From 40f2a902751ca0f67bb91119eee0e21a2ccd249c Mon Sep 17 00:00:00 2001 From: rodman10 <1181591811hzr@gmail.com> Date: Sun, 20 Aug 2023 21:54:34 +0800 Subject: [PATCH] docs: update CHANGELOG. --- CHANGELOG.md | 91 ++++++++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 42 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd30975fa2..b8a1c59b43 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -74,6 +74,13 @@ Adding a new version? You'll need three changes: ## Unreleased +### Added + +- Added translator to translate `TCPRoute` in gateway APIs to + expression based kong routes. Similar to ingresses, this translator is only + enabled when feature gate `ExpressionRoutes` is turned on and the managed + Kong gateway runs in router flavor `expressions`. + [#4385](https://github.com/Kong/kubernetes-ingress-controller/pull/4385) ### Changes @@ -126,7 +133,7 @@ Adding a new version? You'll need three changes: [#4211](https://github.com/Kong/kubernetes-ingress-controller/pull/4211) - Assign priorities to routes translated from Ingresses when parser translate them to expression based Kong routes. The assigning method is basically the - same as in Kong gateway's `traditional_compatible` router, except that + same as in Kong gateway's `traditional_compatible` router, except that `regex_priority` field in Kong traditional route is not supported. This method is adopted to keep the compatibility with traditional router on maximum effort. @@ -136,7 +143,7 @@ Adding a new version? You'll need three changes: [specification on priorities of matches in `HTTPRoute`][httproute-specification]. [#4296](https://github.com/Kong/kubernetes-ingress-controller/pull/4296) [#4434](https://github.com/Kong/kubernetes-ingress-controller/pull/4434) -- Assign priorities to routes translated from GRPCRoutes when the parser translates +- Assign priorities to routes translated from GRPCRoutes when the parser translates them to expression based Kong routes. The priority order follows the [specification on match priorities in GRPCRoute][grpcroute-specification]. [#4364](https://github.com/Kong/kubernetes-ingress-controller/pull/4364) @@ -189,10 +196,10 @@ Adding a new version? You'll need three changes: to `/status/ready`. Gateways will be considered ready only after an initial configuration is applied by the controller. [#4368](https://github.com/Kong/kubernetes-ingress-controller/pull/4368 -- When translating to expression based Kong routes, annotations to specify +- When translating to expression based Kong routes, annotations to specify protocols are translated to `protocols` field of the result Kong route, - instead of putting the conditions to match protocols inside expressions. - [#4422](https://github.com/Kong/kubernetes-ingress-controller/pull/4422) + instead of putting the conditions to match protocols inside expressions. + [#4422](https://github.com/Kong/kubernetes-ingress-controller/pull/4422) ### Fixed @@ -208,7 +215,7 @@ Adding a new version? You'll need three changes: - `Gateway` can now correctly update `AttachedRoutes` even if there are more than 100 `HttpRoute`s. [#4458](https://github.com/Kong/kubernetes-ingress-controller/pull/4458) - + [gojson]: https://github.com/goccy/go-json [httproute-specification]: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.HTTPRoute [grpcroute-specification]: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRouteRule @@ -471,7 +478,7 @@ backported properly. It is included in the next patch release. configuration. [#3359](https://github.com/Kong/kubernetes-ingress-controller/pull/3359) - Added `version` command - [#3379](https://github.com/Kong/kubernetes-ingress-controller/pull/3379) + [#3379](https://github.com/Kong/kubernetes-ingress-controller/pull/3379) - Added `--publish-service-udp` to indicate the Service that handles inbound UDP traffic. [#3325](https://github.com/Kong/kubernetes-ingress-controller/pull/3325) @@ -505,7 +512,7 @@ backported properly. It is included in the next patch release. [#3469](https://github.com/Kong/kubernetes-ingress-controller/pull/3469) - Added Gateway discovery using Kong Admin API service configured via `--kong-admin-svc` which accepts a namespaced name of a headless service which should have - Admin API endpoints exposed under a named port called `admin`. Gateway + Admin API endpoints exposed under a named port called `admin`. Gateway discovery is only allowed to run with dbless kong gateways. [#3421](https://github.com/Kong/kubernetes-ingress-controller/pull/3421) [#3642](https://github.com/Kong/kubernetes-ingress-controller/pull/3642) @@ -525,27 +532,27 @@ backported properly. It is included in the next patch release. [#3446](https://github.com/Kong/kubernetes-ingress-controller/pull/3446) - Leader election is enabled by default when Kong Gateway discovery is enabled. [#3529](https://github.com/Kong/kubernetes-ingress-controller/pull/3529) -- Added flag `--konnect-refresh-node-period` to set the period of uploading +- Added flag `--konnect-refresh-node-period` to set the period of uploading status of KIC instance to Konnect runtime