All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.14.2...ngrok-operator-0.14.3
- Endpoint pooling SDK support and auto pooling for
AgentEndpointresources by @jonstacks in #581 - Endpoint pooling support for
CloudEndpointresources (default=false), also supported onIngress/Serviceresources that create endpoints using the"k8s.ngrok.com/mapping-strategy": "endpoints"annotation when"k8s.ngrok.com/pooling-enabled": "true"annotation is supplied by @Alice-Lilith in #582
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.14.1...ngrok-operator-0.14.2
- Add conversion support from ingress to endpoints by @Alice-Lilith in #562
- feat: Add trafficpolicy package and conversion util by @jonstacks in #564
- feat: Copy domain status to cloud endpoint status by @jonstacks in #566
- feat: Opt-in to endpoints for Load balancer Services by @jonstacks in #568
- feat(ci): Use codecov for coverage reports by @jonstacks in #571
- chore(deps): Update ngrok-api-go by @jonstacks in #560
- Change
allowed_urlstoendpoint_selectorsby @masonj5n in #573 - chore(ci): Make codecov patch status informational for now as well by @jonstacks in #577
- update use endpoints annotation by @Alice-Lilith in #579
- fix(service-controller): Service controller uses configured cluster domain by @jonstacks in #552
- fix(ngrok-api-go): Update to client that doesn't panic for get_bound_endpoints by @jonstacks in #561
- fix: managerdriver tests not being run by @jonstacks in #569
- fix(ci): Disable bindings for e2e tests by @jonstacks in #570
- add newly created agent endpoints to the map by @Alice-Lilith in #574
- fix(httpsedges): HTTPS Edges should retry on hostport already in use by @jonstacks in #576
- Remove binding name by @masonj5n in #567
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.14.0...ngrok-operator-0.14.1
- Fix http endpoint scheme by @jonstacks in #549
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.7...ngrok-operator-0.14.0
- Update ngrok-operator version to
0.14.0 - Update Helm chart version to
0.17.0-rc.1
- add agentendpoint crd by @Alice-Lilith in #525
- agent endpoints work continued by @Alice-Lilith in #538
- make protocol optional for agentendpoint upstreams by @Alice-Lilith in #547
- remove boilerplate type field from trafficPolicy field by @Alice-Lilith in #548
- Error with invalid API key by @hjkatz in #524
- fix: Re-create tunnel if forwardsTo or appProto changes by @jonstacks in #527
- adjust bindings-forwarder deployment template by @masonj5n in #529
- skip no-op status and annotation updates for boundendpoint reconciliation by @masonj5n in #537
- fix endpoint url validation helper and add tests by @Alice-Lilith in #544
- fix(agent-endpoints): Delete agent endpoint instead of tunnel by @jonstacks in #543
- Add artifacthub badge by @hjkatz in #513
- feat: add chainsaw based e2e tests by @eddycharly in #506
- e2e updates / fixes 1 by @hjkatz in #526
- Trigger ci e2e with Makefile change by @hjkatz in #528
- Use correct namespace for debugging by @hjkatz in #530
- Ensure build-and-test runs on push events by @hjkatz in #531
- E2E 5, E5E by @hjkatz in #532
- Fix typo for changes to tests ; Add scripts/e2e.sh too by @hjkatz in #534
- Checkout fork PR HEAD for e2e tests by @hjkatz in #535
- Enable deny gate for 'safe to test' label by @hjkatz in #539
- Add found labels debug message by @hjkatz in #540
- feat: Use a merge group for e2e tests by @jonstacks in #542
- Add some e2e tests as a feature branch by @hjkatz in #533
- feat(ci): Update release script by @jonstacks in #545
- @eddycharly made their first contribution in #506
- @masonj5n made their first contribution in #529
- @Alice-Lilith made their first contribution in #525
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.6...ngrok-operator-0.13.7
- Update ngrok-operator version to
0.13.7 - Update Helm chart version to
0.16.4
- Use GPG Key name instead of ID
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.5...ngrok-operator-0.13.6
- Update ngrok-operator version to
0.13.6 - Update Helm chart version to
0.16.3
- Updated GPG Key
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.4...ngrok-operator-0.13.5
- Update ngrok-operator version to
0.13.5 - Update Helm chart version to
0.16.2
- Sign ngrok-operator Helm chart with GPG key by @hjkatz in #514
