Release v2.0.0

Kubernetes Fury Ingress Core Module Release 2.0.0

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team SIGHUP.

This latest release upgrades Terraform Modules in the module to Terraform >= 1.3.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.11.0	No update
external-dns	v0.13.2	No update
forecastle	v1.0.119	No update
nginx	v1.5.1	No update
aws-cert-manager	N.A.	No update
aws-external-dns	N.A.	No update

Please refer the individual release notes to get a more detailed information on each release.

Features 💥

• Breaking: Updated Terraform modules to be compatible with Terraform >= 1.3.

Update Guide 🦮

Process

Update your Terraform project and CLI to version >= 1.3 and run terraform init -upgrade , then apply the new version.

Release v1.14.1

Kubernetes Fury Ingress Core Module Release 1.14.1

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team SIGHUP.

This is a patch release that changes the behaviour of the aws-external-dns Terraform module.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.11.0	No update
external-dns	v0.13.2	No update
forecastle	v1.0.119	No update
nginx	v1.5.1	No update
aws-cert-manager	N.A.	No update
aws-external-dns	N.A.	Updated

Please refer the individual release notes to get a more detailed information on each release.

Update Guide 🦮

Process

Please refer the release notes of the minor version v1.14.0 if you are upgrading from a version < v1.14.0

To upgrade this core module from v1.14.0 to v1.14.1, you need to download this new version, and apply the instructions below.

If you are using the aws-external-dns Terraform module, and you are providing a private zone id, just add the parameter enable_private = true:

module "cert_manager_iam_role" {
  source             = "../vendor/modules/ingress/aws-external-dns"
  cluster_name       = "myekscluster"
  public_zone_id     = "Z1BM4RA99PG48O"
  private_zone_id    = "Z1BM4RA99PG499"
  enable_private     = true
  tags               = {"mykey": "myvalue"}
}

Preview v1.14.1-rc0

Kubernetes Fury Ingress Core Module Release 1.14.1

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team SIGHUP.

This is a patch release that changes the behaviour of the aws-external-dns Terraform module.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.11.0	No update
external-dns	v0.13.2	No update
forecastle	v1.0.119	No update
nginx	v1.5.1	No update
aws-cert-manager	N.A.	No update
aws-external-dns	N.A.	Updated

Please refer the individual release notes to get a more detailed information on each release.

Update Guide 🦮

Process

Please refer the release notes of the minor version v1.14.0 if you are upgrading from a version < v1.14.0

To upgrade this core module from v1.14.0 to v1.14.1, you need to download this new version, and apply the instructions below.

If you are using the aws-external-dns Terraform module, and you are providing a private zone id, just add the parameter enable_private = true:

module "cert_manager_iam_role" {
  source             = "../vendor/modules/ingress/aws-external-dns"
  cluster_name       = "myekscluster"
  public_zone_id     = "Z1BM4RA99PG48O"
  private_zone_id    = "Z1BM4RA99PG499"
  enable_private     = true
  tags               = {"mykey": "myvalue"}
}

Release v1.14.0

Kubernetes Fury Ingress Core Module Release 1.14.0

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team SIGHUP.

This is a minor version release that adds support for Kubernetes v1.15.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.11.0	v1.10.0
external-dns	v0.13.2	v0.10.2
forecastle	v1.0.119	v1.0.103
nginx	v1.5.1	v1.3.1
aws-cert-manager	N.A.	No update
aws-external-dns	N.A.	No update

Please refer the individual release notes to get a more detailed information on each release.

Update Guide 🦮

Process

Please refer the release notes of the minor version v1.13.1 if you are upgrading from a version < v1.13.1

To upgrade this core module from v1.13.1 to v1.14.0, you need to download this new version, and apply the instructions below.

kustomize build <your-project-path> | kubectl apply -f -

Release v1.13.1

Kubernetes Fury Ingress Core Module Release 1.13.1

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team SIGHUP.

This is a patch release that fixes the following issues that were introduced in v1.13.0. See Bug Fixes

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.10.0	No update
external-dns	v0.10.2	No update
forecastle	v1.0.103	No update
nginx	v1.3.1	No update
aws-cert-manager	N.A.	No update
aws-external-dns	N.A.	No update

Please refer the individual release notes to get a more detailed information on each release.

Bug Fixes 🐞

• cert-manager: missing RBAC permissions for leader election (#92)
• cert-manager: ServiceMonitor selector picked up too many services, triggering failing targets in Prometheus (#93)

Update Guide 🦮

Process

To upgrade this core module from v1.13.0 to v1.13.1, you need to download this new version, and apply the instructions below.

