What's Changed
New features:
- Added AccessLogPolicy CRD to configure VPC Lattice service network or service Access Log Subscriptions (#424 #430 #442 #437 #471, @xWink)
- Added IAMAuthPolicy CRD to configure VPC Lattice service network or service Auth Policies (#448 #443 #456 #458 #478 #481, @mikhail-aws)
General Improvement and Bug Fixes:
- [Breaking change] Replaced support for multicluster.x-k8s.io ServiceExport and ServiceImport with application-networking.k8s.aws ServiceExport and ServiceImport CRDs [#475, @xWink)
- [Breaking change] Changed Target Groups naming convention and used AWS tags instead of names to identify mapping between k8s services and Lattice target groups. This resolves target group naming conflicts (#457, @erikfuller)
- Added the ownership concept for VPC Lattice services to prevent conflicting routes across clusters by tagging services with identifying information (name, namespace, routeType) and ignoring changes to non-owned services. The first created route takes effect, changes to conflicting routes are ignored. (#466), @solmonk)
- Added managedBy AWS tag to all controller managed VPC Lattice resources (#428, @mikhail-aws)
- Added e2e test for Target Group Policy CRD (#434, @scottlaiaws)
- Removed the controller's hard coded 100 Lattice Targets limit. We can now support the full VPC Lattice Target soft limit. (#470, @zijun726911 )
- Added ability to pass
LATTICE_ENDPOINTandCLUSTER_NAMEenv variable for helm chart [#446 #436, @xWink @zijun726911 )
V0.0.18 Controller Upgrade Instructions
Users of the old multicluster.x-k8s.io ServiceExport and ServiceImport need to migrate to the application-networking.k8s.aws ServiceExport and ServiceImport with the following steps:
- Install the new CRDs
- kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceexports.yaml
- kubectl apply -f config/crds/bases/application-networking.k8s.aws_serviceimports.yaml
- Replace the apiVersion of all ServiceExport or ServiceImport resources from multicluster.x-k8s.io/v1alpha1 to application-networking.k8s.aws/v1alpha1. Example files of ServiceExport and ServiceImport include:
- examples/elasticsearch-export.yaml
- examples/elasticsearch-import.yaml
The target group naming convention has changed in Controller version 0.0.18. For any existing Kubernetes Service and ServiceExport resources in the cluster with corresponding target groups, the controller upgrade will create new target groups using the new naming convention.
Users need to manually delete old target groups that use the previous naming convention.
- Old target group naming convention:
k8s-<namespace>-<route name>-<protocol>-<protocol version> - New target group naming convention:
k8s-<namespace>-<route name>-<random suffix>