- Update README.md with new rename by @hjkatz in #516
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.3...ngrok-operator-0.13.4
- Update ngrok-operator version to
0.13.4 - Update Helm chart version to
0.16.1
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.1...ngrok-operator-0.13.3
- Add support for 1-click demo mode by @hjkatz in #503
- Enable automatic Helm releases for
ngrok/ngrok-operatorin.github/workflowsby @hjkatz in (this PR)
- Hide
kind: KubernetesOperatorAPI registration behind thebindings.enablefeature flag by @hjkatz in #504
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.1...ngrok-operator-0.13.2
- Support allowedURLs by @hjkatz in #496
- fix: Clear status and re-reconcile if httpsedge is not found by @jonstacks in #501
- Use the previously ingress in the error messages by @alex-bezek in #500
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/ngrok-operator-0.13.0...ngrok-operator-0.13.1
- Use goroutine instead of errGroup by @hjkatz in #497
- Reduce polling interval to 10 seconds by @hjkatz in #491
- fix: domain stuck when ID is not found by @jonstacks in #488
- Ensure the TLS secret is valid otherwise upsert by @hjkatz in #486
- Use unique context for endpoint poller reconcile actions by @hjkatz in #489
- fix: Make sure we update the status by @jonstacks in #493
- Add more logging for binding forwarder mux handshake by @hjkatz in #494
- fix: Better migration path from the ngrok kuberntes-ingress-controller to the ngrok-operator by @jonstacks in #495
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/kubernetes-ingress-controller-0.12.2...ngrok-operator-0.13.0
This version of the controller is not backwards compatible with previous versions and is only compatible with
version 0.16.0 of the ngrok/ngrok-operator helm chart and later. Using this version or later of the controller with the ngrok/kubernetes-ingress-controller helm chart will result in the controller not functioning correctly.
Even though we are in major version 0, and semver v2.0.0 allows that anything may change until a 1.0.0 release, we try not to break backwards compatibility. However, this change is necessary to support new features and improvements in the operator.
The operator installation will now be registered with the ngrok API. This will allow you to view the status of the operator in the ngrok dashboard, see what version of the operator is running, and power new features
in the future. This is powered by a new KubernetesOperator CRD that is created by the operator in its
own namespace when it starts up.
- Register operator by @jonstacks in #457
- Add status to KubernetesOperator by @hjkatz in #467
- fix: Add nil checks to prevent potential panics by @jonstacks in #483
Endpoint bindings is a new feature that allows you to securely access a ngrok endpoint no matter where it is running. Specifically, Kubernetes bound endpoints allow you to project services running outside of your Kubernetes cluster or in other clusters into your cluster as native Kubernetes services.
- Add feature flag support for bindings by @hjkatz in #424
- feat: Initial bindings driver by @stacks in #450
- Modify EndpointBinding CRD to reflect cardinality of bound Endpoints by @hjkatz in #452
- Implement AggregateBindingEndpoints for interacting with the ngrok api by @hjkatz in #453
- Implement BindingEndpoint polling by @hjkatz in #458
- Implement EndpointBinding -> Services creation by @hjkatz in #459
- Implement port allocation by @hjkatz in #460
- Bindings forwarder by @jonstacks in #465
- Add endpoint status to EndpointBinding kubectl output by @hjkatz in #464
- chore: Update ngrok-api-go to pull in new changes by @jonstacks in #468
- Ensure endpoint poller does not start until k8sop is regestered with API by @hjkatz in #470
- Rename EndpointBinding to BoundEndpoint by @hjkatz in #475
- Implement Target Metadata by @hjkatz in #477
- Bindings forwarder implementation by @jonstacks in #476
- Ensure KubernetesOperator.Status.EnabledFeatures is set properly from the API by @hjkatz in #480
- Add equality tests for Target.Metadata by @hjkatz in #482
- feat: BoundEndpointPoller polls from the API by @jonstacks in #481
Cloud Endpoints can now be created and managed by the operator via a new CloudEndpoint CRD.
