Added:
- Added
introspectionoption to enable/disable GraphQL introspection - Added sample for advance cache middleware
- Added following fields for graphql proxy
graphql.proxy.auth_headers,graphql.proxy.subscription_type,graphql.proxy.request_headers,graphql.proxy.use_response_extensions,graphql.proxy.request_headers_rewrite,graphql.proxy.features
Added:
- Added new fields in Tyk Operator helm chart to configure RBAC and Webhook ports.
Fixed:
- Fixed CVE-2023-45288
- Fixed CVE-2024-24786
- Fixed missing OrgID field in ApiDefinition template CRs created by Ingress Controller.
- (samples): Patched GraphQL engine version in the GraphQL proxy examples.
- (samples): update ClusterIssuer samples
Updated:
- Updated Kubernetes versions used in CI for testing to ["v1.25.0", "v1.26.0", "v1.27.0", "v1.28.0", "v1.29.0"]
Fixed:
- Fix creating duplicated APIDefinitions on Tyk in case of cluster failures. If network errors happen while updating the APIDefinition, Tyk Operator retries the reconciliation based on the underlying error type #679
Fixed:
- Fixed a bug that prevents Tyk Operator to work with SecurityPolicy in CE (OSS) Mode.
Now, SecurityPolicy controller will not modify
spec.MID(_id) field in SecurityPolicy.
Added:
- Added
imagePullSecretsconfiguration for ServiceAccount in Tyk Operator Helm chart - Added
tyktocategoriesfield of CRDs. So, from now on, all CRs related to Tyk Operator is grouped intotykcategory and can be displayed viakubectl get tyk. - Added support of analytics plugin
- Added
global_headerssupport for UDG API Definition - Added
detailed_tracingof APIDefinition for OpenTelemetry
Updated
- Updated Go version to 1.21
Fixed:
- Fixed typo in environment package name
Changed:
- Updated golang.org/x/net to v0.13.0
Added
- Added
disabledfeature invalidate_jsonfield of APIDefinition. - Added a new Status resource called
latestTransactionto the APIDefinition CRD which holds information about last reconciliation. Now, any error can be observed there instead of checking Tyk Operator logs. - Added an option to enable
ServiceMonitorin helm charts, in order Prometheus Operator to scrape/metricsendpoint. - Added
extraVolumeandextraVolumeMountsoptions to the helm chart. So, extra volumes can be mounted in Tyk Operator's manager pod, e.g., self-signed certificates.
Fixed
- Check if certificate already exists on tyk before uploading
- Operator throwing lots of errors "the object has been modified; please apply your changes to the latest version and try again" while reconciling security policy
Fixed
- Fixed panic of snapshot tool
Changed
- Changed optional fields of type string and bool to pointers for APIDefinition and Security Policy Custom Resources
- Updated
.spec.graphql.supergraph.subgraphs[].headersfield to allow null values for validation. In the previous versions of Tyk such as v4.0 where.spec.graphql.supergraph.subgraphs[].headersis not supported, exporting such resources by using Snapshot tool, sets these values to null since they are not introduced in v4.0. Allowheadersfield to acceptnullvalues to overcome validation issues.
Added
- Added possibility to set base identity provider
- Added two new Status fields to ApiDefinition and Security Policy CRDs -
latestTykSpecHashandlatestCRDSpecHashto store hash of the lastly reconciled resources. It will be used in comparison to determine sending Update calls to Tyk Gateway or Dashboard or not.
Fixed:
- Operator removes
spec.contextReffrom SecurityPolicy CRs. - Fixed panic happening when adding an ApiDefinition and Ingress with HTTPS when operator talked to OSS gateway
Updated:
- Run tests against latest k8s(v1.26.3) and tyk versions(v5.0)
- Updated go version from 1.17 to 1.19
Removed:
- Operator is no longer tested against k8s v1.19.16
Updated:
- Test each PR against Tyk v4.0 as well.
- Allow Snapshot tool to filter by category regardless of the flags set
- Documentation of snapshot tool, in order to explain how to use Snapshot with Docker.
- Remove hardcoded TLS keys from integration tests to prevent possible CI failures.
Added
- Added hostNetwork Support Issue #532
- snapshot tool can be used with Docker images.
- snapshot tool can now export only SecurityPolicy objects without specifying additional flag for ApiDefinition export.
