diff --git a/README.md b/README.md index 0d15273..ea33c75 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ Check the official documentation at **[docs.airlock.com](https://docs.airlock.co * [Getting Started](https://docs.airlock.com/microgateway/latest/#data/1660804708742.html) * [System Architecture](https://docs.airlock.com/microgateway/latest/#data/1660804709650.html) -* [Installation](https://docs.airlock.com/microgateway/latest/#data/1660804708637.html) +* [Installation](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000138) * [Troubleshooting](https://docs.airlock.com/microgateway/latest/#data/1659430054787.html) * [GitHub](https://github.com/airlock/microgateway) @@ -72,17 +72,17 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.1' -n cert-mana > **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni). ```bash # Standard setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # GKE setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.1/deploy/charts/airlock-microgateway-cni/gke-values.yaml + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.2/deploy/charts/airlock-microgateway-cni/gke-values.yaml kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # OpenShift setup - helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.1/deploy/charts/airlock-microgateway-cni/openshift-values.yaml + helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.2/deploy/charts/airlock-microgateway-cni/openshift-values.yaml kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` > **Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details). @@ -90,18 +90,18 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.1' -n cert-mana 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash # Standard and GKE setup - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' helm test airlock-microgateway-cni -n kube-system --logs - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' ``` ```bash # OpenShift setup - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' helm test airlock-microgateway-cni -n openshift-operators --logs - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' ``` - Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error. + Consult our [documentation](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000139) in case of any installation error. ## Deploy Airlock Microgateway Operator @@ -116,14 +116,14 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.1' -n cert-mana kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt # Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades) - helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.4.1' --wait + helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.4.2' --wait ``` 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.2' helm test airlock-microgateway -n airlock-microgateway-system --logs - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.2' ``` ### Upgrading CRDs @@ -131,7 +131,7 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.1' -n cert-mana The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster. CRDs should instead be manually upgraded before upgrading the Operator itself via the following command: ```bash -kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.4.1 --server-side --force-conflicts +kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.4.2 --server-side --force-conflicts ``` **Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts. diff --git a/deploy/charts/airlock-microgateway-cni/Chart.yaml b/deploy/charts/airlock-microgateway-cni/Chart.yaml index 5c1e519..25e75d2 100644 --- a/deploy/charts/airlock-microgateway-cni/Chart.yaml +++ b/deploy/charts/airlock-microgateway-cni/Chart.yaml @@ -3,8 +3,8 @@ name: microgateway-cni description: A Helm chart for deploying the Airlock Microgateway CNI plugin type: application home: https://www.airlock.com/en/microgateway -version: "4.4.1" -appVersion: "4.4.1" +version: "4.4.2" +appVersion: "4.4.2" annotations: charts.openshift.io/name: Airlock Microgateway CNI artifacthub.io/category: security diff --git a/deploy/charts/airlock-microgateway-cni/README.md b/deploy/charts/airlock-microgateway-cni/README.md index 77c0a31..ef42515 100644 --- a/deploy/charts/airlock-microgateway-cni/README.md +++ b/deploy/charts/airlock-microgateway-cni/README.md @@ -1,6 +1,6 @@ # Airlock Microgateway CNI -![Version: 4.4.1](https://img.shields.io/badge/Version-4.4.1-informational?style=flat-square) ![AppVersion: 4.4.1](https://img.shields.io/badge/AppVersion-4.4.1-informational?style=flat-square) +![Version: 4.4.2](https://img.shields.io/badge/Version-4.4.2-informational?style=flat-square) ![AppVersion: 4.4.2](https://img.shields.io/badge/AppVersion-4.4.2-informational?style=flat-square) *Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.