- Allow configuring ngrok Cloud Endpoints using CRDs by @alex-bezek in #471
- Seed additional types when first starting by @alex-bezek in #431.
Updates TrafficPolicy CRD and inline policy to support new phase-based names as well as the new TrafficPolicy API.
- update traffic policy for phase-based naming by @TheConcierge in #456
The controllers have been split into multiple manager instances to improve performance and scalability. This now allows the ngrok agent manager which handles traffic to run independently of the API managers which reconcile CRDs with the ngrok API. This change also allows for more fine-grained control over the controllers and their resources.
- refactor: Split the agent and API controllers by @jonstacks in #446
- fix: Add
GatewayClasscontroller by @jonstacks in #484
- Update README.md to use ngrok Kubernetes Operator instead of ingress controller. by @stmcallister in #433
- @TheConcierge made their first contribution in #456
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/kubernetes-ingress-controller-0.12.1...kubernetes-ingress-controller-0.12.2
- feat: Ability to specify cluster domain #339. Thank you, @fr6nco !
- feat: Support for wildcard domains #412
- fix(store): Multiple ingress rules per ingress not working #413
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/kubernetes-ingress-controller-0.12.0...kubernetes-ingress-controller-0.12.1
- fix(service-controller): Updates not working #406
- fix: Deleting ngrok LoadBalancer services hanging #404
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/kubernetes-ingress-controller-0.11.0...kubernetes-ingress-controller-0.12.0
- feat: Auto-provision domain for TLS Edges #386
- feat: Support for Load Balancer services #387
- feat: Support TLS termination in modulesets for Load Balancer Services #388
- Switching over README to Operator #351
- chore: Remove custom code for non leader-elected controllers #383
- refactor: annotations parsers to handle client.Object instead of just networking.Ingress by #384
- chore: Turn on golangci-lint #385
- fix: TLSEdge not reconciling changes to hostports #390
- assign tunnel group lable by httproute namespace #393
Full Changelog: https://github.com/ngrok/ngrok-operator/compare/kubernetes-ingress-controller-0.10.4...kubernetes-ingress-controller-0.11.0
- create policy kind #361
- initial policy controller update #364
- root-cas setting #371 Takes an install option for --set rootCAs=host and plumb the isHostCA check into the caCerts for it to just get the host certs.
- feat: Add support for mutualTLS #373
- Add GatewayClass to cachestore #376
- Add extensionRef support for policy crd inclusion #377
- ngrok client api update #367
- switch edge kinds to raw json policy #368
- modules to traffic policy #370
- Update nix flake, go version, and Makefile dep versions #379
- fix: panics in oauth providers #374
- Handle non-existent backend IDs more gracefully #380
- Fixes not all reserved addrs being returned while iterating #381
- Add the
--api-urloption This can be used to set the endpoint for the ngrok API. It can be set through via the helmapiURLvalue. - Set metadata for edges created by the gateway
- Add gateway to client info comment
- Controller will now start without having session established. Any operations
that require tunnels will return error, while it is trying to create a session.
Its ready and health checks now depend on the status of this session -
readywill not returnokuntil connection was established, andhealthcheck will return error if this connection had authentication issues.
- Search for backend service using the
HTTPRoutenamepace
- Support for Gateway api
- Support for Traffic Policies #334
- Support for Application protocol on target services to support HTTP/2. #323
- The
Status.LoadBalancer[].Hostnamefield is now propagated fromDomainCNAME status updates. #342
- IPPolicy controller wasn't applying the attached rules, leaving the IP policy in its current state #315
- TLSEdge CRD, see the TCP and TLS Edges Guide for more details.
