|
([595](https://github.com/Kong/charts/pull/595))
|
|
|
|
## 2.8.0
|
|
|
|
### Breaking changes
|
|
|
|
2.8 requires manual removal of existing IngressClass resources and updates the
|
|
Postgres sub-chart version. Further details are available [in the upgrade guide](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#280).
|
|
|
|
The chart honors `ingressController.installCRDs: false` again. Remove it from
|
|
your values.yaml if it is currently present. Unless your install user [lacks
|
|
permissions to read
|
|
CRDs](https://github.com/Kong/charts/blob/main/charts/kong/README.md#removing-c
|
|
luster-scoped-permissions), which would have prevented you from installing
|
|
earlier chart versions, you should omit this setting and let the templates
|
|
detect whether you use the legacy CRD installation method automatically.
|
|
|
|
### Improvements
|
|
|
|
* Added Ingress for cluster sync.
|
|
([583](https://github.com/Kong/charts/pull/583))
|
|
* Added controller support for custom environment variables.
|
|
([568](https://github.com/Kong/charts/pull/568))
|
|
* Ingress `pathType` field is now configurable.
|
|
([564](https://github.com/Kong/charts/pull/564))
|
|
* Added IngressClass resources to RBAC roles.
|
|
([563](https://github.com/Kong/charts/pull/563))
|
|
* Ingresses now support wildcard hostnames.
|
|
([559](https://github.com/Kong/charts/pull/559))
|
|
* Enables the option to add sidecar containers to the migration containers.
|
|
([540](https://github.com/Kong/charts/pull/540))
|
|
* Update the IngressClass controller string to match the value used upstream.
|
|
([557](https://github.com/Kong/charts/pull/557))
|
|
* Added support for user-defined controller volume mounts.
|
|
([560](https://github.com/Kong/charts/pull/560))
|
|
* Added support for autoscaling `behavior`.
|
|
([561](https://github.com/Kong/charts/pull/561))
|
|
* Improved support and documentation for installations that [lack
|
|
cluster-scoped permissions](https://github.com/Kong/charts/blob/main/charts/kong/README.md#removing-cluster-scoped-permissions).
|
|
([565](https://github.com/Kong/charts/pull/565))
|
|
* Updated podDisruptionBudget from `policy/v1beta1` to `policy/v1`.
|
|
([574](https://github.com/Kong/charts/pull/574))
|
|
* Updated controller version to 2.3.
|
|
|
|
### Fixed
|
|
|
|
* Removed CREATE from ValidatingWebhookConfiguration objectSelector for Secrets to align with changes in Kong/kubernetes-ingress-controller.
|
|
([#542](https://github.com/Kong/charts/pull/542))
|
|
* Fixed traffic routing from Istio's envoy proxy to Kong proxy when using Istio's AuthorizationPolicy.
|
|
([#550](https://github.com/Kong/charts/pull/550))
|
|
* Fixed creation of non-default IngressClasses
|
|
([#552](https://github.com/Kong/charts/pull/552))
|
|
* Fixed: wait_for_db no longer tries to instantiate the keyring in Kong Enterprise
|
|
([#556](https://github.com/Kong/charts/pull/556))
|
|
|
|
## 2.7.0
|
|
|
|
2.7.0 includes CRD updates, which [must be applied manually](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#270).
|
|
|
|
### Breaking Changes
|
|
|
|
* There are upstream changes to the Postgres sub-chart that change many
|
|
values.yaml keys. The default `postgresqlUsername` and `postgresqlDatabase`
|
|
keys used in this chart's values.yaml are now `auth.username` and
|
|
`auth.database`. If you set other Postgres sub-chart values, consult the
|
|
[upstream README](https://github.com/bitnami/charts/tree/master/bitnami/postgresql)
|
|
and [upgrade guide](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/#to-1100)
|
|
to see what you need to change.
|
|
|
|
### Improvements
|
|
|
|
* Added Gateway API resources to RBAC rules.
|
|
([#536](https://github.com/Kong/charts/pull/536))
|
|
* Replaced `sleep 15` in `preStop` command with `--wait=15` argument to `kong quit`.
|
|
([#531](https://github.com/Kong/charts/pull/531))
|
|
* Added support for non `KONG_` prefixed custom environment variables
|
|
([#530](https://github.com/Kong/charts/pull/530))
|
|
* Updated to latest CRDs from upstream.
|
|
|
|
## 2.6.5
|
|
|
|
### Fixed
|
|
|
|
* Generated IngressClass resources persist across updates properly.
|
|
([#518](https://github.com/Kong/charts/pull/518))
|
|
|
|
## 2.6.4
|
|
|
|
### Improvements
|
|
|
|
* Updated default tags to Kong 2.7, Kong Enterprise 2.7.0.0, and Kong Ingress
|
|
Controller 2.1.
|
|
|
|
### Fixed
|
|
|
|
* Corrected a misnamed field in podDisruptionBudget.
|
|
([#519](https://github.com/Kong/charts/pull/519))
|
|
|
|
## 2.6.3
|
|
|
|
### Improvements
|
|
|
|
* Increased example resources for the Kong container.
|
|
([#511](https://github.com/Kong/charts/pull/511))
|
|
|
|
### Fixed
|
|
|
|
* Corrected an invalid label match condition for the admission webhook.
|
|
([#513](https://github.com/Kong/charts/pull/513))
|
|
|
|
## 2.6.2
|
|
|
|
### Improvements
|
|
|
|
* Added `app` and `version` labels to pods.
|
|
([#504](https://github.com/Kong/charts/pull/504))
|
|
* Reworked leftover socket file cleanup to avoid similar problems of the same
|
|
class.
|
|
([#508](https://github.com/Kong/charts/pull/508))
|
|
|
|
### Fixed
|
|
|
|
* SecurityContext and resources applied to PID cleanup initContainer also.
|
|
([#503](https://github.com/Kong/charts/pull/503))
|
|
* Disabled the admission webhook on Helm Secrets, fixing an issue where it
|
|
prevented Helm from updating release metadata.
|
|
([#500](https://github.com/Kong/charts/pull/500))
|
|
* initContainers that use the Kong image use the same imagePullPolicy as the
|
|
main Kong container.
|
|
([#501](https://github.com/Kong/charts/pull/501))
|
|
* Applied mesh sidecar annotations to the Pod, not the Deployment.
|
|
([#507](https://github.com/Kong/charts/pull/507))
|
|
|
|
## 2.6.1
|
|
|
|
### Fixed
|
|
|
|
* Disabled IngressClass creation on Kubernetes versions that do not support it.
|
|
* Added missing resources (Secrets, KongClusterPlugins) to the admission
|
|
controller configuration.