* @@ -13,7 +13,7 @@ Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway is the perfect fit for these requirements. It is a lightweight alternative to the Airlock Gateway appliance, optimized for Kubernetes environments. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability. -__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.4.1).__ +__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.4.2).__ ### Features * Kubernetes native integration with sidecar injection and Gateway API support @@ -31,7 +31,7 @@ Check the official documentation at **[docs.airlock.com](https://docs.airlock.co * [Getting Started](https://docs.airlock.com/microgateway/latest/#data/1660804708742.html) * [System Architecture](https://docs.airlock.com/microgateway/latest/#data/1660804709650.html) -* [Installation](https://docs.airlock.com/microgateway/latest/#data/1660804708637.html) +* [Installation](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000138) * [Troubleshooting](https://docs.airlock.com/microgateway/latest/#data/1659430054787.html) * [GitHub](https://github.com/airlock/microgateway) @@ -47,17 +47,17 @@ The instructions below provide a quick start guide. Detailed information are pro > **Note**: Certain environments such as OpenShift or GKE require non-default configurations when installing the CNI plugin. For the most common setups, values files are provided in the [chart folder](/deploy/charts/airlock-microgateway-cni). ```bash # Standard setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # GKE setup - helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.1/deploy/charts/airlock-microgateway-cni/gke-values.yaml + helm install airlock-microgateway-cni -n kube-system oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.2/deploy/charts/airlock-microgateway-cni/gke-values.yaml kubectl -n kube-system rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` ```bash # OpenShift setup - helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.1/deploy/charts/airlock-microgateway-cni/openshift-values.yaml + helm install airlock-microgateway-cni -n openshift-operators oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' -f https://raw.githubusercontent.com/airlock/microgateway/4.4.2/deploy/charts/airlock-microgateway-cni/openshift-values.yaml kubectl -n openshift-operators rollout status daemonset -l app.kubernetes.io/instance=airlock-microgateway-cni ``` > **Important:** On OpenShift, all pods which should be protected by Airlock Microgateway must explicitly reference the Airlock Microgateway CNI NetworkAttachmentDefinition via the annotation `k8s.v1.cni.cncf.io/networks` (see [documentation](https://docs.airlock.com/microgateway/latest/#data/1658483168033.html) for details). @@ -65,18 +65,18 @@ The instructions below provide a quick start guide. Detailed information are pro 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash # Standard and GKE setup - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' helm test airlock-microgateway-cni -n kube-system --logs - helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n kube-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' ``` ```bash # OpenShift setup - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' helm test airlock-microgateway-cni -n openshift-operators --logs - helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.1' + helm upgrade airlock-microgateway-cni -n openshift-operators --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway-cni --version '4.4.2' ``` - Consult our [documentation](https://docs.airlock.com/microgateway/latest/#data/1699611533587.html) in case of any installation error. + Consult our [documentation](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000139) in case of any installation error. ## Support @@ -97,11 +97,12 @@ For the community edition, check our **[Airlock community forum](https://forum.a | config.excludeNamespaces | list | `["kube-system"]` | Namespaces for which this CNI plugin should not apply any modifications. | | config.installMode | string | `"chained"` | Whether to install the CNI plugin as a `chained` plugin (default, required with most interface CNI providers), as