Skip to content

Releases: GoogleCloudPlatform/k8s-config-connector

v1.127.0

23 Dec 21:21
Compare
Choose a tag to compare

Announcement

New Beta Resources (Direct Reconciler):

New Fields:

  • BigQueryDataTransferConfig

    • Added spec.scheduleOptionsV2 to customize the different types of data transfer schedule.
    • Added status.observedState.error with detailed information about reason of the latest config failure.
  • GKEHubFeatureMembership

    • Added spec.configmanagement.management to enable Config Sync Auto Upgrade. This is an opt-in feature and you need to turn on the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object.

Modified Beta Reconciliation

We added the direct controller support for the following 3 resources to enhance the reliability and performance. Add alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object to use the direct controller. CRD is backward compatible.

  • GKEHubFeatureMembership

    • Added Config Sync Auto-Upgrade support.
  • SecretManagerSecret

    • #510 Enhanced spec.rotation.nextRotationTime to use a fixed datetime value to avoid relative now() friction.
    • #1081 Fixed the spec.replication.auto immutable issue
    • #3051 Fixed the spec.rotation.rotationPeriod immutable issue
    • Added the in-use version aliases in status.observedState.versionAliases
    • Resolved update stalling issues.
    • Clarify the TTL use. See the problems and share your use in #3395
  • SecretManagerSecretVersion

    • Resolved update stalling caused by DependencyNotReady errors.
    • Fixed the friction in spec.enabled that enabling/disabling a secret version does not always take effect in GCP.
    • API Behavior Change The service generated ID is changed from spec.resourceID to status.version with status.externalRef (new field) to guardrail the identity. See the rational behind and share your feedback in #3445

Fixes

  • Dataflowflextemplatejob subnetwork validation error. Error message should match regions/REGION/subnetworks/SUBNETWORK

v1.126.0

11 Dec 02:40
241533c
Compare
Choose a tag to compare

Announcement

New Beta Resources (Direct Reconciler):

New Fields:

  • IAMPolicyMember

    • Use Service Account from BigQueryConnectionConnection via spec.memberFrom.bigQueryConnectionConnectionRef. See example on IAMPolicyMember use BigqueryConectionConnection "cloudSQL"
  • IAMPartialPolicy

    • Use Service Account from BigQueryConnectionConnection via spec.memberFrom.bigQueryConnectionConnectionRef.

New Alpha Resources (Direct Reconciler):

v1.125.0

14 Nov 16:25
75e05f0
Compare
Choose a tag to compare

New Beta Resources (Direct Reconciler):

New Alpha Resources (Direct Reconciler):

  • KMSAutokeyConfig

    • Manage the KMS auto key which simplifies the CMEKs provisioning and assignment.

New Fields:

  • AlloyDBInstance (Beta)
    • Added spec.networkConfig.enableOutboundPublicIp field.
    • Added status.outboundPublicIpAddresses field.

Reconciliation Improvements

We've enhanced the following resources with a new direct controller, boosting their reliability and performance. While they'll continue to function with their existing Terraform-based or DCL-based controllers by default, the direct controller offers significant improvements. Notably, this enhancement doesn't require any changes to the resource CRD.

  • SQLInstance

    • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the SQLInstance CR object to opt-in the direct controller.
    • The direct reconciler contains 2 fix and improvement:
      • Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
      • Supports "creating from clone" via spec.cloneSource
  • ComputeFirewallPolicyRule

    • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the ComputeFirewallPolicyRule CR object to opt-in the direct controller, which fixes the targetResources error required value "priority" could not be found.

New features:

  • Add cluster mode to manage the rate-limit for the Config Connector requests

    • In v1.119, we added rate-limit control in namespace mode. Users can configure the NamespacedControllerReconciler object (Alpha) to set the rate-limit for the reconciling requests to the kube-apiserver for their Config Connector resources.
    • In this release, we add this feature for cluster mode. User can configure the ControllerReconciler object (Alpha) to set the rate-limit for all their cnrm manager controllers in the cluster. This example shows how to set up the configuration.

Bug Fixes:

  • Issue 3007 ComputeBackendService cannot refer clientTLSPolicy due to invalid format
  • Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true set even if not configured in the ContainerNodePool object.
  • Issue 3140 BigQueryConnectionConnection requires UUID to acquire the resource.

v1.124.0

17 Oct 01:11
cb2b22c
Compare
Choose a tag to compare

v1.124.0

Announcement

Simplified and More Reliable Resource Development

  • We launched a major improvement to the Config Connector resource development! Our new approach significantly enhances reliability and provides a more native Kubernetes experience. Learn more in our guide

New Beta Resources (Direct Reconciler):

  • RedisCluster

New Fields:

  • CertificateManagerDNSAuthorization

    • Added spec.Location field.
  • ComputeForwardingRule

    • Added spec.target.googleApisBundle field (allowed values all-apis or vpc-sc). Note, when configured this field, you are using the new Direct reconciliation.

Resources moved to direct reconciliation

We migrated the following reconciliation from the TF-based or DCL-based controller to the new Direct controller to enhance the reliability and performance. The resource CRD is unchanged.