Please refer the release notes of the minor version v1.13.0 if you are upgrading from a version < v1.13.0

⚠️ WARNING some downtime on cert-manager is expected during the upgrade process.

Because we are changing immutable fields (labels) of deployments, you'll need delete first cert-manager deployments to update them.

# Delete cert-manager deployments to update labels
kubectl delete -n cert-manager deployments.apps cert-manager cert-manager-webhook cert-manager-cainjector
# finally
kustomize build <your-project-path> | kubectl apply -f -

Release v1.13.0

Kubernetes Fury Ingress Core Module Release 1.13.0

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team SIGHUP.

This is a minor version release that adds support for Kubernetes v1.24, updates several components, adds some new ones, and removes Pomerium and other deprecated packages.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.10.0	v1.6.1
external-dns	v0.10.2	-
forecastle	v1.0.103	v1.0.75
nginx	v1.3.1	v1.1.0
nginx-ldap-auth	Removed.	v1.0.6
nginx-ovh	Removed.	-
nginx-gke	Removed.	-
pomerium	Removed. Pomerium has been moved into a new Auth module.	v0.15.8
aws-cert-manager	Added in this release.	-
aws-external-dns	Added in this release.	-

Please refer the individual release notes to get a more detailed information on each release.

Bug Fixes 🐞

• Alert Rules now use description field instead of message for detailed information, making the Monitoring module show the needed information in Slack notifications.

New features 🌟

• NGINX Ingress Controller now has a Webhook that validates Config snippets and rejects changes that would break the ingress
• Forecastle now follows the Fury branding
• Added external-dns to the module to manage DNS records natively from Kubernetes
• Added aws-cert-manager to manage IAM permissions on AWS with Terraform for cert-manager
• Added aws-external-dns to manage IAM permissions on AWS with Terraform for external-dns

Breaking Changes 💔

• NGINX Ingress Controller now uses .spec.ingressClassName field instead of annotations to choose between internal and external ingresses. Make sure that all the ingresses have the field defined and don't have the annotation, having both of them is not supported anymore.
• NGINX Ingress Controller now depends on cert-manager for the Validating Webhook TLS certificates.
• Pomerium has been removed from this module. You can find Pomerium, and other related tools, in the new KFD Auth module.
• Removed nginx-ldap from the module.
• Removed nginx-gke from the module.
• Removed nginx-ovh from the module.

Update Guide 🦮

Process

⚠️ read carefully the breaking changes section first.

cert-manager has been bumped several versions, please check the upgrade guides in the official documentation, in particular the change from 1.7 to 1.8 includes some changes to the spec.privateKey.rotationPolicy field, read carefuly if you were using it or you had the --feature-gates=ServerSideApply=true flag in the cert-manager controller. Here you can find the relevant upgrade docs:

• https://cert-manager.io/docs/installation/upgrading/upgrading-1.6-1.7
• https://cert-manager.io/docs/installation/upgrading/upgrading-1.7-1.8
• https://cert-manager.io/docs/installation/upgrading/upgrading-1.8-1.9
• https://cert-manager.io/docs/installation/upgrading/upgrading-1.9-1.10

To upgrade this core module from >= v1.12.2 to v1.13.0, you need to download this new version, and apply the instructions below.

⚠️ some downtime of the NGINX Ingress Controller is expected during the upgrade process.

# For NGINX Ingress Controller SINGLE
kubectl delete ingressclass nginx -n ingress-nginx
# For NGINX Ingress Controller DUAL
kubectl delete ingressclass external internal -n ingress-nginx
# finally
kustomize build <your-project-path> | kubectl apply -f -

Release v1.12.2

Ingress Core Module Release 1.12.2

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team
SIGHUP.

This is a patch release reverts the commonLabels applied in v1.12.0 because they break updating the module in the future.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.6.1	No update
forecastle	v1.0.75	No update
nginx	v1.1.0	No update
pomerium	v0.15.8	No update
nginx-ldap-auth	v1.0.6	No update

Please refer the individual release notes to get a detailed info on the
releases

Update Guide 🦮

Warnings

• Since the release rollbacks some changes to immutable fields, if deployments, statefulset and daemonsets, are not deleted first before applying the module, it will error out. Check the Process below for more info.