a `standalone` plugin (required for use with Multus CNI, e.g. on OpenShift) or in `manual` mode, where no CNI network configuration is written. | | config.logLevel | string | `"info"` | Log level for the CNI installer and plugin. | +| config.repairMode | string | `"none"` | Specifies the repair mode There is a race condition regarding the installation of the CNI Plugin and creation of Pods when starting a Node. This would cause Pods to be unprotected, because the CNI did not reconfigure the Pod's network. The Airlock Microgateway Network Validator prevents this and causes the Pod to fail on purpose. Pods can be repaired by choosing the appropriate repair mode. Available options are: `deletePods` will delete failing Pods, such that the CNI Plugin can correctly configure them `none` will not perform any action for failing Pods | | fullnameOverride | string | `""` | Allows overriding the name to use as full name of resources. | -| image.digest | string | `"sha256:fa2f5d8587024f0d0b29505204c964002cfd7facf79748ccc98b8caf1a70f0d8"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. | +| image.digest | string | `"sha256:160407ca4790555afc8ea706f51bc0729c1a79862c295ad9df68999692b932a5"` | SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). Overrides tag when specified. | | image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | image.repository | string | `"quay.io/airlock/microgateway-cni"` | Image repository from which to pull the Airlock Microgateway CNI image. | -| image.tag | string | `"4.4.1"` | Image tag to pull. | +| image.tag | string | `"4.4.2"` | Image tag to pull. | | imagePullSecrets | list | `[]` | ImagePullSecrets to use when pulling images. | | multusNetworkAttachmentDefinition.create | bool | `false` | Whether a NetworkAttachmentDefinition CR should be created, which can be used for applying the CNI plugin to Pods. | | multusNetworkAttachmentDefinition.namespace | string | `"default"` | Namespace in which the NetworkAttachmentDefinition is deployed. Note: If namespace is set to a custom value, referencing the created NetworkAttachmentDefinition from other namespaces may not work if Multus namespace isolation is enabled. https://github.com/k8snetworkplumbingwg/multus-cni/blob/v4.0.2/docs/configuration.md#namespace-isolation | diff --git a/deploy/charts/airlock-microgateway-cni/templates/clusterrole.yaml b/deploy/charts/airlock-microgateway-cni/templates/clusterrole.yaml index ef88ac7..7412ab5 100644 --- a/deploy/charts/airlock-microgateway-cni/templates/clusterrole.yaml +++ b/deploy/charts/airlock-microgateway-cni/templates/clusterrole.yaml @@ -19,4 +19,7 @@ rules: - list - watch - patch + {{- if eq .Values.config.repairMode "deletePods" }} + - delete + {{- end }} {{- end -}} diff --git a/deploy/charts/airlock-microgateway-cni/templates/daemonset.yaml b/deploy/charts/airlock-microgateway-cni/templates/daemonset.yaml index 4ba9f26..fcb5846 100644 --- a/deploy/charts/airlock-microgateway-cni/templates/daemonset.yaml +++ b/deploy/charts/airlock-microgateway-cni/templates/daemonset.yaml @@ -49,6 +49,8 @@ spec: value: "{{ include "airlock-microgateway-cni.fullname" . }}-kubeconfig" - name: INSTALL_MODE value: {{ .Values.config.installMode }} + - name: REPAIR_MODE + value: {{ .Values.config.repairMode }} - name: KUBERNETES_NODE_NAME valueFrom: fieldRef: diff --git a/deploy/charts/airlock-microgateway-cni/tests/daemonset_test.yaml b/deploy/charts/airlock-microgateway-cni/tests/daemonset_test.yaml index 57f89bd..db0ab79 100644 --- a/deploy/charts/airlock-microgateway-cni/tests/daemonset_test.yaml +++ b/deploy/charts/airlock-microgateway-cni/tests/daemonset_test.yaml @@ -317,6 +317,8 @@ tests: value: RELEASE-NAME-microgateway-cni-kubeconfig - name: INSTALL_MODE value: chained + - name: REPAIR_MODE + value: none - name: KUBERNETES_NODE_NAME valueFrom: fieldRef: @@ -327,6 +329,7 @@ tests: name: cni-release set: config.installMode: manual + config.repairMode: deletePods templates: - daemonset.yaml asserts: @@ -346,6 +349,8 @@ tests: value: cni-release-microgateway-cni-kubeconfig - name: INSTALL_MODE value: manual + - name: REPAIR_MODE + value: deletePods - name: KUBERNETES_NODE_NAME valueFrom: fieldRef: diff --git a/deploy/charts/airlock-microgateway-cni/values.schema.json b/deploy/charts/airlock-microgateway-cni/values.schema.json index e087bd7..c2cf207 100644 --- a/deploy/charts/airlock-microgateway-cni/values.schema.json +++ b/deploy/charts/airlock-microgateway-cni/values.schema.json @@ -114,6 +114,13 @@ "manual" ] }, + "repairMode": { + "type": "string", + "enum": [ + "deletePods", + "none" + ] + }, "logLevel": { "type": "string", "enum": [ @@ -143,6 +150,7 @@ "cniNetDir", "excludeNamespaces", "installMode", + "repairMode", "logLevel" ], "additionalProperties": false diff --git a/deploy/charts/airlock-microgateway-cni/values.yaml b/deploy/charts/airlock-microgateway-cni/values.yaml index d111680..90fd2cd 100644 --- a/deploy/charts/airlock-microgateway-cni/values.yaml +++ b/deploy/charts/airlock-microgateway-cni/values.yaml @@ -15,10 +15,10 @@ image: # -- Image repository from which to pull the Airlock Microgateway CNI image. repository: "quay.io/airlock/microgateway-cni" # -- Image tag to pull. - tag: "4.4.1" + tag: "4.4.2" # -- SHA256 image digest to pull (in the format "sha256:7144f7bab3d4c2648d7e59409f15ec52a18006a128c733fcff20d3a4a54ba44a"). # Overrides tag when specified. - digest: "sha256:fa2f5d8587024f0d0b29505204c964002cfd7facf79748ccc98b8caf1a70f0d8" + digest: "sha256:160407ca4790555afc8ea706f51bc0729c1a79862c295ad9df68999692b932a5" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Annotations to add to all Pods. @@ -66,6 +66,15 @@ config: # as a `standalone` plugin (required for use with Multus CNI, e.g. on OpenShift) # or in `manual` mode, where no CNI network configuration is written. installMode: "chained" + # -- Specifies the repair mode + # There is a race condition regarding the installation of the CNI Plugin and creation of Pods when starting a Node. + # This would cause Pods to be unprotected, because the CNI did not reconfigure the Pod's network. + # The Airlock Microgateway Network Validator prevents this and causes the Pod to fail on purpose. + # Pods can be repaired by choosing the appropriate repair mode. + # Available options are: + # `deletePods` will delete failing Pods, such that the CNI Plugin can correctly configure them + # `none` will not perform any action for failing Pods + repairMode: "none" # -- Log level for the CNI installer and plugin. logLevel: info # -- Directory where the CNI config files reside on the host. diff --git a/deploy/charts/airlock-microgateway/Chart.yaml b/deploy/charts/airlock-microgateway/Chart.yaml index cbc4880..a8229bd 100644 --- a/deploy/charts/airlock-microgateway/Chart.yaml +++ b/deploy/charts/airlock-microgateway/Chart.yaml @@ -3,8 +3,8 @@ name: microgateway description: A Helm chart for deploying the Airlock Microgateway type: application home: https://www.airlock.com/en/microgateway -version: "4.4.1" -appVersion: "4.4.1" +version: "4.4.2" +appVersion: "4.4.2" annotations: charts.openshift.io/name: Airlock Microgateway artifacthub.io/category: security diff --git a/deploy/charts/airlock-microgateway/README.md b/deploy/charts/airlock-microgateway/README.md index 1c976c6..01064a7 100644 --- a/deploy/charts/airlock-microgateway/README.md +++ b/deploy/charts/airlock-microgateway/README.md @@ -1,6 +1,6 @@ # Airlock Microgateway -![Version: 4.4.1](https://img.shields.io/badge/Version-4.4.1-informational?style=flat-square) ![AppVersion: 4.4.1](https://img.shields.io/badge/AppVersion-4.4.1-informational?style=flat-square) +![Version: 4.4.2](https://img.shields.io/badge/Version-4.4.2-informational?style=flat-square) ![AppVersion: 4.4.2](https://img.shields.io/badge/AppVersion-4.4.2-informational?style=flat-square) *Airlock Microgateway is a Kubernetes native WAAP (Web Application and API Protection) solution to protect microservices.* @@ -13,7 +13,7 @@ Modern application security is embedded in the development workflow and follows DevSecOps paradigms. Airlock Microgateway is the perfect fit for these requirements. It is a lightweight alternative to the Airlock Gateway appliance, optimized for Kubernetes environments. Airlock Microgateway protects your applications and microservices with the tried-and-tested Airlock security features against attacks, while also providing a high degree of scalability. -__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.4.1).__ +__This Helm chart is part of Airlock Microgateway. See our [GitHub repo](https://github.com/airlock/microgateway/tree/4.4.2).