- Added support for TLS Renegotiation for backends that use it #314
- Send FQDN in SNI when using backend https #304
- Update ngrok-go to 1.4.0 #298
- Tunnels are now unique in their respective namespace, not across the cluster #281
- The CRs that ingress controller creates are uniquely marked and managed by it. Other CRs created manually are no longer deleted when the ingress controller is not using them #267; fixed for tunnel in #285 and for https edges in #286
- Better error handling and retry, specifically for the case where we try to create an https edge for a domain which is not created yet #283; fixed in #288
- Watch and apply ngrok module set CR changes #287; fixed in #290
- Label https edges and tunnels with service UID to make them more unique within ngrok #291; fixed in #293 and #302
- The controller stopping at the first resource create #270
- Using
make deploynow requiresNGROK_AUTHTOKENandNGROK_API_KEYto be set #292
- Handle special case for changing auth types that causes an error during state transition #259
- Handle IP Policy CRD state transitions in a safer way #260
- Better handling when changing pathType between 'Exact' and 'Prefix' #262
- tunneldriver: plumb the version through ngrok-go #228
- Support HTTPS backends via service annotation #238
- Initialize route backends after module updates #243
- validate ip restriction rules, before creating the route #241
- Don't shadow remoteIPPolicies #230
- resolve some linter warnings #229
- Use direnv layout feature #248
- chore(readme): improve structure and content #246
- Added direnv and a nix devshell #227
- fix route modules, using ngrokmoduleset instead #239
- Use raw yq output, split e2e runner from deployment #235
- Added e2e config init script #234
- Some updates to handle different cases for e2e run #226.
- Add support for named service ports #222.
- Added Ingress controller version to user-agent #198.
- Don't default to development mode for logging #199.
- Leaking TCP connections for every tunnel dial #203.
- Bumped go version to 1.20 #167
- Refactored Route Module Updates to be lazy #168
- Annotations for configuration have been removed in favor of grouping module configurations together in
NgrokModuleSetcustom resources #170
- Ran go mod tidy and added check to make sure its tidy before merge #166
- Added
NgrokModuleSetCRD #170 - Added support for Circuit Breaker route module #171
- Added support for OIDC route module #173
- Added support for SAML route module #186
- Added support for OAuth route module #192
- When no region override is passed to helm, the controller now does not default to the US and instead uses the closes geographic edge servers #160
- Ingress Class has Default set to false #109
- Allow controller name to be configured to support multiple ngrok ingress classes #159
- Allow the controller to be configured to only watch a single namespace #157
- Pass key/value pairs to helm that get added as json string metadata in ngrok api resources #156
- merge all ingress objects into a single store to derive Edges. #129, #10, #131, #137
- Minimum TLS Version Route Module #125
- Webhook Verification Route Module #122
- Add/Remove Header Route Module #121
- Add IP Policy CRD and IP Policy Route Module #120
- Load certs from the directory
"/etc/ssl/certs/ngrok/"for ngrok-go if present #111
- Fix bug from Driver and Store refactor so ingress status has CNAME Targets for custom domains updated correctly #162
- Reduce domain controller reconcile counts by not updating domains if they didn't change #140
- Remove routes from remote API when they are removed from the ingress object #124
- Renamed docker image from
ngrok/ngrok-ingress-controllertongrok/kubernetes-ingress-controller. - Added new controllers for
domains,tcpedges, andhttpsedges. - Updated go dependencies
- Moved
main.goto root of project to match whatkubebuilderexpects. - Updated
Makefileto match whatkubebuildercurrently outputs. - Created
serverAddrflag and plumbed it through tongrok-go - Read environment variable
NGROK_API_ADDRfor an override to the ngrok API address.
- Moved from calling ngrok-agent sidecar to using the ngrok-go library in process.
The ngrok ingress controller is currently in alpha. Releases will have varying features with breaking changes.