What's new?

Highlights

Support security policies for OSS users. You can use the SecurityPolicy CRD to protect your APIs now. Note this feature requires Tyk Gateway v4.1 or later.
Support policy settings for GraphQL. It includes query depth limiting in both global and API level, field based permissions (allowed_types or restricted_types), and enable/disable of introspection. Note allowed_types and disable_introspection requires Tyk v4.3 or later.
Support Basic Auth authentication
Ignore 404 when deleting an API. Tyk operator finalizer prevent APIs from being deleted in the cluster if the API cannot be found on Tyk. The fix assumes API is deleted from Tyk if 404 is returned from Dashboard. Note the fix does not apply to older version of Gateway because a different error code is returned. A separate fix will be raised for that in next release.

Added integration tests using Venom framework by @komalsukhani @singhpr (#520)
Added new mock endpoint sample by @rewsmith (#533)
Added Security Policies for Tyk OSS by @buraksekili (#536)
Added Basic Authentication support by @andrei-tyk @bogumillaska @buraksekili (#545)
Added Security policy settings for GraphQL by @buraksekili @singhpr (#550)
Add nodeSelector support by @zalbiraw (#552)
Move all operations regarding API configuration to a function by @buraksekili (#557)
Add an ad-hoc Tyk API call to verify non-existent Policies in delete method by @buraksekili (#558)
Add version compatibility notes by @caroltyk (#560)

Ignore 404 when deleting an API, fixes #469 by @patriziobruno (#541)
Fix Security Policy Migration by @buraksekili (#540)
Fix Attempting to remove an ApiDefinition fails if previously associated to a SecurityPolicy by @komalsukhani (#547)
Fix Security Policy Tests by @komalsukhani @buraksekili (#553)

Tyk Gateway and Dashboard v3.2, v4.3
Kubernetes version v1.19.16, v1.20.15, v1.21.14, v1.22.15, v1.23.12, v1.24.6, v1.25.2