__ ### Features * Kubernetes native integration with sidecar injection and Gateway API support @@ -31,7 +31,7 @@ Check the official documentation at **[docs.airlock.com](https://docs.airlock.co * [Getting Started](https://docs.airlock.com/microgateway/latest/#data/1660804708742.html) * [System Architecture](https://docs.airlock.com/microgateway/latest/#data/1660804709650.html) -* [Installation](https://docs.airlock.com/microgateway/latest/#data/1660804708637.html) +* [Installation](https://docs.airlock.com/microgateway/latest/?topic=MGW-00000138) * [Troubleshooting](https://docs.airlock.com/microgateway/latest/#data/1659430054787.html) * [GitHub](https://github.com/airlock/microgateway) @@ -73,14 +73,14 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.1' -n cert-mana kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt # Install Operator (CRDs are included via the standard Helm 3 mechanism, i.e. Helm will handle initial installation but not upgrades) - helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.4.1' --wait + helm install airlock-microgateway -n airlock-microgateway-system oci://quay.io/airlockcharts/microgateway --version '4.4.2' --wait ``` 2. (Recommended) You can verify the correctness of the installation with `helm test`. ```bash - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=true --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.2' helm test airlock-microgateway -n airlock-microgateway-system --logs - helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.1' + helm upgrade airlock-microgateway -n airlock-microgateway-system --set tests.enabled=false --reuse-values oci://quay.io/airlockcharts/microgateway --version '4.4.2' ``` ### Upgrading CRDs @@ -88,7 +88,7 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.1' -n cert-mana The `helm install/upgrade` command currently does not support upgrading CRDs that already exist in the cluster. CRDs should instead be manually upgraded before upgrading the Operator itself via the following command: ```bash -kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.4.1 --server-side --force-conflicts +kubectl apply -k https://github.com/airlock/microgateway/deploy/charts/airlock-microgateway/crds/?ref=4.4.2 --server-side --force-conflicts ``` **Note**: Certain GitOps solutions such as e.g. Argo CD or Flux CD have their own mechanisms for automatically upgrading CRDs included with Helm charts. @@ -119,10 +119,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | dashboards.instances.logOnlyLogs.create | bool | `true` | Whether to create the log only logs dashboard. | | dashboards.instances.logOnlyMetrics.create | bool | `true` | Whether to create the log only metrics dashboard | | dashboards.instances.overview.create | bool | `true` | Whether to create the overview dashboard. | -| engine.image.digest | string | `"sha256:06573ef5e6769dbd6eb8606e34c56f1ad2084b6adcae9925b1d2d153a45cbc47"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | +| engine.image.digest | string | `"sha256:d37457ebd3a48e34e0f09f2ea207a963582222809ac836002351dc7d1e3788f0"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | | engine.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | engine.image.repository | string | `"quay.io/airlock/microgateway-engine"` | Image repository from which to pull the Airlock Microgateway Engine image. | -| engine.image.tag | string | `"4.4.1"` | Image tag to pull. | +| engine.image.tag | string | `"4.4.2"` | Image tag to pull. | | engine.resources | object | `{}` | Resource restrictions to apply to the Airlock Microgateway Engine container. | | engine.sidecar.podMonitor.create | bool | `false` | Whether to create a PodMonitor resource for monitoring. | | engine.sidecar.podMonitor.labels | object | `{}` | Labels to add to the PodMonitor. | @@ -139,10 +139,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | operator.config.logLevel | string | `"info"` | Operator application log level. | | operator.gatewayAPI.controllerName | string | `"microgateway.airlock.com/gatewayclass-controller"` | Controller name referred in the GatewayClasses managed by this operator. The value must be a path prefixed by the domain `microgateway.airlock.com`. | | operator.gatewayAPI.enabled | bool | `false` | Whether to enable the Kubernetes Gateway API related controllers. Requires that the gateway.networking.k8s.io/v1 resources are installed on the cluster. | -| operator.image.digest | string | `"sha256:1133c3e59418eec1721683e68dd19faca577609ace6eebd010a56e52b1f75789"` | SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). Overrides tag when specified. | +| operator.image.digest | string | `"sha256:f5b3b8e728fcc1ab15e8b8401ac120f810b8228488b380cc23497d3e82414d71"` | SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). Overrides tag when specified. | | operator.