Skip to content

CHANGELOG.md

Latest commit

 

History

History
871 lines (551 loc) · 38.1 KB

CHANGELOG.md

File metadata and controls

871 lines (551 loc) · 38.1 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project's packages adheres to Semantic Versioning.

Unreleased

5.2.3 - 2026-05-07

Fixed

  • Fix VPA updateMode to allow off, which is considered a boolean in yaml.

5.2.2 - 2026-03-24

Changed

  • Make VPA resource more flexible: updateMode, controlledValues, and mode are now configurable per container group; maxAllowed is supported for both proxy and controller containers.

5.2.1 - 2026-03-04

Changed

  • Remove restriction when deploying VPA and HPA together.

5.2.0 - 2025-07-07

From upstream chart version v2.51.0 onwards, the chart uses kong kubernetes ingress controller (kic) v3.5.0. This version of kic dropped the CRDs from its repository to use indepenently maintainted and versioned CRDs from the https://github.com/kong/kubernetes-configuration repository. For chart users that change the default kic version (ingressController.image), we advise to also change the CRDs installation values to match the kic version. Change kubectlApplyJob.files to any other file in helm/kong-app/files/ folder. The default for kic v3.5.0 is files/kong-kubernetes-configuration-v1.5.2.yaml.

Changed

5.1.1 - 2025-06-25

Changed

  • Fix SeccompProfile in CRD apply job
  • Rename helm/kong-app/crds folder to helm/kong-app/files

5.1.0 - 2025-06-16

Changed

5.0.0 - 2025-04-07

We're going back to installing the kong OSS version by default instead of enterprise. In case you're relying on this default behaviour, please make sure to set the .Values.image.repository, .Values.image.tag, .Values.enterprise.enabled and .Values.enterprise.license_secret values to the respective Enterprise values.

These changes were introduced in PRs #378 and #379.

This release drops support for Kubernetes below v1.26.

Added

  • Allow chart users to specify the version of the CRDs to match the kong ingress controller version by changing .Values.kubectlApplyJob.files to any other file in helm/kong-app/crds/ folder. The default is crds/custom-resource-definitions-v3.4.3.yaml.

Changed

4.5.1 - 2025-02-18

Added

  • Allow users to change the unhealthyPodEvictionPolicy of the generated PodDisruptionPolicy. Default is IfHealthyBudget
  • Allow users to disable CRD installation Job by setting kubectlApplyJob.enabled to false

4.5.0 - 2025-01-28

Changed

  • Update kong ingress controller to 3.4.1
  • Align with upstream chart version 2.46.0 (Changes in upstream repository)
  • Revert ingressController.admissionWebhook settings to upstream values. (Enabled by default with failurePolicy: Ignore)
  • Update Kong Gateway image to 3.8.1.0-debian
  • Execute CRD installation Job only if ingressController is enabled (ingressController.enabled)

Removed

  • Keep PSP disabled by default and remove Giant Swarm PSP-PSS migration hacks
  • Legacy Giant Swarm metrics Service and labels

4.4.0 - 2024-08-19

Changed

4.3.0 - 2024-07-30

4.2.0 - 2024-07-23

Changed

  • Update kong ingress controller to 3.1.6
  • Update kong gateway to 3.6.1.7
  • Enable ServiceMonitor by default, with relabelings for node and app labels.
  • Update kubectl-apply-job to 0.8.0 for enabling readOnlyRootFilesystem: true for kubectl CRD install job container.

4.1.0 - 2024-04-29

Changed

  • Update kong ingress controller to 3.1.4

4.0.0 - 2024-04-22

BREAKING CHANGES

This is a major release because it changes the default behaviour of the Chart.

  • For Kong Enterprise deployment the flag .Values.image.repository and .Values.image.tag can now be omitted.
  • For Kong OSS deployment the flag .Values.image.repository and .Values.image.tag now have to be set to the respective OSS values.

For further instructions please refer to the README.md.

