Releases: GoogleCloudPlatform/k8s-config-connector
v1.127.0
- Special shout-outs to @acpana, @anhdle-sso, @cheftako, @ericpang777, @gemmahou, @haiyanmeng, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @nb-goog, @xiaoweim, @yuwenma, @ziyue-101 for their contributions to this release.
Announcement
New Beta Resources (Direct Reconciler):
New Fields:
-
BigQueryDataTransferConfig
- Added
spec.scheduleOptionsV2
to customize the different types of data transfer schedule. - Added
status.observedState.error
with detailed information about reason of the latest config failure.
- Added
-
GKEHubFeatureMembership
- Added
spec.configmanagement.management
to enable Config Sync Auto Upgrade. This is an opt-in feature and you need to turn on thealpha.cnrm.cloud.google.com/reconciler: direct
annotation on the object.
- Added
Modified Beta Reconciliation
We added the direct controller support for the following 3 resources to enhance the reliability and performance. Add alpha.cnrm.cloud.google.com/reconciler: direct
annotation on the object to use the direct controller. CRD is backward compatible.
-
GKEHubFeatureMembership
- Added Config Sync Auto-Upgrade support.
-
SecretManagerSecret
- #510 Enhanced
spec.rotation.nextRotationTime
to use a fixed datetime value to avoid relativenow()
friction. - #1081 Fixed the
spec.replication.auto
immutable issue - #3051 Fixed the
spec.rotation.rotationPeriod
immutable issue - Added the in-use version aliases in
status.observedState.versionAliases
- Resolved update stalling issues.
- Clarify the TTL use. See the problems and share your use in #3395
- #510 Enhanced
-
SecretManagerSecretVersion
- Resolved update stalling caused by
DependencyNotReady
errors. - Fixed the friction in
spec.enabled
that enabling/disabling a secret version does not always take effect in GCP. - API Behavior Change The service generated ID is changed from
spec.resourceID
tostatus.version
withstatus.externalRef
(new field) to guardrail the identity. See the rational behind and share your feedback in #3445
- Resolved update stalling caused by
Fixes
Dataflowflextemplatejob
subnetwork validation error. Error messageshould match regions/REGION/subnetworks/SUBNETWORK
v1.126.0
- Special shout-outs to @acpana, @Camila-B, @cheftako, @ericpang777, @gemmahou, @himanikh, @jasonvigil, @jingyih, @jsoref, @justinsb, @maqiuyujoyce, @nb-goog, @xiaoweim, @yuwenma, @ziyue-101 for their contributions to this release.
Announcement
- Config Connector system management CRDs
ControllerReconciler
andNamespacedControllerReconciler
are promoted to Beta. See how to configure the Controller manager rate limit.
New Beta Resources (Direct Reconciler):
-
- Manage the metadata needed to perform a Big Query data transfer.
-
- Manage the provisioning of a CryptoKey.
New Fields:
-
IAMPolicyMember
- Use Service Account from BigQueryConnectionConnection via
spec.memberFrom.bigQueryConnectionConnectionRef
. See example on IAMPolicyMember use BigqueryConectionConnection "cloudSQL"
- Use Service Account from BigQueryConnectionConnection via
-
IAMPartialPolicy
- Use Service Account from BigQueryConnectionConnection via
spec.memberFrom.bigQueryConnectionConnectionRef
.
- Use Service Account from BigQueryConnectionConnection via
New Alpha Resources (Direct Reconciler):
- Add new resource
WorkstationConfig
v1.125.0
- Special shout-outs to @600lyy, @acpana, @anhdle-sso, @cheftako, @ericpang777, @gemmahou, @hankfreund, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @nb-goog, @svetakvsundhar, @xiaoweim, @yuwenma, @zicongmei, @ziyue-101 for their contributions to this release.
New Beta Resources (Direct Reconciler):
-
- Manage connections to connect to Google services and external data sources
-
BigQueryAnalyticsHubDataExchange
- Manage data exchange to enable self-service data sharing
-
PrivilegedAccessManagerEntitlement
- Manage entitlements to grant for projects, folders, and organizations
-
- Manage workstation cluster to define a group of workstations in a particular region and the VPC network they're attached to.
New Alpha Resources (Direct Reconciler):
-
KMSAutokeyConfig
- Manage the KMS auto key which simplifies the CMEKs provisioning and assignment.
New Fields:
AlloyDBInstance
(Beta)- Added
spec.networkConfig.enableOutboundPublicIp
field. - Added
status.outboundPublicIpAddresses
field.
- Added
Reconciliation Improvements
We've enhanced the following resources with a new direct controller, boosting their reliability and performance. While they'll continue to function with their existing Terraform-based or DCL-based controllers by default, the direct controller offers significant improvements. Notably, this enhancement doesn't require any changes to the resource CRD.
-
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on the SQLInstance CR object to opt-in the direct controller. - The direct reconciler contains 2 fix and improvement:
- Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
- Supports "creating from clone" via
spec.cloneSource
- You can use the
-
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on theComputeFirewallPolicyRule
CR object to opt-in the direct controller, which fixes thetargetResources
error required value "priority" could not be found.