|
|
([#492](https://github.com/Kong/charts/pull/492))
|
|
|
|
## 2.6.0
|
|
|
|
**Note:** chart versions 2.3.0 through 2.5.0 contained an incorrect
|
|
KongIngress CRD. The `proxy.path` field was missing. Helm will not fix this
|
|
automatically on upgrade. You can fix it by running:
|
|
|
|
```
|
|
kubectl apply -f https://raw.githubusercontent.com/Kong/charts/main/charts/kong/crds/custom-resource-definitions.yaml
|
|
```
|
|
|
|
### Improvements
|
|
|
|
* Added an initContainer to clear leftover PID file in the event of a Kong
|
|
container crash, allowing the container to restart.
|
|
([#480](https://github.com/Kong/charts/pull/480))
|
|
* Added deployment.hostNetwork to enable host network access.
|
|
([#486](https://github.com/Kong/charts/pull/486))
|
|
|
|
### Fixed
|
|
|
|
* NOTES.txt documentation link now uses up-to-date location.
|
|
* Ingress availability check tightened to require the Ingress API specifically
|
|
in `networking.k8s.io/v1`.
|
|
([#484](https://github.com/Kong/charts/pull/484))
|
|
* Flipped backwards logic for creating an IngressClass when no IngressClass was
|
|
present.
|
|
([#485](https://github.com/Kong/charts/pull/485))
|
|
* Removed unnecessary hardcoded controller container argument.
|
|
([#481](https://github.com/Kong/charts/pull/481))
|
|
* Restored missing `proxy.path` field to KongIngress CRD.
|
|
|
|
## 2.5.0
|
|
|
|
### Improvements
|
|
|
|
* Default Kong proxy version updated to 2.6.
|
|
|
|
### Fixed
|
|
|
|
* Properly disable KongClusterPlugin when watchNamespaces is set.
|
|
([#475](https://github.com/Kong/charts/pull/475))
|
|
|
|
## 2.4.0
|
|
|
|
### Breaking Changes
|
|
|
|
* KIC now defaults to version 2.0. If you use a database, you must first
|
|
perform a temporary intermediate upgrade to disable KIC before upgrading it
|
|
to 2.0 and re-enabling it. See the [upgrade guide](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#disable-ingress-controller-prior-to-2x-upgrade-when-using-postgresql)
|
|
for detailed instructions.
|
|
* ServiceAccount are now always created by default unless explicitly disabled.
|
|
ServiceAccount customization has [moved under the `deployment` section of
|
|
configuration](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#changed-serviceaccount-configuration-location)
|
|
to reflect this. This accomodates configurations that need a ServiceAccount
|
|
but that do not use the ingress controller.
|
|
([#455](https://github.com/Kong/charts/pull/455))
|
|
|
|
### Improvements
|
|
|
|
* Migration jobs support a configurable backoffLimit.
|
|
([#442](https://github.com/Kong/charts/pull/442))
|
|
* Generated Ingresses now use `networking.k8s.io/v1` when available.
|
|
([#446](https://github.com/Kong/charts/pull/446))
|
|
|
|
### Fixed
|
|
|
|
* 5-digit UDP ports now work properly.
|
|
([#443](https://github.com/Kong/charts/pull/443))
|
|
* Fixed port name used for NLB annotation example.
|
|
([#458](https://github.com/Kong/charts/pull/458))
|
|
* Fixed a compatibility issue with Helm's `--set-file` feature and
|
|
user-provided DB-less configuration ConfigMaps.
|
|
([#465](https://github.com/Kong/charts/pull/465))
|
|
|
|
## 2.3.0
|
|
|
|
### Breaking Changes
|
|
|
|
* Upgraded CRDs to V1 from the previous deprecated v1beta1.
|
|
[#391](https://github.com/kong/charts/issues/391)
|
|
ACTION REQUIRED: This is a breaking change as it makes
|
|
this chart incompatible with Kubernetes clusters older
|
|
than v1.16.x. Upgrade your cluster to a version greater
|
|
than or equal to v1.16 before installing.
|
|
Note that technically it will remain possible to deploy
|
|
on older clusters by managing the CRDs manually ahead of
|
|
time (e.g. intentionally deploying the legacy CRDs) but
|
|
these configurations will be considered unsupported.
|
|
[upgrade](https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/)
|
|
ACTION REQUIRED: For existing deployments Helm avoids managing
|
|
CRDs so when upgrading from a previous release you will need
|
|
to apply the new V1 versions of the CRDs (in `crds/`) manually.
|
|
[hip-0011](https://github.com/helm/community/blob/main/hips/hip-0011.md)
|
|
([#415](https://github.com/Kong/charts/pull/415))
|
|
* Added support for controller metrics to the Prometheus resources. This
|
|
requires KIC 2.x. The chart automatically detects if your controller image is
|
|
compatible, but only if your tag is semver-compliant. If you are using an
|
|
image without a semver-compliant tag (such as `next`) you _must_ set the
|
|
`ingressController.image.effectiveSemver` value to a semver string
|
|
appropriate for your image (for example, if your image is 2.0.0-based, you
|
|
would set it to `2.0.0`.
|
|
([#430](https://github.com/Kong/charts/pull/430))
|
|
|
|
### Improvements
|
|
|
|
* Updated default Kong versions to 2.5 (OSS) and 2.5.0.0 (Enterprise).
|
|
* Added user-configured initContainer support to Jobs.
|
|
([#408](https://github.com/Kong/charts/pull/408))
|
|
* Upgraded RBAC resources to v1 from v1beta1 for compatibility with Kubernetes
|
|
1.22 and newer. This breaks compatibility with Kubernetes 1.7 and older, but
|
|
these Kubernetes versions were never supported, so this change is not
|
|
breaking. Added additional permissions to support KIC 2.x.
|
|
([#420](https://github.com/Kong/charts/pull/420))
|
|
([#419](https://github.com/Kong/charts/pull/419))
|
|
* Added `ingressController.watchNamespaces[]` to values.yaml. When set, the
|
|
controller will only watch the listed namespaces (instead of all namespaces,
|
|
the default), and will create Roles for each namespace (instead of a
|
|
ClusterRole). This feature requires KIC 2.x.
|
|
([#420](https://github.com/Kong/charts/pull/420))
|
|
* Added support for [dnsPolicy and
|
|
dnsConfig](https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/).
|
|
([#425](https://github.com/Kong/charts/pull/425))
|
|
* Use migration commands directly in upgrade/install Jobs instead of invoking
|
|
them via a shell. This adds support for some additional features in Kong
|
|
images that only apply when the container command starts with `kong`.
|
|
([#429](https://github.com/Kong/charts/pull/429))
|
|
|
|
### Fixed
|
|
* Fixed an incorrect template for DaemonSet releases.
|
|
([#426](https://github.com/Kong/charts/pull/426))
|
|
|
|
## 2.2.0
|
|
|
|
### Breaking changes
|
|
|
|
* Removed default `maxUnavailable` setting for pod disruption budget
|
|
configuration. This is necessary to allow usage of the `minUnavailable`
|
|
setting, but means that there is no longer any default availability
|
|
constraint. If you set `podDisruptionBudget.enabled=true` in your values and
|
|
did not previously set any `podDisruptionBudget.maxUnavailable` value, you
|
|
must add `podDisruptionBudget.maxUnavailable="50%"` to your values.
