GoogleCloudPlatform/k8s-config-connector v1.125.0

on GitHub

• Special shout-outs to @600lyy, @acpana, @anhdle-sso, @cheftako, @ericpang777, @gemmahou, @hankfreund, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @nb-goog, @svetakvsundhar, @xiaoweim, @yuwenma, @zicongmei, @ziyue-101 for their contributions to this release.

New Beta Resources (Direct Reconciler):

• BigQueryConnectionConnection

  • Manage connections to connect to Google services and external data sources

• BigQueryAnalyticsHubDataExchange

  • Manage data exchange to enable self-service data sharing

• PrivilegedAccessManagerEntitlement

  • Manage entitlements to grant for projects, folders, and organizations

• WorkstationCluster

  • Manage workstation cluster to define a group of workstations in a particular region and the VPC network they're attached to.

New Alpha Resources (Direct Reconciler):

• KMSAutokeyConfig

  • Manage the KMS auto key which simplifies the CMEKs provisioning and assignment.

New Fields:

• AlloyDBInstance (Beta)
  • Added spec.networkConfig.enableOutboundPublicIp field.
  • Added status.outboundPublicIpAddresses field.

Reconciliation Improvements

We migrated the following resources from the Terraform-based or DCL-based controller to the new Direct Controller to enhance the reliability and performance. The resource CRD is unchanged.

• SQLInstance

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the SQLInstance CR object to opt-in the direct controller.
  • The direct reconciler contains 2 fix and improvement:
    • Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
    • Supports "creating from clone" via spec.cloneSource

• ComputeFirewallPolicyRule

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the ComputeFirewallPolicyRule CR object to opt-in the direct controller, which fixes the targetResources error required value "priority" could not be found.

New features:

• Add cluster mode to manage the rate-limit for the Config Connector requests

  • In v1.119, we added rate-limit control in namespace mode. Users can configure NamespacedControllerReconciler object (Alpha) to set the rate-limit for the reconciling requests to the kube-apiserver for their Config Connector resources.
  • In this release, we add this feature for cluster mode. User can configure ControllerReconciler object (Alpha) to set the rate-limit for all their cnrm manager controllers in the cluster. This example shows how to set up the configuration.

Bug Fixes:

• Issue 3007 ComputeBackendService cannot refer clientTLSPolicy due to invalid format
• Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true set even if not configured in the ContainerNodePool object.
• Issue 3140 BigQueryConnectionConnection requires UUID to acquire the resource.