- You can use the
New features:
-
Add cluster mode to manage the rate-limit for the Config Connector requests
- In v1.119, we added rate-limit control in namespace mode. Users can configure the
NamespacedControllerReconciler
object (Alpha) to set the rate-limit for the reconciling requests to the kube-apiserver for their Config Connector resources. - In this release, we add this feature for cluster mode. User can configure the
ControllerReconciler
object (Alpha) to set the rate-limit for all their cnrm manager controllers in the cluster. This example shows how to set up the configuration.
- In v1.119, we added rate-limit control in namespace mode. Users can configure the
Bug Fixes:
- Issue 3007 ComputeBackendService cannot refer clientTLSPolicy due to invalid format
- Issue 2973 kubelet_config has
insecure_kubelet_readonly_port_enabled: true
set even if not configured in theContainerNodePool
object. - Issue 3140 BigQueryConnectionConnection requires UUID to acquire the resource.
v1.124.0
v1.124.0
- Special shout-outs to @600lyy, @acpana, @anhdle-sso, @benjamin-maynard, @cheftako, @gemmahou, @hankfreund, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @nancynh, @svetakvsundhar, @xiaoweim, @yuwenma for their contributions to this release.
Announcement
Simplified and More Reliable Resource Development
- We launched a major improvement to the Config Connector resource development! Our new approach significantly enhances reliability and provides a more native Kubernetes experience. Learn more in our guide
New Beta Resources (Direct Reconciler):
RedisCluster
New Fields:
-
CertificateManagerDNSAuthorization
- Added
spec.Location
field.
- Added
-
ComputeForwardingRule
- Added
spec.target.googleApisBundle
field (allowed valuesall-apis
orvpc-sc
). Note, when configured this field, you are using the new Direct reconciliation.
- Added
Resources moved to direct reconciliation
We migrated the following reconciliation from the TF-based or DCL-based controller to the new Direct controller to enhance the reliability and performance. The resource CRD is unchanged.
CertificateManagerDNSAuthorization
New Alpha Resources (Direct Reconciler):
PrivilegedAccessManagerEntitlement
BigQueryAnalyticsHubDataExchange
v1.123.1
-
We do not recommend using 1.123.0 as it contains regression issues around the "state-into-spec" defaulting for resources
CloudIdentityGroup
,CloudBuildTrigger
andFirestoreIndex
. -
Special shout-outs to @600lyy ,@acpana ,@anhdle-sso ,@gemmahou ,@hankfreund ,@jasonvigil ,@jingyih ,@justinsb ,@maqiuyujoyce ,@nb-goog ,@xiaoweim ,@yuwenma ,@ziyue-101 for their contributions to this release.
Announcement
-
Starting from this version, all the new CRs (CustomResources) will have the
cnrm.cloud.google.com/state-into-spec
annotation defaulted toabsent
. This means Config Connector will not populate any unspecified fields into thespec
after a successful reconciliation of the resource. The behavior of existing CRs will not be impacted. More details about the Absent behavior can be found here. -
You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation onDataflowFlexTemplateJob
resource to opt-in
the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.
Direct Cloud Reconciler:
BigQueryDataTransferConfig
(v1alpha1)BigQueryConnectionConnection
(v1alpha1)
Resources promoted from alpha to beta:
DataformRepository
is now a v1beta1 resource.
New Resources:
- Added support for
FirestoreDatabase
(v1alpha1) resource.
New Fields:
- BigQueryConnectionConnection
- Added
spec.cloudSql
- Added
Bug Fixes:
v1.122.0
v1.122.0
- Special shout-outs to @600lyy, @acpana, @anhdle-sso, @barney-s, @CyberHippo, @gemmahou, @haiyanmeng, @hankfreund, @himanikh, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @marko7460, @xiaoweim, @yuwenma, @ziyue-101 for their contributions to this release.
Direct Cloud Reconciler:
RedisCluster
(v1alpha1)SQLInstance
New Resources:
- Added support for
RedisCluster
(v1alpha1) resource.
New Fields:
-
ContainerCluster
- The
spec.nodeConfig.taint
can be updated.
- The
-
ContainerNodePool
- The
spec.nodeConfig.taint
can be updated.
- The
-
SQLInstance
- Add the
spec.cloneSource
.
- Add the
-
RunJob
- Add the
spec.template.template.volumes[].cloudSqlInstance
- Add the
v1.121.0
v1.121.0
- Special shout-outs to @600lyy, @acpana, @barney-s, @gemmahou, @haiyanmeng, @hankfreund, @jasonvigil, @jiefenghe, @jingyih, @justinsb, @maqiuyujoyce, @ostrain, @xiaoweim, @yuwenma, @ziyue-101 for their contributions to this release.
Announcement
- We plan to apply the
state-into-spec
default valueAbsent
to all the ConfigConnector clusters in the v1.123 (next to the next release).