|
|
|
|
### Improvements
|
|
|
|
* Added host alias injection to override DNS and/or add DNS entries not
|
|
available from the DNS resolver.
|
|
([#366](https://github.com/Kong/charts/pull/366))
|
|
* Added support for custom labels.
|
|
([#370](https://github.com/Kong/charts/pull/370))
|
|
* Only add paths to Ingresses if configured, for OpenShift 4.x compatibility.
|
|
([#375](https://github.com/Kong/charts/pull/375))
|
|
* Kong containers no longer the image ENTRYPOINT. This allows the stock image
|
|
bootstrap scripts to run normally.
|
|
([#377](https://github.com/Kong/charts/pull/377))
|
|
* Added security context settings for containers.
|
|
([#387](https://github.com/Kong/charts/pull/387))
|
|
* Bumped Kong and controller image defaults to the latest versions.
|
|
([#378](https://github.com/Kong/charts/pull/378))
|
|
* Added support for user-provided admission webhook certificates.
|
|
([#385](https://github.com/Kong/charts/pull/385))
|
|
* Disable service account tokens when it is unnecessary.
|
|
([#389](https://github.com/Kong/charts/pull/389))
|
|
|
|
### Fixed
|
|
|
|
* Admission webhook port is now listed under the controller container, where
|
|
the admission webhook runs.
|
|
([#384](https://github.com/Kong/charts/pull/384))
|
|
|
|
### Documentation
|
|
|
|
* Removed a duplicate key from example values.
|
|
([#360](https://github.com/Kong/charts/pull/360))
|
|
* Clarified Enterprise free mode usage.
|
|
([#362](https://github.com/Kong/charts/pull/362))
|
|
* Expand EKS Service annotation examples for proxy.
|
|
([#376](https://github.com/Kong/charts/pull/375))
|
|
|
|
## 2.1.0
|
|
|
|
### Improvements
|
|
|
|
* Added support for user-defined volumes, volume mounts, and init containers.
|
|
([#317](https://github.com/Kong/charts/pull/317))
|
|
* Tolerations are now applied to migration Job Pods also.
|
|
([#341](https://github.com/Kong/charts/pull/341))
|
|
* Added support for using a DaemonSet instead of Deployment.
|
|
([#347](https://github.com/Kong/charts/pull/347))
|
|
* Updated default image versions and completed migration off Bintray
|
|
repositories.
|
|
([#349](https://github.com/Kong/charts/pull/349))
|
|
* PDB ignores migration Job Pods.
|
|
([#352](https://github.com/Kong/charts/pull/352))
|
|
|
|
### Documentation
|
|
|
|
* Clarified service monitor usage information.
|
|
([#345](https://github.com/Kong/charts/pull/345))
|
|
|
|
## 2.0.0
|
|
|
|
### Breaking changes
|
|
|
|
* Helm 2 is no longer supported. You **must** [migrate your Kong chart releases
|
|
to Helm 3](https://helm.sh/docs/topics/v2_v3_migration/) before updating to
|
|
this release.
|
|
* Deprecated [Portal auth settings](https://github.com/Kong/charts/blob/kong-1.15.0/charts/kong/UPGRADE.md#removal-of-dedicated-portal-authentication-configuration-parameters)
|
|
are no longer supported.
|
|
* The deprecated [`runMigrations` setting](https://github.com/Kong/charts/blob/kong-1.15.0/charts/kong/UPGRADE.md#changes-to-migration-job-configuration)
|
|
is no longer supported.
|
|
* Deprecated [admin API Service configuration](https://github.com/Kong/charts/blob/kong-1.15.0/charts/kong/UPGRADE.md#changes-to-kong-service-configuration)
|
|
is no longer supported.
|
|
* Deprecated [multi-host proxy configuration](https://github.com/Kong/charts/blob/kong-1.15.0/charts/kong/UPGRADE.md#removal-of-multi-host-proxy-ingress)
|
|
is no longer supported.
|
|
|
|
`helm upgrade` with the previous version (1.15.0) will print a warning message
|
|
if you still use any of the removed values.yaml configuration. If you do not
|
|
see any warnings after the upgrade completes, you are already using the modern
|
|
equivalents of these settings and can proceed with upgrading to 2.0.0-rc1.
|
|
|
|
### Improvements
|
|
|
|
* Admission webhook certificates persist after their initial creation. This
|
|
prevents an unnecessary restart of Kong Pods on upgrades that do not actually
|
|
modify the deployment.
|
|
([#256](https://github.com/Kong/charts/pull/256))
|
|
* `ingressController.installCRDs` now defaults to `false`, simplifying
|
|
installation on Helm 3. Installs now default to using Helm 3's CRD management
|
|
system, and do not require changes to values or install flags to install
|
|
successfully.
|
|
([#305](https://github.com/Kong/charts/pull/305))
|
|
* Added support for Pod `topologySpreadConstraints`.
|
|
([#308](https://github.com/Kong/charts/pull/308))
|
|
* Kong Ingress Controller image now pulled from Docker Hub (due to Bintray being
|
|
discontinued). Changed the default Docker image repository for the ingress
|
|
controller.
|
|
|
|
### Fixed
|
|
|
|
* Generated admission webhook certificates now include SANs for compatibility
|
|
with Go 1.15 controller builds.
|
|
([#312](https://github.com/Kong/charts/pull/312)).
|
|
|
|
### Documentation
|
|
|
|
* Clarified use of `terminationGracePeriodSeconds`.
|
|
([#302](https://github.com/Kong/charts/pull/302))
|
|
|
|
## 1.15.0
|
|
|
|
1.15.0 is an interim release before the planned release of 2.0.0. There were
|
|
several feature changes we wanted to release prior to the removal of deprecated
|
|
functionality for 2.0. The original planned deprecations covered in the [1.14.0
|
|
changelog](#1140) are still planned for 2.0.0.
|
|
|
|
### Improvements
|
|
|
|
* The default Kong version is now 2.3 and the default Kong Enterprise version
|
|
is now 2.3.2.0.
|
|
* Added configurable `terminationGracePeriodSeconds` for the pre-stop lifecycle
|
|
hook.
|
|
([#271](https://github.com/Kong/charts/pull/271)).
|
|
* Initial migration database wait init containers no longer have a default
|
|
image configuration in values.yaml. When no image is specified, the chart
|
|
will use the Kong image. The standard Kong images include bash, and can run
|
|
the database wait script without downloading a separate image. Configuring a
|
|
wait image is now only necessary if you use a custom Kong image that lacks
|
|
bash.
|
|
([#285](https://github.com/Kong/charts/pull/285)).
|
|
* Init containers for database availability and migration completeness can now
|
|
be disabled. They cause compatibility issues with many service meshes.
|
|
([#285](https://github.com/Kong/charts/pull/285)).