Changes

  • Align with upstream chart commit 07ddc3d (ahead of release 2.38.0) (Changes in upstream repository)
  • Updated handling of session_conf_secret to accommodate Kong 3.6 - Ref
  • Configure Chart for Kong Gateway Enterprise deployment by default. Please check the README.md to see how to run kong OSS.
  • Update README.md to reflect default deployment Changes.

3.8.0 - 2024-03-27

Added

  • Add Vertical Pod Autoscaler resource. It is disabled by default.

Changes

3.7.1 - 2024-07-08

Changes

  • Update kubectl-apply-job to 0.8.0 for enabling readOnlyRootFilesystem: true for kubectl CRD install job container.

3.7.0 - 2024-01-16

Changes

Fixed

  • Remove the default nodeAffinity as it had old restricted labels conflicting with karpenter restrictions. The functionality should be covered wtih control plane taints.

3.6.2 - 2023-12-13

Changes

  • Configure gsoci.azurecr.io as the default container image registry.
  • Update kubectl-apply-job to 0.7.0 for gsoci.azurecr.io container image registry.

3.6.1 - 2023-12-11

Changes

3.6.0 - 2023-12-07

Changes

3.5.0 - 2023-10-16

This version contains fixes for HTTP/2 stream reset attacks (CVE-2023-44487).

Changes

  • Align with upstream chart version 2.29.0 (Changes in upstream repository)
  • Update kong to 3.4.2
  • Update kong ingress controller to 2.12.0
  • Execute enterprise tests with kong-gateway container image version 3.4.1.1-debian
  • Add Values.global.podSecurityStandards.enforced flag in preparation of PSP to PSS migration
  • Prevent installation of PodDisruptionBudget with replicaCount: 1 or autoscaling.minReplicas: 1

3.4.0 - 2023-08-22

Changes

3.3.0 - 2023-05-17

Changes

  • Do not enable custom Giant Swarm monitoring Service if ServiceMonitor is enabled.
  • Align with upstream chart version 2.21.0 (Changes in upstream repository)
  • Ignore linkerd namespace in ValidatingWebhookConfiguration.

3.2.0 - 2023-05-04

Changes

3.1.1 - 2023-04-24

Changes

3.1.0 - 2023-04-20

If you are upgrading from chart version lower than 3.0.0, it is neccessary to perform an intermediate upgrade to chart version 3.0.0 as this version contains a required migration process for enabling the use of seccompProfiles.

Changes

3.0.1 - 2023-02-14

If you are upgrading from chart version lower than 3.0.0, it is neccessary to perform an intermediate upgrade to chart version 3.0.0 as this version contains a required migration process for enabling the use of seccompProfiles.

Changes

  • Align with upstream chart version 2.16.4 (Changes in upstream repository)
    • Fix template issue preventing custom dblessconfig volume from being mounted. #741
    • HorizontalPodAutoscaler's API version is detected properly. #744
  • Change default PodDisruptionBudget to move from maxUnavailable: 1 to maxUnavailable: 25% for better scaling

3.0.0 - 2023-02-09

This release upgrades kong to release 3.1.1 which contains breaking changes. Please consider reading the upstream Breaking changes documentation before upgrading. Users of the kong enterprise should read the Kong Gateway changelogs of releases 3.0.0.0 onwards up to 3.1.1.3.

Updates

  • Align with upstream chart version 2.16.2 (Changes in upstream repository)
  • Update kong/kong to 3.1.1. Please read Breaking changes notes
  • Execute enterprise tests with kong-gateway container image version 3.1.1.3-debian
  • Update kong ingress controller to 2.8.1
  • Update custom resource definitions to those used by kong ingress controller [2.8.1]

Changes

  • Breaking The minReadySeconds value previous found at deployment.kong.minReadySeconds is now configured at path deployment.minReadySeconds.
  • Increase default requests/limits to 1 cpu and 2G memory
  • Remove startupProbe from kong ingress controller. More information

2.14.0 - 2023-02-01

Changes

  • Add instance label to default topologySpreadConstraints label selector
  • Update kong/kubernetes-ingress-controller to 2.8.1.
  • Suggest using giantswarm/kong-gateway:2.8.2.3-debian as enterprise container image.
  • Use /readyz path for ingress controller readiness check.
  • Update kubernetes api token secret with projected volume. This should fix problems with empty or expired ServiceAccount tokens.