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | operator.image.repository | string | `"quay.io/airlock/microgateway-operator"` | Image repository from which to pull the Airlock Microgateway Operator image. | -| operator.image.tag | string | `"4.4.1"` | Image tag to pull. | +| operator.image.tag | string | `"4.4.2"` | Image tag to pull. | | operator.nodeSelector | object | `{}` | Custom nodeSelector to apply to the operator Deployment in order to constrain its Pods to certain nodes. | | operator.podAnnotations | object | `{}` | Annotations to add to all Pods. | | operator.podLabels | object | `{}` | Labels to add to all Pods. | @@ -160,10 +160,10 @@ For the community edition, check our **[Airlock community forum](https://forum.a | operator.updateStrategy | object | `{"type":"RollingUpdate"}` | Specifies the operator update strategy. | | operator.watchNamespaceSelector | object | `{}` | Allows to dynamically select watch namespaces of the operator and the scope of the webhooks based on a Namespace label selector. It is able to detect and reconcile resources in all namespaces that match the label selector automatically, even for new namespaces, without restarting the operator. This facilitates a dynamic `MultiNamespace` installation mode, but still requires cluster-scoped permissions (i.e., ClusterRoles and ClusterRoleBindings). An `AllNamespaces` installation or the usage of the `watchNamespaces` requires the `watchNamespaceSelector` to be empty. Please note that this feature requires a Premium license. | | operator.watchNamespaces | list | `[]` | Allows to restrict the operator to specific namespaces, depending on your needs. For a `OwnNamespace` or `SingleNamespace` installation the list may only contain one namespace (e.g., `watchNamespaces: ["airlock-microgateway-system"]`). In case of the `OwnNamespace` installation mode the specified namespace should be equal to the installation namespace. For a static `MultiNamespace` installation, the complete list of namespaces must be provided in the `watchNamespaces`. An `AllNamespaces` installation or the usage of the `watchNamespaceSelector` requires the `watchNamespaces` to be empty. Regardless of the installation modes supported by `watchNamespaces`, RBAC is created only namespace-scoped (using Roles and RoleBindings) in the respective namespaces. Please note that this feature requires a Premium license. | -| sessionAgent.image.digest | string | `"sha256:733a25f61ea7cf43c0a46da7d3ecb9a263bda49bf60e1fd8e4162be33aa24b7b"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | +| sessionAgent.image.digest | string | `"sha256:5d355747e98fc2c81996cfc6e13b1800181357f5a78e2ac01ab31509127a1f4c"` | SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). Overrides tag when specified. | | sessionAgent.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for this image. | | sessionAgent.image.repository | string | `"quay.io/airlock/microgateway-session-agent"` | Image repository from which to pull the Airlock Microgateway Session Agent image. | -| sessionAgent.image.tag | string | `"4.4.1"` | Image tag to pull. | +| sessionAgent.image.tag | string | `"4.4.2"` | Image tag to pull. | | sessionAgent.resources | object | `{}` | Resource restrictions to apply to the Airlock Microgateway Session Agent container. | | tests.enabled | bool | `false` | Whether additional resources required for running `helm test` should be created (e.g. Roles and ServiceAccounts). If set to false, `helm test` will not run any tests. | diff --git a/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml index c10c65c..d80a6ff 100644 --- a/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/accesscontrols.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: accesscontrols.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml index cbe6fb3..b13c3f0 100644 --- a/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/contentsecurities.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: contentsecurities.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/contentsecuritypolicies.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/contentsecuritypolicies.microgateway.airlock.com.yaml index 3fd1d75..7e7e50c 100644 --- a/deploy/charts/airlock-microgateway/crds/contentsecuritypolicies.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/contentsecuritypolicies.