- Publish docker image for arm64 too during release.
Fixed:
- Remove ORGID from SecurityPolicy CRs while using Snapshot tool #577.
- Prevent reading Kubernetes config while using
operator snapshotas a CLI command (this means you don't need to have a running Kubernetes cluster when runningoperator snapshot). - Fixed reconciliation failures when ApiDefinition does not exist on Tyk storage.
- Fixed BDD tests dependency of
curl. Instead of runningcurlwithin a container, implemented a port-forward mechanism to send raw HTTP requests to pods. - Fixed extra Update calls to Tyk GW / Dashboard. If no changes are made to ApiDefinition resource, Operator won't send a request to Tyk GW / Dashboard.
- Updated
control-planelabels fromcontroller-managertotyk-operator-controller-managerto avoid selector issues.
Updated
- Added new field
LinkedAPIsin status of security policies.
Added
- Added Basic Authentication support Issue #534
- Added support for security policies in OSS #357
- Added nodeSelector support Issue #551
- Added support to policy fields that apply to GraphQL.
Fixed
- Attempting to remove an ApiDefinition fails if previously associated to a SecurityPolicy #431
- Operator was failing to remove finalizers from ApiDefinition that was already deleted in Dashboard #469
- Fixed the problem of linking existing security policies while migration #204
- Fix Security Policy tests
Added
- Added support of API Ownership #483
- Added PoC tool that helps migration of existing ApiDefinition & SecurityPolicies from Dashboard to Kubernetes environment. #481
- Added integration tests using venom framework
Fixed
- Fixed user email format used in integration tests since e2e tests were failing after Tyk v4.0.6 was released #510
- Fixed bug in linking logic of SubGraph CR and ApiDefinition CR #522.
- Operator was panicking when invalid certificate was provided #529
Added
- Added support of client mTLS
- Added support for Go auth custom plugins
Fixed
- Dashboard client to fetch all Policy objects from the Dashboard #503.
Documentation
- Added how Tyk Ingress Controller generates API names
Helm chart
- Changed default version of operator tag from latest to latest stable release
Added
- PoC support of GraphQL Federation on Tyk Operator. It is still WIP.
- Added support of Global Rate-Limiting at the API Level.
Documentation
- Verified support of Host based routing
- Added GoLand IDE integration
Changed
- Makefile:
releasetarget now replaces operator tag version with the release version inhelm/values.yamlfile.
Breaking Changes:
do_not_trackfield's default value is changed fromtruetofalse, to make default behaviour inline with Tyk Dashboard/Gateway. Therefore, Analytics for API will be enabled by default from this version. A user have to explicitly disable it by settingdo_not_trackfield value totrue.
Added:
- Added an example YAML manifest for Endpoint Tracking.
- Added Support of Auth Headers while creating GraphQL ProxyOnly API
- Added Certificate Pinning support in the Tyk Operator #405
- Added Upstream mTLS gateway parameters that references a secret that contains the upstream certificate
Documentation
- Added documentation for GraphQL ProxyOnly API
- Added documentation and examples for using manually uploaded certificates for upstream mTLS
Fixed:
- Fixed a bug in which ApiDefinition CRDs were wrongly mutated
Changed:
- Installation: Preloading of images during is turned off by default. It can turned on by setting
TYK_OPERATOR_PRELOAD_IMAGESto true.