[2.13.0] - 2022-10-25

This version drops support for kubernetes versions below 1.22.0.

Updates

  • Update kong/kubernetes-ingress-controller to 2.7.0. More information can be found in the Changelog entry of the kong kubernetes Ingress controller.

2.12.0 - 2022-09-20

Added

  • Service for scraping metrics from ingress controller

Updates

2.11.0 - 2022-08-03

Updates

2.10.1 - 2022-07-29

Updates

  • Update kubectl container image to 1.24.2 in CRD install job.

Fixes

  • Make sure all container images use the same container registry.

2.10.0 - 2022-06-02

Updates

  • Enable PodDisruptionBudget to require at least one pod running.
  • Increase default replica count to two.
  • Change default affinity to prevent scheduling on the same node.
  • Align with upstream chart version 2.8.2 (Changes in upstream repository)

2.9.0 - 2022-04-14

This release contains a breaking change introduced by a change to the spec.controller value of the IngressClass installed by this Helm chart.

Before upgrading to this version, you'll need to manually delete the IngressClass managed by this Helm chart.

kubectl delete ingressclass <class name, "kong" by default>

More information in the upstream "Upgrade considerations" documentation.

Updates

2.8.0 - 2022-03-28

Added

  • Added team ownership to default labels.
  • Default affinity and topologySpreadConstraints to make sure pods are spread evenly across zones.

2.7.2 - 2022-03-10

Fixes

  • Pin user and group ID to 1000 in CRD install helm hook job

2.7.1 - 2022-02-16

Fixes

  • Handle empty image.registry in CRD install job

2.7.0 - 2022-02-16

Added

  • CRD update job via helm hooks

Updates

  • Align with upstream chart version 2.7.0
  • Update kong/kubernetes-ingress-controller to 2.2.1

2.6.0 - 2022-02-11

Fixes

  • Disable Secrets creation validation in ValidatingWebhookConfiguration. This fixes deployments with ingressController.admissionWebhook.enabled in values.

Updates

2.5.0 - 2022-01-18

Added

  • Adds KIC startupProbes to allow longer boot times in big clusters. As stated in upstream docs, during boot time it gathers all Services, Endpoints and Secrets on the cluster, which can take longer than the liveness probe threshold.

2.4.0 - 2022-01-12

Breaking Changes

  • KIC now defaults to version 2.1. If you use a database, you must first perform a temporary intermediate upgrade to disable KIC before upgrading it to 2.x and re-enabling it. See the upgrade guide for detailed instructions.
  • ServiceAccount are now always created by default unless explicitly disabled. ServiceAccount customization has moved under the deployment section of configuration to reflect this. This accommodates configurations that need a ServiceAccount but that do not use the ingress controller. (#455)

Updates

  • Align with upstream chart 2.6.4
  • Default Kong IC version updated to 2.1
  • Default Kong proxy version updated to 2.7

Note chart versions 2.3.0 through 2.5.0 contained an incorrect KongIngress CRD. The proxy.path field was missing. Helm will not fix this automatically on upgrade. You can fix it by running:

kubectl apply -f https://raw.githubusercontent.com/Kong/charts/main/charts/kong/crds/custom-resource-definitions.yaml

For a detailed description of all the changes please check the upstream changelog

2.3.5 - 2021-12-14

Added

  • Adds annotation giantswarm.io/monitoring-app-label to metrics (status) service as a persistent identifier for monitoring

2.3.4 - 2021-12-02

Fixed

  • metricsService template and default values to align with chart design
  • remove un-required podAnnotations from values.yaml

Added

  • required serviceAnnotations to values.yaml
  • label giantswarm.io/service-type: "managed" so managed app monitoring rules are applied

2.3.3 - 2021-11-24

Added

  • Add monitoring label so Kong is scraped by monitoring infrastructure.