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 gateway.networking.k8s.io/policy: direct name: contentsecuritypolicies.microgateway.airlock.com spec: diff --git a/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml index 234190a..19fee19 100644 --- a/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/denyrules.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: denyrules.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml index 4127d53..a3901b3 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyclusters.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: envoyclusters.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml index a71ef4c..36a9607 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyconfigurations.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: envoyconfigurations.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml index 358e197..87779d4 100644 --- a/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/envoyhttpfilters.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: envoyhttpfilters.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml index 39046d2..5e772ae 100644 --- a/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/graphqls.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: graphqls.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml index d99797f..dc03897 100644 --- a/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/headerrewrites.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: headerrewrites.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml index a51e475..e89b0ae 100644 --- a/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/identitypropagations.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: identitypropagations.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/jwks.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/jwks.microgateway.airlock.com.yaml index a780e6a..2dff1bd 100644 --- a/deploy/charts/airlock-microgateway/crds/jwks.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/jwks.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: jwks.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml index 89ba997..86ee39a 100644 --- a/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/limits.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: limits.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml index 9777a20..03b0c61 100644 --- a/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/oidcproviders.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: oidcproviders.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml index 4005300..f6a1931 100644 --- a/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/oidcrelyingparties.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: oidcrelyingparties.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml index 2531bc3..da5f869 100644 --- a/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/openapis.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: openapis.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml index 5ed8220..151e6c6 100644 --- a/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/parsers.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: parsers.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml index 65c785f..e3587e2 100644 --- a/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/redisproviders.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: redisproviders.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml index 81ed6ac..3c9be2f 100644 --- a/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/sessionhandlings.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: sessionhandlings.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml index 7229bac..f4237c2 100644 --- a/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/sidecargateways.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: sidecargateways.