v0.8.2 (2022-03-14)
Added:
- Add a description on how to modify Tyk Operator Configuration #362
- Support GraphQL documentation on developer portal catalogue #358
- Expose
config_datafield to the custom resources #356 - Document current support of prefix and exact path matching #209
- Document allow_list, block_list and ignore_list middleware #92
- Added JSON Schema Validation support #59
- Document current UDG support
- Added Getting-Started docs
Fixed:
- Deleting an OperatorContext now results in error/requeue if it is referenced by other resources #347
- Improved the documentation regarding the version of cert-manager #388
Closed issues:
- Tyk gateway ingress doesn't work #365
- Aws nlb #364
- How can I access to tyk dashboard? Missing documentation. #363
v0.8.1 (2021-10-25)
Added:
- Support of different local registry specification to source kube-rbac-proxy #361
v0.8.0 (2021-10-07)
Added:
- Package and publish helm charts #321
Changed:
- Moved to stable ingress
networking.k8s.io/v1#366
Helm Chart Changes:
- Can now set
rbac.resourcesin values.yaml that will set resources for kube-rbac-proxy container #359
Fixed:
- Non existent contextRef should return error from reconciler & requeue #346
- expose NodePort on kind cluster to bind admin API and the gateway in ci #330
Closed issues:
v0.7.2 (2021-08-16)
Fixed:
- Security policies not created using Operator Context #344
Closed issues:
- Issue with Kubernetes Operator / API Definition #264
v0.7.1 (2021-07-29)
Fixed:
- Operator Context permission #340
v0.7.0 (2021-07-13)
Changed:
- Upgrade operator-sdk to v1.3.0 #220
- Switch from vendoring to Go modules #197
- Upgraded crds and webhooks to v1 #124
Added:
- Support the custom_middleware_bundle field #306
- Allow operator to target different gateways #322
- Add documentation on how to upgrade the operator with helm #293
- Support for updating the API Catalog #266
- build and publish latest docker tag upon merge to master #251
Fixed:
- Version apiextensions.k8s.io/v1beta1:CustomResourceDefinition is deprecated #273
- defect: provide a request size limit middleware example #282
- Security Policy "configured" even without changes #250
Closed issues:
- track: gateway hello endpoint not always available #205
- chore: Make examples versioned and more accessible #313
v0.6.1 (2021-04-22)
Added:
- Ingress gateway tls port should be customisable #213
Fixed:
- Deleting an api definition should fail if a security policy grants access to it #286
- TLS ingress should not try to open 443 on the Tyk container #284
v0.6.0 (2021-04-09)
Added:
v0.5.0 (2021-02-22)
Added:
- Expose and publish session_lifetime to the ApiDefinition object #254
- Docs, examples, validation for JWT auth #247
- Apidef: introduce method tranform middlewares to the API Definition Object #93
Fixed:
- Makefile is currently tightly coupled to local kind cluster development #203
- JWT default policy key creation issue #257
- Helm chart hardcoded resources #241
v0.4.1 (2021-01-06)
Added:
- Use controllerutil for security policy reconciliation #214
- Ingress without template should create simple keyless api definition #212
- Document and support hostname wildcards #210
- Modify template api definition should trigger update in ingress resource #208
- Ingress controller listens to custom ingress classes #217
Fixed:
- Deleting API leaves artifacts inside the organization document #71
- API ids should be deterministic #231
- Creating 2 ingress resources results in an api definition being deleted #229
- Delete template api definition should block if ingress resources depend upon it #226
v0.4.0 (2020-12-18)
Added:
- Update tests and ensure everything runs in ci #185
- Migrate defaulting logic from ApiDefinition reconciler to mutating webhook #179
- API: enable detailed recording #177
- Feature: Defaulting webhooks for security policies #134
- Synchronise certs stored in K8s secrets into the Tyk API Manager #105
- Support ingress resources #89
- Test environment #116
Fixed:
- API resource is created even when there is error with universal client #186
- Security policies are not idempotent #182
Closed:
- Track: issues with Policies created through Operator in Tyk Dashboard #114
v0.3.0 (2020-11-27)
Added:
- Update documentation for development environment #176
- Docs: How to configure JetBrains & VS code intellisense & validation plugins #171
- make helm should be interoperable with Mac & Linux #170
- ci: update CI to build the operator & install it via helm #165
Closed issues:
- Permissions issue with events #166
v0.2.0 (2020-11-17)
Added:
- APIDef: enable CORS configuration on an API Definition object #158
- Feature: Continuous delivery github actions #152
- Docs: Active flag in ApiDefinition resource is Pro feature #151
- ci: Deploy Tyk Pro for CI integration testing #68
Closed issues:
- Research: How to package & deploy the Tyk Operator #91
v0.1.0 (2020-11-05)
Added:
- Feature: Support gRPC plugins #149
- APIDef: Introduce udg support #98
- APIDef: Introduce GraphQL proxy support #95
Fixed:
- Unable to deploy operator inside cluster when webhooks enabled #90
Closed issues:
- Store Mongo IDs for Tyk Pro objects in CR status field #81
- Referencing objects that already exist #79
- Store dependencies in ConfigMap #78
- fr: Webhooks #62
* This Changelog was automatically generated by github_changelog_generator