2.3.2 - 2021-10-05

Added

  • Option to specify Min Ready Seconds to kong deployment to mitigate kong dropping traffic during upgrades.

2.3.1 - 2021-09-14

Fixed

  • Fix lookup for CA secret for admission webhook.

2.3.0 - 2021-08-25

Breaking Changes

Please check "Breaking Changes" paragraph of upstream changelog for details

Overview:

  • Upgraded CRDs to V1 from the previous deprecated v1beta1.
  • Added support for controller metrics ot the Prometheus resources.

Updates

  • Align with upstream chart 2.3.0 which includes updates for kong to 2.5 and kong ingress controller 1.3.0. For more information check the linked changelogs.

2.1.0 - 2021-06-15

Updates

  • Update to align with upstream chart 2.1.0 which includes updates for kong to 2.4.1 and kong ingress controller 1.2.0. For more information check the linked changelogs.

2.0.0 - 2021-05-07

2.0.0 marks the stable release of synchronization with upstream 2.0.0.

Make sure to review the upstream changelog and the upgrade documentation.

1.2.0 - 2021-03-04

IMPORTANT

1.15.0 is an interim release before the planned release of 2.0.0. There were several feature changes we wanted to release prior to the removal of deprecated functionality for 2.0. The original planned deprecations covered in the 1.14.0 changelog are still planned for 2.0.0.

This update bundles all changes since upstream chart version 1.12.0

Make sure to review the upstream changelog and the upgrade documentation.

Updates

  • architect-orb 0.18.1 --> 2.1.0
  • Kong 2.2 --> 2.3
  • upstream chart 1.12.0 --> 1.15.0

See upgrade documentation for detailed list of changes and improvements.

1.1.4 - 2021-04-15

Updated

  • Update kong image version to 2.2.3

Reference:

[.1.1.3] - 2021-04-14

Added

  • Fix for golang 1.15 deprecation of "legacy Common Name field"

Reference:

1.1.2 - 2021-03-02

Changed

  • Do not set waitImage.repository in alignment with upstream.

1.1.1 - 2021-03-02

Added

  • Added values.schema.json for validation of default values

Fixed

  • Change waitImage values to make migration pods work. #100

v1.1.0 - 2020-12-02

Updated

  • Update architect-orb to 0.18.1
  • Sync with upstream chart 1.12.0. Please check the upstream changelog.

v1.0.0 - 2020-10-13

Breaking changes

  • Kong Ingress Controller 1.0 removes support for several deprecated flags and the KongCredential custom resource. Please see the controller changelog for details. Note that Helm 3 will not remove the KongCredential CRD by default: you should delete it manually after converting KongCredentials to credential Secrets. If you manage CRDs using Helm (check to see if your KongCredential CRD has a app.kubernetes.io/managed-by: Helm label), perform the credential Secret conversion before upgrading to chart 1.11.0 to avoid losing credential configuration.
  • The chart no longer uses the extensions API for PodSecurityPolicy, and now uses the modern policy API. This breaks compatibility with Kubernetes versions 1.11 and older. (#195)

Updated

  • Update architect-orb to 0.11.0
  • Sync with upstream chart 1.11.0
  • Please check the upstream CHANGELOG.md

Changed

  • Change upstream default branch in upstream-sync script

v0.9.2 - 2020-10-29

Added

  • Add minReadySeconds to deployment template as optional parameter

Updated

  • architect-orb 0.11.0 -> 0.14.0
  • github workflow

v0.9.1 - 2020-09-07

Changed

  • Split registry value to allow switching registry.

