The v1.3.0 release introduces a new family provider provider-aws-kafkaconnect, new resources, bug fixes, and dependency updates.
This release also introduces a credential cache for IRSA authentication, which greatly reduces the number of AWS STS calls the provider makes. This cache is currently only employed for IRSA configurations. Please refer to the description here for the results of some experiments and the observed improvements in those experiments.
Also in this release, we add the API call counters for the provider. An example for the new metrics is as follows:
# HELP upjet_resource_external_api_calls_total The number of external API calls.
# TYPE upjet_resource_external_api_calls_total counter
upjet_resource_external_api_calls_total{operation="AssumeRole",service="STS"} 2
upjet_resource_external_api_calls_total{operation="AssumeRoleWithWebIdentity",service="STS"} 1
upjet_resource_external_api_calls_total{operation="CreateRole",service="IAM"} 1
upjet_resource_external_api_calls_total{operation="GetCallerIdentity",service="STS"} 1
upjet_resource_external_api_calls_total{operation="GetRole",service="IAM"} 61
upjet_resource_external_api_calls_total{operation="GetRolePolicy",service="IAM"} 60
upjet_resource_external_api_calls_total{operation="ListAttachedRolePolicies",service="IAM"} 60
upjet_resource_external_api_calls_total{operation="ListRolePolicies",service="IAM"} 60
upjet_resource_external_api_calls_total{operation="PutRolePolicy",service="IAM"} 1
Please refer to the description of this PR for the details.
Support for New Resources
User.memorydb.aws.upbound.io/v1beta1Connector.kafkaconnect.aws.upbound.io/v1beta1CustomPlugin.kafkaconnect.aws.upbound.io/v1beta1WorkerConfiguration.kafkaconnect.aws.upbound.io/v1beta1
Bug Fixes
- [Bug]: IAM Role inlinePolicy conflicting with IAM RolePolicy #1207
- Excessive calls to AssumeRoleWithWebIdentity w/ IRSA #997
What's Changed
- Add Matt Bush (mbbush) as maintainer by @jeanduplessis in #1214
- Generate license headers for setup.go files by consuming the latest commit of upjet by @sergenyalcin in #1216
- fix(example): remove spec.forProvider.name for iam policy examples by @haarchri in #1219
- Add region parameter back to TF setup.Configuration by @erhancagirici in #1221
- Log a deprecation message when the monolithic provider is run by @sergenyalcin in #1230
- Update kubernetes patches by @renovate in #1201
- Update actions/checkout digest to b4ffde6 by @renovate in #1206
- Update actions/cache digest by @renovate in #1205
- Update docker/setup-buildx-action digest to 2b51285 by @renovate in #1236
- Update fkirc/skip-duplicate-actions action to v5.3.1 by @renovate in #1237
- Add memorydb _user by @stevendborrelli in #1170
- Update authentication document for WebIdentity by @turkenf in #1171
- Update actions/cache action to v4 by @renovate in #1238
- Update actions/setup-go action to v5 by @renovate in #1239
- Skip late initialization for several duplicate resource policy fields by @mbbush in #1213
- Count external API calls by @mergenci in #1241
- Cache AWS Config's CredentialsProvider to reduce STS calls by @erhancagirici in #1235
- Add support for msk connect resources by @mbbush in #1162
- Use Generation instead of ResourceVersion when computing the cache key by @ulucinar in #1244
Full Changelog: v1.2.1...v1.3.0