|
|
* Removed the default migration Job annotation that disabled Kuma's mesh proxy.
|
|
The latest version of Kuma no longer prevents Jobs from completing.
|
|
([#285](https://github.com/Kong/charts/pull/285)).
|
|
* Services now support user-configurable labels, and the Prometheus
|
|
ServiceMonitor label is included on the proxy Service by default. Users that
|
|
disable the proxy Service and add this label to another Service to collect
|
|
metrics.
|
|
([#290](https://github.com/Kong/charts/pull/290)).
|
|
* Migration Jobs now allow resource quota configuration. Init containers
|
|
inherit their resource quotas from their associated Kong container.
|
|
([#294](https://github.com/Kong/charts/pull/294)).
|
|
|
|
### Fixed
|
|
|
|
* The database readiness wait script ConfigMap and associated mounts are no
|
|
longer created if that feature is not in use.
|
|
([#285](https://github.com/Kong/charts/pull/285)).
|
|
* Removed a duplicated field from CRDs.
|
|
([#281](https://github.com/Kong/charts/pull/281)).
|
|
|
|
## 1.14.5
|
|
|
|
### Fixed
|
|
|
|
* Removed `http2` from default status listen TLS parameters. It only supports a
|
|
limited subset of the extra listen parameters, and does not allow `http2`.
|
|
|
|
## 1.14.4
|
|
|
|
### Fixed
|
|
|
|
* Status listens now include parameters in the default values.yaml. The absence
|
|
of these defaults caused a template rendering error when the TLS listen was
|
|
enabled.
|
|
|
|
### Documentation
|
|
|
|
* Updated status listen comments to reflect TLS listen availability on Kong
|
|
2.1+.
|
|
|
|
## 1.14.3
|
|
|
|
### Fixed
|
|
|
|
* Fix issues with legacy proxy Ingress object template.
|
|
|
|
## 1.14.2
|
|
|
|
### Fixed
|
|
|
|
* Corrected invalid default value for `enterprise.smtp.smtp_auth`.
|
|
|
|
## 1.14.1
|
|
|
|
### Fixed
|
|
|
|
* Moved several Kong container settings into the appropriate template block.
|
|
Previously these were rendered whether or not the Kong container was enabled,
|
|
which unintentionally applied them to the controller container.
|
|
|
|
## 1.14.0
|
|
|
|
### Breaking changes
|
|
|
|
1.14 is the last planned 1.x version of the Kong chart. 2.x will remove support
|
|
for Helm 2.x and all deprecated configuration. The chart prints a warning when
|
|
upgrading or installing if it detects any configuration still using an old
|
|
format.
|
|
|
|
* All Ingress and Service resources now use the same template. This ensures
|
|
that all chart Ingresses and Services support the same configuration. The
|
|
proxy previously used a unique Ingress configuration, which is now
|
|
deprecated. If you use the proxy Ingress, [see the instructions in
|
|
UPGRADE.md](https://github.com/Kong/charts/blob/kong-1.14.0/charts/kong/UPGRADE.md#removal-of-multi-host-proxy-ingress)
|
|
to update your configuration. No changes are required for other Service and
|
|
Ingress configurations.
|
|
([#251](https://github.com/Kong/charts/pull/251)).
|
|
* The chart now uses the standard Kong status endpoint instead of custom
|
|
configuration, allowing users to specify their own custom configuration. The
|
|
status endpoint is no available in versions older than Kong 1.4.0 or Kong
|
|
Enterprise 1.5.0; if you use an older version, you will need to [add and load
|
|
the old custom configuration](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#default-custom-server-block-replaced-with-status-listen).
|
|
|
|
If you use a newer version and include Kong container readinessProbe and/or
|
|
livenessProbe configuration in your values.yaml, you must change the port
|
|
from `metrics` to `status`.
|
|
([#255](https://github.com/Kong/charts/pull/255)).
|
|
|
|
### Fixed
|
|
|
|
* Correct an issue with migrations Job toggles.
|
|
([#231](https://github.com/Kong/charts/pull/231))
|
|
|
|
## 1.13.0
|
|
|
|
### Improvements
|
|
|
|
* Updated default Kong Enterprise version to 2.2.1.0-alpine.
|
|
* Updated default Kong Ingress Controller version to 1.1.
|
|
* Add `namespace` to values.yaml to override release namespace if desired.
|
|
([#231](https://github.com/Kong/charts/pull/231))
|
|
|
|
### Fixed
|
|
|
|
* Migration Jobs now use the same nodeSelector configuration as the main Kong
|
|
Deployment.
|
|
([#238](https://github.com/Kong/charts/pull/238))
|
|
* Disabled custom Kong template mount if Kong is not enabled.
|
|
([#240](https://github.com/Kong/charts/pull/240))
|
|
* Changed YAML string to a YAML boolean.
|
|
([#240](https://github.com/Kong/charts/pull/240))
|
|
|
|
### Documentation
|
|
|
|
* Clarify requirements for using horizontal pod autoscalers.
|
|
([#236](https://github.com/Kong/charts/pull/236))
|
|
|
|
## 1.12.0
|
|
|
|
### Improvements
|
|
|
|
* Increased default worker count to 2 to avoid issues with latency during
|
|
blocking tasks, such as DB-less config updates. This change increases memory
|
|
usage, but the increase should not be a concern for any but the smallest
|
|
deployments (deployments with memory limits below 512MB).
|
|
* Updated default Kong version to 2.2.
|
|
([#221](https://github.com/Kong/charts/pull/221))
|
|
* Updated default Kong Enterprise version to 2.1.4.1.
|
|
* Added a means to mount extra ConfigMap and Secret resources.
|
|
([#208](https://github.com/Kong/charts/pull/208))
|
|
* Added configurable annotations for migration Jobs.
|
|
([#219](https://github.com/Kong/charts/pull/219))
|
|
* Added template for deprecation warnings to automate formatting and avoid
|
|
excess newlines.
|
|
|
|
### Fixed
|
|
|
|
* Upgrades no longer force auto-scaling Deployments back to the replica count.
|
|
([#222](https://github.com/Kong/charts/pull/222))
|
|
|
|
## 1.11.0
|
|
|
|
### Breaking changes
|
|
|
|
* Kong Ingress Controller 1.0 removes support for several deprecated flags and
|
|
the KongCredential custom resource. Please see the [controller changelog](https://github.com/Kong/kubernetes-ingress-controller/blob/main/CHANGELOG.md#breaking-changes)
|
|
for details. Note that Helm 3 will not remove the KongCredential CRD by
|
|
default: you should delete it manually after converting KongCredentials to
|
|
[credential Secrets](https://github.com/Kong/kubernetes-ingress-controller/blob/next/docs/guides/using-consumer-credential-resource.md#provision-a-consumer).
|
|
If you manage CRDs using Helm (check to see if your KongCredential CRD has a
|
|
`app.kubernetes.io/managed-by: Helm` label), perform the credential Secret
|
|
conversion **before** upgrading to chart 1.11.0 to avoid losing credential
|
|
configuration.