v0.9.0 - 2020-08-25

Updated

  • Upgraded architect-orb to 0.10.0
  • Add github workflows for release automation
  • Sync with upstream chart v1.8.0
  • Update busybox 1.31.0 -> 1.32.0

Improvements

From upstream CHANGELOG:

  • Update default Kong version to 2.1.
  • Update Kong Enterprise images to 1.5.0.4 (kong-enterprise-edition) and 2.0.4.2 (kong-enterprise-k8s).
  • Updated default controller version to 0.9.1. (#150)
  • Added support for ServiceMonitor targetLabels (for use with the Prometheus Operator). (#162)
  • Automatically handle the new port_maps setting for the proxy service. (#169)
  • Add support for hybrid mode deployments. (#160)

Fixed

  • Uses fix from upstream-branch next to resolve issue "CONTROLLER_ADMISSION_WEBHOOK_LISTEN" which overwrites our fix below.
    • Force cast to string for Admission Webhook port #59

v0.8.3 - 2020-06-17

Fixed

  • Fix template helpers issue converting port number for the webhook endpoint.

v0.8.2 - 2020-06-02

Added

  • Added dates to CHANELOG entries.

Info

  • Existing v0.8.2 git tag got updated by mistake in attempt to make next release. This changelog entry was added to avoid any confusion, even though change made in the release is not so much customer relevant.

v0.8.1 - 2020-06-02

  • Sync with upstream - v1.6.1
  • Bump version of Kong Ingress Controller - 0.9.0
  • ingressController.installCRDs default set to false

v0.8.0 - 2020-05-26

  • Sync with upstream - v1.5.0
  • Bump Kong version - v2.0.4
  • Bump Kong Ingress Controller version - v0.8.1

v0.7.2 - 2020-03-31

Updated

  • Enable Giant Swarm monitoring
  • Set default ingressClass to kong-app. See #48

v0.7.1

Updated

  • Fix chart apiVersion

v0.7.0

Updated

  • Sync with upstream v1.3.0
  • Kong version bumped to 2.0.1
  • Kong Ingress controller bumped to 0.7.1

v0.6.2

Add

  • Refactor how plugins are mounted, now support multiple subdirectories.

v0.6.1

Fix

  • Issue #41 : Helm upgrade causes service account to be recreated (recreating service token)

v0.6.0

Updated

  • Pull upstream v1.1.1

Fixed

  • Issue #38 : Migration init job hangs when using your own DB
  • PR #40 : Fix Helm upgrade failing

v0.5.3

Updated

  • Pull in changes from upstream v1.0.1

v0.5.2

Updated

v0.5.1

Changed

  • Remove registry from values

v0.5.0

Changed

Updated

  • README contains some more information

v0.4.6

Added

v0.4.5

Added

  • Add support for plugins which require multiple configmaps.

v0.4.4

Removed

  • Remove the stale custom plugin configmap.

v0.4.3

Added

  • Add Postgres user and database name as environment variables in the proper templates.

v0.4.2

Changed

  • Change wait container image for kong to init properly DB deployment

v0.4.1

Changed

  • Add registry in all wait images entries to make it deployable in all regions
  • Use a fixed busybox version for wait images to make it deterministic

v0.4.0

Added

  • Add support for validation controller as optional.
  • Add option to configure a horizontal pod autoscaler.

v0.3.0

Updated

  • Add new version of Kong and Kong ingress controller.
  • Add option to deploy redis for rate limiting plugin.
  • Add support to configure custom plugins.

v0.2.0

Updated

  • Use retagged images.
  • Use ClusterIP for all services except proxy which uses LoadBalancer.
  • Add support for an external PostgreSQL database.

v0.1.0

Added

  • Add first version of the kong-app chart based on the community Kong chart.

Updated

  • Enable Kong Ingress Controller mode.
  • Use service of type Load Balancer for the Kong proxy service.
  • Disable using Postgres and use Kubernetes resources for storing state.