group. [#3533](https://github.com/Kong/kubernetes-ingress-controller/pull/3533) -- Replaced service account's token static secret with a projected volume in +- Replaced service account's token static secret with a projected volume in deployment manifests. [#3563](https://github.com/Kong/kubernetes-ingress-controller/pull/3563) - Added `GRPCRoute` controller and implemented basic `GRPCRoute` functionality. [#3537](https://github.com/Kong/kubernetes-ingress-controller/pull/3537) - Included Konnect sync and Gateway discovery features in telemetry reports. [#3588](https://github.com/Kong/kubernetes-ingress-controller/pull/3588) -- Upload the status of controlled Kong gateway nodes to Konnect when syncing with - Konnect is enabled by setting the flag `--konnect-sync-enabled` to true. - If gateway discovery is enabled via `--kong-admin-svc` flag, the hostname of a node - corresponding to each Kong gateway instance will use `/` - format, where `pod_namespace` and `pod_name` are the namespace and name of the Kong - gateway pod. If gateway discovery is disabled, the Kong gateway nodes will use `gateway_
` +- Upload the status of controlled Kong gateway nodes to Konnect when syncing with + Konnect is enabled by setting the flag `--konnect-sync-enabled` to true. + If gateway discovery is enabled via `--kong-admin-svc` flag, the hostname of a node + corresponding to each Kong gateway instance will use `/` + format, where `pod_namespace` and `pod_name` are the namespace and name of the Kong + gateway pod. If gateway discovery is disabled, the Kong gateway nodes will use `gateway_
` as the hostname, where `address` is the Admin API address used by KIC. [#3587](https://github.com/Kong/kubernetes-ingress-controller/pull/3587) -- All all-in-one DB-less deployment manifests will now use separate deployments +- All all-in-one DB-less deployment manifests will now use separate deployments for the controller and the proxy. This enables the proxy to be scaled independently - of the controller. The old `all-in-one-dbless.yaml` manifest has been deprecated and + of the controller. The old `all-in-one-dbless.yaml` manifest has been deprecated and renamed to `all-in-one-dbless-legacy.yaml`. It will be removed in a future release. [#3629](https://github.com/Kong/kubernetes-ingress-controller/pull/3629) - The RequestRedirect Gateway API filter is now supported and translated @@ -654,37 +661,37 @@ backported properly. It is included in the next patch release. ### Added - Added `HTTPRoute` support for `CombinedRoutes` feature. When enabled, - `HTTPRoute.HTTPRouteRule` objects with identical `backendRefs` generate a - single Kong service instead of a service per rule, and - `HTTPRouteRule.HTTPRouteMatche` objects using the same `backendRefs` can be - consolidated into a single Kong route instead of always creating a route per + `HTTPRoute.HTTPRouteRule` objects with identical `backendRefs` generate a + single Kong service instead of a service per rule, and + `HTTPRouteRule.HTTPRouteMatche` objects using the same `backendRefs` can be + consolidated into a single Kong route instead of always creating a route per match, reducing configuration size. The following limitations apply: - - `HTTPRouteRule` objects cannot be consolidated into a single Kong Service + - `HTTPRouteRule` objects cannot be consolidated into a single Kong Service if they belong to different `HTTPRoute`. - - `HTTPRouteRule` objects cannot be consolidated into a single Kong Service + - `HTTPRouteRule` objects cannot be consolidated into a single Kong Service if they have different `HTTPRouteRule.HTTPBackendRef[]` objects. The order of the backend references is not important. - `HTTPRouteMatch` objects cannot be consolidated into a single Kong Route if parent `HTTPRouteRule` objects cannot be consolidated into a single Kong Service. - `HTTPRouteMatch` objects cannot be consolidated into a single Kong Route if parent `HTTPRouteRule` objects have different `HTTPRouteRule.HTTPRouteFilter[]` filters. - - `HTTPRouteMatch` objects cannot be consolidated into a single Kong Route - if they have different matching spec (`HTTPHeaderMatch.Headers`, `HTTPHeaderMatch.QueryParams`, - `HTTPHeaderMatch.Method`). Different `HTTPHeaderMatch.Path` paths between + - `HTTPRouteMatch` objects cannot be consolidated into a single Kong Route + if they have different matching spec (`HTTPHeaderMatch.Headers`, `HTTPHeaderMatch.QueryParams`, + `HTTPHeaderMatch.Method`). Different `HTTPHeaderMatch.Path` paths between `HTTPRouteMatch[]` objects does not prevent consolidation. This change does not functionally impact routing: requests that went to a given Service using the original method still go to the same Service when `CombinedRoutes` is enabled. [#3008](https://github.com/Kong/kubernetes-ingress-controller/pull/3008) [#3060]https://github.com/Kong/kubernetes-ingress-controller/pull/3060) -- Added `--cache-sync-timeout` flag allowing to change the default controllers' - cache synchronisation timeout. +- Added `--cache-sync-timeout` flag allowing to change the default controllers' + cache synchronisation