|
|
* The chart no longer uses the `extensions` API for PodSecurityPolicy, and now
|
|
uses the modern `policy` API. This breaks compatibility with Kubernetes
|
|
versions 1.11 and older.
|
|
([#195](https://github.com/Kong/charts/pull/195))
|
|
|
|
### Improvements
|
|
|
|
* Updated default controller version to 1.0.
|
|
* The chart now adds namespace information to manifests explicitly. This
|
|
simplifies workflows that use `helm template`.
|
|
([#193](https://github.com/Kong/charts/pull/193))
|
|
|
|
### Fixed
|
|
* Changes to annotation block generation prevent incorrect YAML indentation
|
|
when specifying annotations via command line arguments to Helm commands.
|
|
([#200](https://github.com/Kong/charts/pull/200))
|
|
|
|
## 1.10.0
|
|
|
|
### Breaking changes
|
|
|
|
* Kong Ingress Controller 0.10.0 comes with breaking changes to global
|
|
`KongPlugin`s and to resources without an ingress class defined. Refer to the
|
|
[`UPGRADE.md notes for chart 1.10.0`](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#1100)
|
|
for details.
|
|
|
|
### Improvements
|
|
|
|
* Updated default controller version to 0.10.0.
|
|
|
|
### Fixed
|
|
|
|
* Removed the `status` field from the `TCPIngress` CRD.
|
|
([#188](https://github.com/Kong/charts/pull/188))
|
|
|
|
## 1.9.1
|
|
|
|
### Documentation
|
|
|
|
* Clarified documentation for [breaking changes in 1.9.0](#190) to indicate
|
|
that any values.yaml that sets `waitImage.repository` requires changes,
|
|
including those that set the old default.
|
|
* Updated Enterprise examples to use latest Enterprise image version.
|
|
|
|
## 1.9.0
|
|
|
|
### Breaking changes
|
|
|
|
1.9.0 now uses a bash-based pre-migration database availability check. If you
|
|
set `waitImage.repository` in values.yaml, either to the previous default
|
|
(`busybox`) or to a custom image, you must change it to an image that includes
|
|
a `bash` executable.
|
|
|
|
Once you have `waitImage.repository` set to an image with bash, [perform an
|
|
initial chart version upgrade with migrations disabled](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#changes-to-wait-for-postgres-image)
|
|
before re-enabling migrations, updating your Kong image version, and performing
|
|
a second release upgrade.
|
|
|
|
### Improvements
|
|
|
|
* Added support for sidecar injection.
|
|
([#174](https://github.com/Kong/charts/pull/174))
|
|
* Changed to a bash-based pre-migration database availability check.
|
|
([#179](https://github.com/Kong/charts/pull/179))
|
|
* Changed to a bash-based pre-migration database availability check.
|
|
([#179](https://github.com/Kong/charts/pull/179))
|
|
* Updated default Kong Enterprise version to 2.1.3.0.
|
|
|
|
### Fixed
|
|
|
|
* Added missing cluster telemetry service and fixed missing cluster service
|
|
port.
|
|
([#185](https://github.com/Kong/charts/pull/185))
|
|
|
|
### Documentation
|
|
|
|
* Added an example Enterprise controller-managed DB-less values.yaml.
|
|
([#175](https://github.com/Kong/charts/pull/175))
|
|
|
|
## 1.8.0
|
|
|
|
**Kong Enterprise users:** please review documentation for the [Kong Enterprise
|
|
2.1.x beta
|
|
release](https://docs.konghq.com/enterprise/2.1.x/release-notes/#coming-soon)
|
|
and [hybrid mode on Kong
|
|
Enterprise](https://docs.konghq.com/enterprise/2.1.x/deployment/hybrid-mode/#kubernetes-support)
|
|
as well. Version 1.8 of the Kong Helm chart adds support for hybrid mode, which
|
|
is currently only available in the 2.1.x beta. Production systems should
|
|
continue to use the Kong Enterprise 1.5.x stable releases, which do not support
|
|
hybrid mode.
|
|
|
|
### Improvements
|
|
|
|
* Update default Kong version to 2.1.
|
|
* Update Kong Enterprise images to 1.5.0.4 (kong-enterprise-edition) and
|
|
2.0.4.2 (kong-enterprise-k8s).
|
|
* Updated default controller version to 0.9.1.
|
|
([#150](https://github.com/Kong/charts/pull/150))
|
|
* Added support for ServiceMonitor targetLabels (for use with the Prometheus
|
|
Operator).
|
|
([#162](https://github.com/Kong/charts/pull/162))
|
|
* Automatically handle the [new port_maps
|
|
setting](https://github.com/Kong/kong/pull/5861) for the proxy service.
|
|
([#169](https://github.com/Kong/charts/pull/169))
|
|
* Add support for [hybrid mode
|
|
deployments](https://docs.konghq.com/latest/hybrid-mode/).
|
|
([#160](https://github.com/Kong/charts/pull/160))
|
|
|
|
|
|
### Fixed
|
|
|
|
* Fixed an issue with improperly-rendered listen strings.
|
|
([#155](https://github.com/Kong/charts/pull/155))
|
|
|
|
### Documentation
|
|
|
|
* Improved inline documentation of `env` in values.yaml.
|
|
([#163](https://github.com/Kong/charts/pull/163))
|
|
|
|
## 1.7.0
|
|
|
|
### Improvements
|
|
|
|
* Added support for
|
|
[CRD-only](https://github.com/Kong/charts/blob/1.7.0/charts/kong/README.md#crds-only)
|
|
and [controller-only releases](https://github.com/Kong/charts/blob/next/charts/kong/README.md#standalone-controller-nodes).
|
|
([#136](https://github.com/Kong/charts/pull/136))
|
|
|
|
### Documentation
|
|
|
|
* Added a set of [example
|
|
values.yamls](https://github.com/Kong/charts/tree/main/charts/kong/example-values)
|
|
for various configurations of Kong and Kong Enterprise.
|
|
([#134](https://github.com/Kong/charts/pull/134))
|
|
|
|
## 1.6.1
|
|
|
|
This release contains no changes other than the version. This is to address an
|
|
issue with our release automation.
|
|
|
|
## 1.6.0
|
|
|
|
### Improvements
|
|
|
|
* Updated default controller version to 0.9.0.
|
|
([#132](https://github.com/Kong/charts/pull/132))
|
|
* Updated default Enterprise versions to 2.0.4.1 and 1.5.0.2.
|
|
([#130](https://github.com/Kong/charts/pull/130))
|
|
* Added ability to override chart lifecycle.
|
|
([#116](https://github.com/Kong/charts/pull/116))
|
|
* Added ability to apply user-defined labels to pods.
|
|
([#121](https://github.com/Kong/charts/pull/121))
|
|
* Filtered serviceMonitor to disable metrics collection from non-proxy
|
|
services.