  • CertificateManagerDNSAuthorization

New Alpha Resources (Direct Reconciler):

  • PrivilegedAccessManagerEntitlement
  • BigQueryAnalyticsHubDataExchange

v1.123.1

23 Sep 17:29
b147fdf
Compare
Choose a tag to compare

Announcement

  • Starting from this version, all the new CRs (CustomResources) will have the cnrm.cloud.google.com/state-into-spec annotation defaulted to absent. This means Config Connector will not populate any unspecified fields into the spec after a successful reconciliation of the resource. The behavior of existing CRs will not be impacted. More details about the Absent behavior can be found here.

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on DataflowFlexTemplateJob resource to opt-in
    the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.

Direct Cloud Reconciler:

  • BigQueryDataTransferConfig (v1alpha1)
  • BigQueryConnectionConnection (v1alpha1)

Resources promoted from alpha to beta:

  • DataformRepository is now a v1beta1 resource.

New Resources:

  • Added support for FirestoreDatabase (v1alpha1) resource.

New Fields:

  • BigQueryConnectionConnection
    • Added spec.cloudSql

Bug Fixes:

v1.122.0

11 Sep 13:47
c55a528
Compare
Choose a tag to compare

v1.122.0

Direct Cloud Reconciler:

  • RedisCluster (v1alpha1)
  • SQLInstance

New Resources:

  • Added support for RedisCluster (v1alpha1) resource.

New Fields:

  • ContainerCluster

    • The spec.nodeConfig.taint can be updated.
  • ContainerNodePool

    • The spec.nodeConfig.taint can be updated.
  • SQLInstance

    • Add the spec.cloneSource.
  • RunJob

    • Add the spec.template.template.volumes[].cloudSqlInstance

v1.121.0

05 Aug 18:10
ff23c7c
Compare
Choose a tag to compare

v1.121.0

Announcement

  • We plan to apply the state-into-spec default value Absent to all the ConfigConnector clusters in the v1.123 (next to the next release).

Direct Cloud Reconciler:

  • DataformRepository (v1alpha1)

Fixes:

  • BigtableInstance

    • When autoscaling is enabled (spec.cluster[].autoscalingConfig.), do not use numNodes (spec.cluster[].numNodes=2) as that applies only to manual scaling.
  • BigQueryConnection

    • Added status.observedState field to store the output-only fields which are previously mistakenly defined in spec.

New Fields

  • BigQueryTable
    • Added spec.requirePartitionFilter field.

v1.120.1

09 Jul 06:56
dba659e
Compare
Choose a tag to compare

Direct Cloud Reconciler:

  • CloudBuildWorkerPool
  • MonitoringDashboard

Resources promoted from alpha to beta:

  • CloudBuildWorkerPool
  • CloudIDSEndpoint
  • ComputeMangedSSLCertificate

New Fields:

  • AlloyDBInstance

    • Added networkConfig field to support Public-IP feature.
  • MonitoringAlertPolicy

    • Added spec.severity field.
  • MonitoringDashboard

    • Added dashboardFilters support.

    • Added alertChart widgets.

    • Added collapsibleGroup widgets.

    • Added pieChart widgets.

    • Added sectionHeader widgets.

    • Added singleViewGroup widgets.

    • Added timeSeriesTable widgets.

    • Added blankView to scorecard widgets.

    • Added dataSets.targetAxis and y2Axis fields to xyChart widgets.

    • Added id field to all widgets.

    • Added prometheusQuery and outputFullDuration to timeSeriesQuery.

    • Added style fields to text widgets.

    • Added targetAxis field to thresholds.

  • StorageBucket

    • Added spec.softDeletePolicy field.
    • Added status.observedState.softDeletePolicy field.

v1.119.0

25 Jun 15:09
6abd73c
Compare
Choose a tag to compare

New features:

  • Add options to configure the reconciliation of the ConfigConnector controller

    • Added a new ControllerReconciler CRD (v1alpha1). See example
    • This feature allows users to customize the client-side kube-apiserver request rate limit.
  • Continue moving towards Direct Actuation as our preferred mechanism.

    • The default reconciler now uses Direct Actuation, if the ConfigConnector CRD does not have a cnrm.cloud.google.com/tf2crd: "true" or cnrm.cloud.google.com/dcl2crd: "true" label.

New Resources:

  • CloudBuildWorkerPool
    • Added CloudBuildWorkerPool (v1alpha1) resource for service cloudbuild.
    • This resource uses Direct Actuation.

New Fields:

  • ComputeForwardingRule

    • Added the spec.target.serviceAttachmentRef field, allowing a ComputeForwaringRule to target a ComputeServiceAttachment.
  • ContainerCluster

    • Added previous output-only spec fields to status.observedState
      • Added status.observedState.masterAuth.clusterCaCertificate
      • Added status.observedState.privateClusterConfig.privateEndpoint
      • Added status.observedState.privateClusterConfig.publicEndpoint

v1.118.1

19 May 21:07
Compare
Choose a tag to compare

Direct Cloud Reconciler:

  • LoggingLogMetric
    • This resource no longer depends on Terraform. Its reconciliation is moved to a KCC direct controller.
    • This is our very first KCC directly-reconciled resource. We will announce more in the upcoming releases. 🎉🎉🎉

New Resource:

  • ComputeNetworkFirewallPolicyRule (alpha)

New Fields:

  • LoggingLogMetric
    • Add the spec.loggingLogBucketRef field to support bucket reference.

Fixes:

  • SQLInstance
    • Fix the permanent diff bug in spec.settings.edition update.