timeout. [#3013](https://github.com/Kong/kubernetes-ingress-controller/pull/3013) - Secrets validation introduced: CA certificates won't be synchronized to Kong if the certificate is expired. [#3063](https://github.com/Kong/kubernetes-ingress-controller/pull/3063) - Changed the logic of storing secrets into object cache. Now only the secrets - that are possibly used in Kong configuration are stored into cache, and the + that are possibly used in Kong configuration are stored into cache, and the irrelevant secrets (e.g: service account tokens) are not stored. This change is made to reduce memory usage of the cache. [#3047](https://github.com/Kong/kubernetes-ingress-controller/pull/3047) @@ -700,7 +707,7 @@ backported properly. It is included in the next patch release. [#3155](https://github.com/Kong/kubernetes-ingress-controller/pull/3155) - Routes support annotations for path handling. [#3121](https://github.com/Kong/kubernetes-ingress-controller/pull/3121) -- Warning Kubernetes API events with a `KongConfigurationTranslationFailed` +- Warning Kubernetes API events with a `KongConfigurationTranslationFailed` reason are recorded when: - CA secrets cannot be properly translated into Kong configuration [#3125](https://github.com/Kong/kubernetes-ingress-controller/pull/3125) @@ -708,10 +715,10 @@ backported properly. It is included in the next patch release. [#3130](https://github.com/Kong/kubernetes-ingress-controller/pull/3130) - A service's referred client-cert does not exist. [#3137](https://github.com/Kong/kubernetes-ingress-controller/pull/3137) - - One of `netv1.Ingress` related issues occurs (e.g. backing Kubernetes service couldn't + - One of `netv1.Ingress` related issues occurs (e.g. backing Kubernetes service couldn't be found, matching Kubernetes service port couldn't be found). [#3138](https://github.com/Kong/kubernetes-ingress-controller/pull/3138) - - A Gateway Listener has more than one CertificateRef specified or refers to a Secret + - A Gateway Listener has more than one CertificateRef specified or refers to a Secret that has no valid TLS key-pair. [#3147](https://github.com/Kong/kubernetes-ingress-controller/pull/3147) - An Ingress refers to a TLS secret that does not exist or @@ -761,15 +768,15 @@ backported properly. It is included in the next patch release. - Admin and proxy listens in the deploy manifests now use the same parameters as the default upstream kong.conf. [#3165](https://github.com/Kong/kubernetes-ingress-controller/pull/3165) -- Fix the behavior of filtering hostnames in `HTTPRoute` when listeners +- Fix the behavior of filtering hostnames in `HTTPRoute` when listeners of parent gateways specified hostname. If an `HTTPRoute` does not specify hostnames, and one of its parent listeners - has not specified hostname, the `HTTPRoute` matches any hostname. - If an `HTTPRoute` specifies hostnames, and no intersecting hostnames + has not specified hostname, the `HTTPRoute` matches any hostname. + If an `HTTPRoute` specifies hostnames, and no intersecting hostnames could be found in its parent listners, it is not accepted. [#3180](https://github.com/Kong/kubernetes-ingress-controller/pull/3180) -- Matches `sectionName` in parentRefs of route objects in gateway API. Now - if a route specifies `sectionName` in parentRefs, and no listener can +- Matches `sectionName` in parentRefs of route objects in gateway API. Now + if a route specifies `sectionName` in parentRefs, and no listener can match the specified name, the route is not accepted. [#3230](https://github.com/Kong/kubernetes-ingress-controller/pull/3230) - If there's no matching Kong listener for a protocol specified in a Gateway's @@ -1074,9 +1081,9 @@ instructions and the [revised Kong 3.x upgrade instructions](https://docs.konghq [#2446](https://github.com/Kong/kubernetes-ingress-controller/issues/2446) - Added a mechanism to retry the initial connection to the Kong Admin API on controller start to fix an issue where the controller - pod could crash loop on start when waiting for Gateway readiness - (e.g. if the Gateway is waiting for its database to initialize). - The new retry mechanism can be manually configured using the + pod could crash loop on start when waiting for Gateway readiness + (e.g. if the Gateway is waiting for its database to initialize). + The new retry mechanism can be manually configured using the `--kong-admin-init-retries` and `--kong-admin-init-retry-delay` flags. [#2274](https://github.com/Kong/kubernetes-ingress-controller/issues/2274) - diff logging now honors log level instead of printing at all log levels. It @@ -1194,7 +1201,7 @@ instructions and the [revised Kong 3.x upgrade instructions](https://docs.konghq #### Added -- Support for Kubernetes [Gateway APIs][gwapis] is now available [by enabling +- Support for Kubernetes [Gateway APIs][gwapis] is now available [by enabling the `Gateway` feature gate](https://docs.konghq.com/kubernetes-ingress-controller/2.2.x/guides/using-gateway-api/). This is an alpha feature, with limited support for the `HTTPRoute` API. [Gateway Milestone 1][gwm1]