|
|
([#112](https://github.com/Kong/charts/pull/112))
|
|
* Set admin API to listen on localhost only if possible.
|
|
([#125](https://github.com/Kong/charts/pull/125))
|
|
* Add `auth_type` and `ssl` settings to `smtp` block.
|
|
([#127](https://github.com/Kong/charts/pull/127))
|
|
* Remove UID from default securityContext.
|
|
([#138](https://github.com/Kong/charts/pull/138))
|
|
|
|
### Documentation
|
|
|
|
* Corrected invalid default serviceMonitor.interval value.
|
|
([#110](https://github.com/Kong/charts/pull/110))
|
|
* Removed duplicate `installCRDs` documentation.
|
|
([#115](https://github.com/Kong/charts/pull/115))
|
|
* Simplified example license Secret creation command.
|
|
([#131](https://github.com/Kong/charts/pull/131))
|
|
|
|
## 1.5.0
|
|
|
|
### Improvements
|
|
|
|
* Added support for annotating the ServiceAccount.
|
|
([#97](https://github.com/Kong/charts/pull/97))
|
|
* Updated controller templates to use environment variables for default
|
|
configuration.
|
|
([#99](https://github.com/Kong/charts/pull/99))
|
|
* Added support for stream listens.
|
|
([#103](https://github.com/Kong/charts/pull/103))
|
|
* Moved migration configuration under a `migrations` block with support for
|
|
enabling upgrade jobs independently and adding annotations.
|
|
([#102](https://github.com/Kong/charts/pull/102))
|
|
* Added support for the [status listen](https://github.com/Kong/kong/pull/4977).
|
|
([#107](https://github.com/Kong/charts/pull/107))
|
|
* :warning: Exposed PodSecurityPolicy spec in values.yaml and added default
|
|
configuration to enforce a read-only root filesystem. **Kong Enterprise
|
|
versions prior to 1.5.0 require the root filesystem be read-write. If you use
|
|
an older version and enforce PodSecurityPolicy, you must set
|
|
`.Values.podSecurityPolicy.spec.readOnlyRootFilesystem: false`.**
|
|
([#104](https://github.com/Kong/charts/pull/104))
|
|
|
|
### Fixed
|
|
|
|
* Fixed old init-migrations jobs blocking upgrades.
|
|
([#102](https://github.com/Kong/charts/pull/102))
|
|
|
|
### Documentation
|
|
|
|
* Fixed discrepancy between image version in values.yaml and README.md.
|
|
([#96](https://github.com/Kong/charts/pull/96))
|
|
* Added example Enterprise image tags to values.yaml.
|
|
([#100](https://github.com/Kong/charts/pull/100))
|
|
* Added deprecation warnings in CHANGELOG.md.
|
|
([#91](https://github.com/Kong/charts/pull/91))
|
|
* Improved RBAC documentation to clarify process and use new controller
|
|
functionality.
|
|
([#95](https://github.com/Kong/charts/pull/95))
|
|
* Added documentation for managing multi-release clusters with varied node
|
|
roles (e.g. admin-only, Portal-only, etc.).
|
|
([#102](https://github.com/Kong/charts/pull/102))
|
|
|
|
## 1.4.1
|
|
|
|
### Documentation
|
|
|
|
* Fixed an issue with the 1.4.1 upgrade steps.
|
|
|
|
## 1.4.0
|
|
|
|
### Improvements
|
|
|
|
* :warning: Service and listen configuration now use a unified configuration
|
|
format. **The previous configuration format for the admin API service is
|
|
deprecated and will be removed in a future release.** Listen configuration
|
|
now supports specifying parameters. Kubernetes service creation can now be
|
|
enabled or disabled for all Kong services. Users should review the
|
|
[1.4.0 upgrade guide](https://github.com/Kong/charts/blob/next/charts/kong/UPGRADE.md#changes-to-kong-service-configuration)
|
|
for details on how to update their values.yaml.
|
|
([#72](https://github.com/Kong/charts/pull/72))
|
|
* Updated the default controller version to 0.8. This adds new
|
|
KongClusterPlugin and TCPIngress CRDs and RBAC permissions for them. Users
|
|
should also note that `strip_path` now defaults to disabled, which will
|
|
likely break existing configuration. See [the controller
|
|
changelog](https://github.com/Kong/kubernetes-ingress-controller/blob/main/CHANGELOG.md#080---20200325)
|
|
and [upgrade-guide](https://github.com/Kong/charts/blob/next/charts/kong/UPGRADE.md#strip_path-now-defaults-to-false-for-controller-managed-routes)
|
|
for full details.
|
|
([#77](https://github.com/Kong/charts/pull/77))
|
|
* Added support for user-supplied ingress controller CLI arguments.
|
|
([#79](https://github.com/Kong/charts/pull/79))
|
|
* Added support for annotating the chart's deployment.
|
|
([#81](https://github.com/Kong/charts/pull/81))
|
|
* Switched to the Bitnami Postgres chart, as the chart in Helm's repository has
|
|
[moved
|
|
there](https://github.com/helm/charts/tree/master/stable/postgresql#this-helm-chart-is-deprecated).
|
|
([#82](https://github.com/Kong/charts/pull/82))
|
|
|
|
### Fixed
|
|
|
|
* Corrected the app version in Chart.yaml.
|
|
([#86](https://github.com/Kong/charts/pull/86))
|
|
|
|
### Documentation
|
|
|
|
* Fixed incorrect default value for `installCRDs`.
|
|
([#78](https://github.com/Kong/charts/pull/78))
|
|
* Added detailed upgrade guide covering breaking changes and deprecations.
|
|
([#74](https://github.com/Kong/charts/pull/74))
|
|
* Improved installation steps for Helm 2 and Helm 3.
|
|
([#83](https://github.com/Kong/charts/pull/83))
|
|
([#84](https://github.com/Kong/charts/pull/84))
|
|
* Remove outdated `ingressController.replicaCount` setting.
|
|
([#87](https://github.com/Kong/charts/pull/87))
|
|
|
|
## 1.3.1
|
|
|
|
### Fixed
|
|
|
|
* Added missing newline to NOTES.txt template.
|
|
([#66](https://github.com/Kong/charts/pull/66))
|
|
|
|
### Documentation
|
|
|
|
* Instruct users to create secrets for both the kong-enterprise-k8s and
|
|
kong-enterprise-edition Docker registries.
|
|
([#65](https://github.com/Kong/charts/pull/65))
|
|
* Updated maintainer information.
|
|
|
|
## 1.3.0
|
|
|
|
### Improvements
|
|
|
|
* Custom plugin mounts now support subdirectories. These are necessary for
|
|
plugins that include their own migrations. Note that Kong versions prior to
|
|
2.0.1 [have a bug](https://github.com/Kong/kong/pull/5509) that prevents them
|
|
from running these migrations. ([#24](https://github.com/Kong/charts/pull/24))
|
|
* LoadBalancer services will now respect their NodePort.