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml b/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml index 96ef223..6d35fcb 100644 --- a/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml +++ b/deploy/charts/airlock-microgateway/crds/telemetries.microgateway.airlock.com.yaml @@ -5,7 +5,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.4 labels: app.kubernetes.io/name: airlock-microgateway-operator - app.kubernetes.io/version: 4.4.1 + app.kubernetes.io/version: 4.4.2 name: telemetries.microgateway.airlock.com spec: group: microgateway.airlock.com diff --git a/deploy/charts/airlock-microgateway/templates/operator/configmap.yaml b/deploy/charts/airlock-microgateway/templates/operator/configmap.yaml index 276a632..a9c07b5 100644 --- a/deploy/charts/airlock-microgateway/templates/operator/configmap.yaml +++ b/deploy/charts/airlock-microgateway/templates/operator/configmap.yaml @@ -125,6 +125,7 @@ data: - name: xds_cluster connect_timeout: 1s type: STRICT_DNS + respect_dns_ttl: true load_assignment: cluster_name: xds_cluster endpoints: diff --git a/deploy/charts/airlock-microgateway/values.yaml b/deploy/charts/airlock-microgateway/values.yaml index f0f598e..e26a8b6 100644 --- a/deploy/charts/airlock-microgateway/values.yaml +++ b/deploy/charts/airlock-microgateway/values.yaml @@ -26,10 +26,10 @@ operator: # -- Image repository from which to pull the Airlock Microgateway Operator image. repository: "quay.io/airlock/microgateway-operator" # -- Image tag to pull. - tag: "4.4.1" + tag: "4.4.2" # -- SHA256 image digest to pull (in the format "sha256:c79ee3f85862fb386e9dd62b901b607161d27807f512d7fbdece05e9ee3d7c63"). # Overrides tag when specified. - digest: "sha256:1133c3e59418eec1721683e68dd19faca577609ace6eebd010a56e52b1f75789" + digest: "sha256:f5b3b8e728fcc1ab15e8b8401ac120f810b8228488b380cc23497d3e82414d71" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Annotations to add to all Pods. @@ -116,10 +116,10 @@ engine: # -- Image repository from which to pull the Airlock Microgateway Engine image. repository: "quay.io/airlock/microgateway-engine" # -- Image tag to pull. - tag: "4.4.1" + tag: "4.4.2" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. - digest: "sha256:06573ef5e6769dbd6eb8606e34c56f1ad2084b6adcae9925b1d2d153a45cbc47" + digest: "sha256:d37457ebd3a48e34e0f09f2ea207a963582222809ac836002351dc7d1e3788f0" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Engine container. @@ -167,10 +167,10 @@ sessionAgent: # -- Image repository from which to pull the Airlock Microgateway Session Agent image. repository: "quay.io/airlock/microgateway-session-agent" # -- Image tag to pull. - tag: "4.4.1" + tag: "4.4.2" # -- SHA256 image digest to pull (in the format "sha256:a3051f42d3013813b05f7513bb86ed6a3209cb3003f1bb2f7b72df249aa544d3"). # Overrides tag when specified. - digest: "sha256:733a25f61ea7cf43c0a46da7d3ecb9a263bda49bf60e1fd8e4162be33aa24b7b" + digest: "sha256:5d355747e98fc2c81996cfc6e13b1800181357f5a78e2ac01ab31509127a1f4c" # -- Pull policy for this image. pullPolicy: IfNotPresent # -- Resource restrictions to apply to the Airlock Microgateway Session Agent container. diff --git a/examples/gateway-api/conformance/conformance.md b/examples/gateway-api/conformance/conformance.md index 55d82e2..661cf35 100644 --- a/examples/gateway-api/conformance/conformance.md +++ b/examples/gateway-api/conformance/conformance.md @@ -33,7 +33,7 @@ helm install cert-manager jetstack/cert-manager --version 'v1.16.1' -n cert-mana kubectl -n airlock-microgateway-system create secret generic airlock-microgateway-license --from-file=microgateway-license.txt # Install the operator and activate the Gateway API support. - helm install -n airlock-microgateway-system airlock-microgateway oci://quay.io/airlockcharts/microgateway --wait --version '4.4.1' --set=operator.gatewayAPI.enabled=true + helm install -n airlock-microgateway-system airlock-microgateway oci://quay.io/airlockcharts/microgateway --wait --version '4.4.2' --set=operator.gatewayAPI.enabled=true ``` 2. Verify that the operator started successfully: diff --git a/examples/gateway-api/conformance/manifests/conformance-report.yaml b/examples/gateway-api/conformance/manifests/conformance-report.yaml index 629733e..6851289 100644 --- a/examples/gateway-api/conformance/manifests/conformance-report.yaml +++ b/examples/gateway-api/conformance/manifests/conformance-report.yaml @@ -36,7 +36,7 @@ spec: go test ./conformance -run TestConformance -args \ --supported-features=Gateway,GatewayPort8080,HTTPRoute,HTTPRouteBackendProtocolH2C,HTTPRouteBackendProtocolWebSocket,HTTPRouteDestinationPortMatching,HTTPRouteMethodMatching,HTTPRouteParentRefPort,HTTPRouteQueryParamMatching,ReferenceGrant \ - --organization=airlock --project=microgateway --url="https://github.com/airlock/microgateway" --version=v4.4.1 --contact="https://www.airlock.com/en/contact" \ + --organization=airlock --project=microgateway --url="https://github.com/airlock/microgateway" --version=v4.4.2 --contact="https://www.airlock.com/en/contact" \ --conformance-profiles=GATEWAY-HTTP \ --report-output=/workspace/conformance-profile.yaml