Direct Cloud Reconciler:
DataformRepository
(v1alpha1)
Fixes:
-
BigtableInstance
- When autoscaling is enabled (
spec.cluster[].autoscalingConfig.
), do not usenumNodes
(spec.cluster[].numNodes=2
) as that applies only to manual scaling.
- When autoscaling is enabled (
-
BigQueryConnection
- Added
status.observedState
field to store the output-only fields which are previously mistakenly defined inspec
.
- Added
New Fields
BigQueryTable
- Added
spec.requirePartitionFilter
field.
- Added
v1.120.1
-
IAM configuration can now be applied to
PrivateCACAPool
, using our direct-actuation approach. -
You can configure the ConfigConnector operator to roll back to install the v1.119.0 CRDs by specifying
spec.version: 1.119.0
in theConfigConnectorContext
CR (namespaced mode). -
Special shout-outs to @600lyy,@acpana,@barney-s,@coperni,@gemmahou,@hankfreund,@jasonvigil,@justinsb,@maqiuyujoyce,@nancynh,@xiaoweim,@yuwenma,@zicongmei,@ziyue-101 for their contributions to this release.
Direct Cloud Reconciler:
CloudBuildWorkerPool
MonitoringDashboard
Resources promoted from alpha to beta:
CloudBuildWorkerPool
CloudIDSEndpoint
ComputeMangedSSLCertificate
New Fields:
-
AlloyDBInstance
- Added
networkConfig
field to support Public-IP feature.
- Added
-
MonitoringAlertPolicy
- Added
spec.severity
field.
- Added
-
MonitoringDashboard
-
Added
dashboardFilters
support. -
Added
alertChart
widgets. -
Added
collapsibleGroup
widgets. -
Added
pieChart
widgets. -
Added
sectionHeader
widgets. -
Added
singleViewGroup
widgets. -
Added
timeSeriesTable
widgets. -
Added
blankView
toscorecard
widgets. -
Added
dataSets.targetAxis
andy2Axis
fields toxyChart
widgets. -
Added
id
field to all widgets. -
Added
prometheusQuery
andoutputFullDuration
to timeSeriesQuery. -
Added
style
fields to text widgets. -
Added
targetAxis
field to thresholds.
-
-
StorageBucket
- Added
spec.softDeletePolicy
field. - Added
status.observedState.softDeletePolicy
field.
- Added
v1.119.0
- This release adds options to configure the reconciliation of the ConfigConnector
- This release adds several new resources and fields.
- Special shout-outs to @acpana, @anhdle-sso, @barney-s, @cheftako, @gemmahou, @hankfreund, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @varsharmavs, @xiaoweim, @yuwenma, @zicongmei, @ziyue-101 for their
contributions to this release.
New features:
-
Add options to configure the reconciliation of the ConfigConnector controller
- Added a new
ControllerReconciler
CRD (v1alpha1). See example - This feature allows users to customize the client-side kube-apiserver request rate limit.
- Added a new
-
Continue moving towards Direct Actuation as our preferred mechanism.
- The default reconciler now uses Direct Actuation, if the ConfigConnector CRD does not have a
cnrm.cloud.google.com/tf2crd: "true"
orcnrm.cloud.google.com/dcl2crd: "true"
label.
- The default reconciler now uses Direct Actuation, if the ConfigConnector CRD does not have a
New Resources:
CloudBuildWorkerPool
- Added
CloudBuildWorkerPool
(v1alpha1) resource for servicecloudbuild
. - This resource uses Direct Actuation.
- Added
New Fields:
-
ComputeForwardingRule
- Added the
spec.target.serviceAttachmentRef
field, allowing aComputeForwaringRule
to target aComputeServiceAttachment
.
- Added the
-
ContainerCluster
- Added previous output-only spec fields to
status.observedState
- Added
status.observedState.masterAuth.clusterCaCertificate
- Added
status.observedState.privateClusterConfig.privateEndpoint
- Added
status.observedState.privateClusterConfig.publicEndpoint
- Added
- Added previous output-only spec fields to
v1.118.1
-
This release introduces our new direct-reconciliation mechanism to reconcile KCC resources (without relying on terraform). Currently it only applies to
LoggingLogMetric
. -
Special shout-outs to @199201shubhamsahu, @acpana, @anhdle-sso, @barney-s, @cheftako, @gemmahou, @jingyih, @justinsb, @katrielt, @vmiglani, @xiaoweim and @yuwenma for their
contributions to this release.
Direct Cloud Reconciler:
LoggingLogMetric
- This resource no longer depends on Terraform. Its reconciliation is moved to a KCC direct controller.
- This is our very first KCC directly-reconciled resource. We will announce more in the upcoming releases. 🎉🎉🎉
New Resource:
ComputeNetworkFirewallPolicyRule
(alpha)
New Fields:
LoggingLogMetric
- Add the
spec.loggingLogBucketRef
field to support bucket reference.
- Add the
Fixes:
SQLInstance
- Fix the permanent diff bug in
spec.settings.edition
update.
- Fix the permanent diff bug in