|
|
([#48](https://github.com/Kong/charts/pull/41))
|
|
* The proxy TLS listen now enables HTTP/2 (and, by extension, gRPC).
|
|
([#47](https://github.com/Kong/charts/pull/47))
|
|
* Added support for `priorityClassName` to the Kong deployment.
|
|
([#56](https://github.com/Kong/charts/pull/56))
|
|
* Bumped default Kong version to 2.0 and controller version to 0.7.1.
|
|
([#60](https://github.com/Kong/charts/pull/60))
|
|
* :warning: Removed dedicated Portal auth settings, which are unnecessary in
|
|
modern versions. **The `enterprise.portal.portal_auth` and
|
|
`enterprise.portal.session_conf_secret` settings in values.yaml are
|
|
deprecated and will be removed in a future release.** See the [upgrade
|
|
guide](https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#removal-of-dedicated-portal-authentication-configuration-parameters)
|
|
for instructions on migrating them to environment variables.
|
|
([#55](https://github.com/Kong/charts/pull/55))
|
|
|
|
### Fixed
|
|
|
|
* Fixed typo in HorizontalPodAutoscaler template.
|
|
([#45](https://github.com/Kong/charts/pull/45))
|
|
|
|
### Documentation
|
|
|
|
* Added contributing guidelines. ([#41](https://github.com/Kong/charts/pull/41))
|
|
* Added README section for Helm 2 versus Helm 3 considerations.
|
|
([#34](https://github.com/Kong/charts/pull/41))
|
|
* Added documentation for `proxy.annotations` to README.md.
|
|
([#57](https://github.com/Kong/charts/pull/57))
|
|
* Added FAQ entry for init-migrations job conflicts on upgrades.
|
|
([#59](https://github.com/Kong/charts/pull/59)
|
|
* Move changelog out of README.md into CHANGELOG.md.
|
|
([#60](https://github.com/Kong/charts/pull/60)
|
|
* Improved formatting for 1.2.0 changelog.
|
|
|
|
## 1.2.0
|
|
|
|
### Improvements
|
|
* Added support for HorizontalPodAutoscaler.
|
|
([#12](https://github.com/Kong/charts/pull/12))
|
|
* Environment variables are now consistently sorted alphabetically.
|
|
([#29](https://github.com/Kong/charts/pull/29))
|
|
|
|
### Fixed
|
|
* Removed temporary ServiceAccount template, which caused upgrades to break the
|
|
existing ServiceAccount's credentials. Moved template and instructions for
|
|
use to FAQs, as the temporary user is only needed in rare scenarios.
|
|
([#31](https://github.com/Kong/charts/pull/31))
|
|
* Fix an issue where the wait-for-postgres job did not know which port to use
|
|
in some scenarios. ([#28](https://github.com/Kong/charts/pull/28))
|
|
|
|
### Documentation
|
|
* Added warning regarding volume mounts.
|
|
([#25](https://github.com/Kong/charts/pull/25))
|
|
|
|
## 1.1.1
|
|
|
|
### Fixed
|
|
|
|
* Add missing `smtp_admin_emails` and `smtp_mock = off` to SMTP enabled block in
|
|
`kong.env`.
|
|
|
|
### CI changes
|
|
|
|
* Remove version bump requirement in preparation for new release model.
|
|
|
|
## 1.1.0
|
|
|
|
> https://github.com/Kong/charts/pull/4
|
|
|
|
### Improvements
|
|
|
|
* Significantly refactor the `env`/EnvVar templating system to determine the
|
|
complete set of environment variables (both user-defined variables and
|
|
variables generated from other sections of values.yaml) and resolve conflicts
|
|
before rendering. User-provided values are now guaranteed to take precedence
|
|
over generated values. Previously, precedence relied on a Kubernetes
|
|
implementation quirk that was not consistent across all Kubernetes providers.
|
|
* Combine templates for license, session configuration, etc. that generate
|
|
`secretKeyRef` values into a single generic template.
|
|
|
|
## 1.0.3
|
|
|
|
- Fix invalid namespace for pre-migrations and Role.
|
|
- Fix whitespaces formatting in README.
|
|
|
|
## 1.0.2
|
|
|
|
- Helm 3 support: CRDs are declared in crds directory. Backward compatible support for helm 2.
|
|
|
|
## 1.0.1
|
|
|
|
Fixed invalid namespace variable name causing ServiceAccount and Role to be generated in other namespace than desired.
|
|
|
|
## 1.0.0
|
|
|
|
There are not code changes between `1.0.0` and `0.36.5`.
|
|
From this version onwards, charts are hosted at https://charts.konghq.com.
|
|
|
|
The `0.x` versions of the chart are available in Helm's
|
|
[Charts](https://github.com/helm/charts) repository are are now considered
|
|
deprecated.
|
|
|
|
## 0.36.5
|
|
|
|
> PR https://github.com/helm/charts/pull/20099
|
|
|
|
### Improvements
|
|
|
|
- Allow `grpc` protocol for KongPlugins
|
|
|
|
## 0.36.4
|
|
|
|
> PR https://github.com/helm/charts/pull/20051
|
|
|
|
### Fixed
|
|
|
|
- Issue: [`Ingress Controller errors when chart is redeployed with Admission
|
|
Webhook enabled`](https://github.com/helm/charts/issues/20050)
|
|
|
|
## 0.36.3
|
|
|
|
> PR https://github.com/helm/charts/pull/19992
|
|
|
|
### Fixed
|
|
|
|
- Fix spacing in ServiceMonitor when label is specified in config
|
|
|
|
## 0.36.2
|
|
|
|
> PR https://github.com/helm/charts/pull/19955
|
|
|
|
### Fixed
|
|
|
|
- Set `sideEffects` and `admissionReviewVersions` for Admission Webhook
|
|
- timeouts for liveness and readiness probes has been changed from `1s` to `5s`
|
|
|
|
## 0.36.1
|
|
|
|
> PR https://github.com/helm/charts/pull/19946
|
|
|
|
### Fixed
|
|
|
|
- Added missing watch permission to custom resources
|
|
|
|
## 0.36.0
|
|
|
|
> PR https://github.com/helm/charts/pull/19916
|
|
|
|
### Upgrade Instructions
|
|
|
|
- When upgrading from <0.35.0, in-place chart upgrades will fail.
|
|
It is necessary to delete the helm release with `helm del --purge $RELEASE` and redeploy from scratch.
|
|
Note that this will cause downtime for the kong proxy.
|
|
|
|
### Improvements
|
|
|
|
- Fixed Deployment's label selector that prevented in-place chart upgrades.
|
|
|
|
## 0.35.1
|
|
|
|
> PR https://github.com/helm/charts/pull/19914
|
|
|
|
### Improvements
|
|
|
|
- Update CRDs to Ingress Controller 0.7
|
|
- Optimize readiness and liveness probes for more responsive health checks
|
|
- Fixed incorrect space in NOTES.txt
|
|
|
|
## 0.35.0
|
|
|
|
> PR [#19856](https://github.com/helm/charts/pull/19856)
|
|
|
|
### Improvements
|
|
|
|
- Labels on all resources have been updated to adhere to the Helm Chart
|
|
guideline here:
|
|
https://v2.helm.sh/docs/developing_charts/#syncing-your-chart-repository
|
|
|
|
## 0.34.2
|
|
|
|
> PR [#19854](https://github.com/helm/charts/pull/19854)
|
|
|
|
This release contains no user-visible changes
|
|
|
|
### Under the hood
|
|
|
|
- Various tests have been consolidated to speed up CI.
|
|
|
|
## 0.34.1
|
|
|
|
> PR [#19887](https://github.com/helm/charts/pull/19887)
|
|
|
|
### Fixed
|
|
|
|
- Correct indentation for Job securityContexts.
|
|
|
|
## 0.34.0
|
|
|
|
> PR [#19885](https://github.com/helm/charts/pull/19885)
|
|
|
|
### New features
|
|
|
|
- Update default version of Ingress Controller to 0.7.0
|
|
|
|
## 0.33.1
|
|
|
|
> PR [#19852](https://github.com/helm/charts/pull/19852)
|
|
|
|
### Fixed
|
|
|
|
- Correct an issue with white space handling within `final_env` helper.
|
|
|
|
## 0.33.0
|
|
|
|
> PR [#19840](https://github.com/helm/charts/pull/19840)
|
|
|
|
### Dependencies
|
|
|
|
- Postgres sub-chart has been bumped up to 8.1.2
|
|
|
|
### Fixed
|
|
|
|
- Removed podDisruption budge for Ingress Controller. Ingress Controller and
|
|
Kong run in the same pod so this was no longer applicable
|
|
- Migration job now receives the same environment variable and configuration
|
|
as that of the Kong pod.
|
|
- If Kong is configured to run with Postgres, the Kong pods now always wait
|
|
for Postgres to start. Previously this was done only when the sub-chart
|
|
Postgres was deployed.
|
|
- A hard-coded container name is used for kong: `proxy`. Previously this
|
|
was auto-generated by Helm. This deterministic naming allows for simpler
|
|
scripts and documentation.
|
|
|
|
### Under the hood
|
|
|
|
Following changes have no end user visible effects:
|
|
|
|
- All Custom Resource Definitions have been consolidated into a single
|
|
template file
|
|
- All RBAC resources have been consolidated into a single template file
|
|
- `wait-for-postgres` container has been refactored and de-duplicated
|
|
|
|
## 0.32.1
|
|
|
|
### Improvements
|
|
|
|
- This is a doc only release. No code changes have been done.
|
|
- Post installation steps have been simplified and now point to a getting
|
|
started page
|
|
- Misc updates to README:
|
|
- Document missing variables
|
|
- Remove outdated variables
|
|
- Revamp and rewrite major portions of the README
|
|
- Added a table of content to make the content navigable
|
|
|
|
## 0.32.0
|
|
|
|
### Improvements
|
|
|
|
- Create and mount emptyDir volumes for `/tmp` and `/kong_prefix` to allow
|
|
for read-only root filesystem securityContexts and PodSecurityPolicys.
|
|
- Use read-only mounts for custom plugin volumes.
|
|
- Update stock PodSecurityPolicy to allow emptyDir access.
|
|
- Override the standard `/usr/local/kong` prefix to the mounted emptyDir
|
|
at `/kong_prefix` in `.Values.env`.
|
|
- Add securityContext injection points to template. By default,
|
|
it sets Kong pods to run with UID 1000.
|
|
|
|
### Fixes
|
|
|
|
- Correct behavior for the Vitals toggle.
|
|
Vitals defaults to on in all current Kong Enterprise releases, and
|
|
the existing template only created the Vitals environment variable
|
|
if `.Values.enterprise.enabled == true`. Inverted template to create
|
|
it (and set it to "off") if that setting is instead disabled.
|
|
- Correct an issue where custom plugin configurations would block Kong
|
|
from starting.
|
|
|
|
## 0.31.0
|
|
|
|
### Breaking changes
|
|
|
|
- Admin Service is disabled by default (`admin.enabled`)
|
|
- Default for `proxy.type` has been changed to `LoadBalancer`
|
|
|
|
### New features
|
|
|
|
- Update default version of Kong to 1.4
|
|
- Update default version of Ingress Controller to 0.6.2
|
|
- Add support to disable kong-admin service via `admin.enabled` flag.
|
|
|
|
## 0.31.2
|
|
|
|
### Fixes
|
|
|
|
- Do not remove white space between documents when rendering
|
|
`migrations-pre-upgrade.yaml`
|
|
|
|
## 0.30.1
|
|
|
|
### New Features
|
|
|
|
- Add support for specifying Proxy service ClusterIP
|
|
|
|
## 0.30.0
|
|
|
|
### Breaking changes
|
|
|
|
- `admin_gui_auth_conf_secret` is now required for Kong Manager
|
|
authentication methods other than `basic-auth`.
|
|
Users defining values for `admin_gui_auth_conf` should migrate them to
|
|
an externally-defined secret with a key of `admin_gui_auth_conf` and
|
|
reference the secret name in `admin_gui_auth_conf_secret`.
|
|
|
|
## 0.29.0
|
|
|
|
### New Features
|
|
|
|
- Add support for specifying Ingress Controller environment variables.
|
|
|
|
## 0.28.0
|
|
|
|
### New Features
|
|
|
|
- Added support for the Validating Admission Webhook with the Ingress Controller.
|
|
|
|
## 0.27.2
|
|
|
|
### Fixes
|
|
|
|
- Do not create a ServiceAccount if it is not necessary.
|
|
- If a configuration change requires creating a ServiceAccount,
|
|
create a temporary ServiceAccount to allow pre-upgrade tasks to
|
|
complete before the regular ServiceAccount is created.
|
|
|
|
## 0.27.1
|
|
|
|
### Documentation updates
|
|
- Retroactive changelog update for 0.24 breaking changes.
|
|
|
|
## 0.27.0
|
|
|
|
### Breaking changes
|
|
|
|
- DB-less mode is enabled by default.
|
|
- Kong is installed as an Ingress Controller for the cluster by default.
|
|
|
|
## 0.25.0
|
|
|
|
### New features
|
|
|
|
- Add support for PodSecurityPolicy
|
|
- Require creation of a ServiceAccount
|
|
|
|
## 0.24.0
|
|
|
|
### Breaking changes
|
|
|
|
- The configuration format for ingresses in values.yaml has changed.
|
|
Previously, all ingresses accepted an array of hostnames, and would create
|
|
ingress rules for each. Ingress configuration for services other than the proxy
|
|
now accepts a single hostname, which allows simpler TLS configuration and
|
|
automatic population of `admin_api_uri` and similar settings. Configuration for
|
|
the proxy ingress is unchanged, but its documentation now accurately reflects
|
|
the TLS configuration needed.
|