Process

If you are upgrading from version v1.12.0 to v1.12.1, you need to download this new version, then apply the kustomize project as shown below.
There will be some downtime on the components.

kubectl -n cert-manager delete deployment.apps/cert-manager deployment.apps/cert-manager-cainjector deployment.apps/cert-manager-webhook
kustomize build katalog/cert-manager | kubectl apply -f - # This might need to be applied twice, if the deployments haven't come back up fast
# And
kubectl -n ingress-nginx delete deployment.apps/forecastle
kustomize build katalog/forecastle | kubectl apply -f -
# And
kubectl -n pomerium delete deployment.apps/pomerium
kustomize build katalog/pomerium | kubectl apply -f -
# And
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller
kustomize build katalog/nginx | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller-external daemonset.apps/nginx-ingress-controller-internal
kustomize build katalog/dual-nginx | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller
kustomize build katalog/nginx-gke | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller
kustomize build katalog/nginx-ovh | kubectl apply -f -

If you are upgrading from a version < v1.12.0, you can simply apply the kustomize project as shown below.

kustomize build katalog/cert-manager | kubectl apply -f -
# And
kustomize build katalog/forecastle | kubectl apply -f -
# And
kustomize build katalog/pomerium | kubectl apply -f -
# And
kustomize build katalog/nginx | kubectl apply -f -
# Or
kustomize build katalog/dual-nginx | kubectl apply -f -
# Or
kustomize build katalog/nginx-gke | kubectl apply -f -
# Or
kustomize build katalog/nginx-ovh | kubectl apply -f -

Preview v1.12.2-rc0

Ingress Core Module Release 1.12.2

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team
SIGHUP.

This is a patch release fixing a bug on katalog packages.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.6.1	No update
forecastle	v1.0.75	No update
nginx	v1.1.0	No update
pomerium	v0.15.8	No update
nginx-ldap-auth	v1.0.6	No update

Please refer the individual release notes to get a detailed info on the
releases

Update Guide 🦮

Warnings

• Since the release rollbacks some changes to immutable fields, if deployments, statefulset and daemonsets, are not deleted first before applying the module, it will error out. Check the Process below for more info.

Process

If you are upgrading from version v1.12.0 to v1.12.1, you need to download this new version, then apply the kustomize project as shown below.
There will be some downtime on the components.

kubectl -n cert-manager delete deployment.apps/cert-manager deployment.apps/cert-manager-cainjector deployment.apps/cert-manager-webhook
kustomize build katalog/cert-manager | kubectl apply -f - # This might need to be applied twice, if the deployments haven't come back up fast
# And
kubectl -n ingress-nginx delete deployment.apps/forecastle
kustomize build katalog/forecastle | kubectl apply -f -
# And
kubectl -n pomerium delete deployment.apps/pomerium
kustomize build katalog/pomerium | kubectl apply -f -
# And
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller
kustomize build katalog/nginx | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller-external daemonset.apps/nginx-ingress-controller-internal
kustomize build katalog/dual-nginx | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller
kustomize build katalog/nginx-gke | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller
kustomize build katalog/nginx-ovh | kubectl apply -f -

If you are upgrading from a version < v1.12.0, you can simply apply the kustomize project as shown below.

kustomize build katalog/cert-manager | kubectl apply -f -
# And
kustomize build katalog/forecastle | kubectl apply -f -
# And
kustomize build katalog/pomerium | kubectl apply -f -
# And
kustomize build katalog/nginx | kubectl apply -f -
# Or
kustomize build katalog/dual-nginx | kubectl apply -f -
# Or
kustomize build katalog/nginx-gke | kubectl apply -f -
# Or
kustomize build katalog/nginx-ovh | kubectl apply -f -

Release v1.12.1

❌ This release contains issues, please use the version v1.12.2 instead ❌

# Ingress Core Module Release 1.12.1

Welcome to the latest release of Ingress module of Kubernetes Fury Distribution maintained by team
SIGHUP.

This is a patch release fixing a bug and improving some documentation for the module.

💡 Please refer the release notes of the minor version
v.12.0
if you are upgrading from a version < v1.12.0

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.6.1	No update
forecastle	v1.0.75	v1.0.70
nginx	v1.1.0	No update
pomerium	v0.15.8	No update
nginx-ldap-auth	v1.0.6	No update

Please refer the individual release notes to get a detailed info on the
releases

Documentation 📕

• #60 Improve
  and restructure the documentation of the Ingress module

Bug Fixes 🐞

• #61 Fixed the
  incompatibility of Forecastle with Kubernetes 1.23 by upgrading the
  upstream image

Update Guide 🦮

Process

To upgrade this core module from v1.12.0 to v1.12.1, you need to download
this new version, then apply the following kustomize project:

kustomize build katalog/forecastle | kubectl apply -f -

Release v1.12.0

❌ This release contains issues, please use the version v1.12.2 instead ❌

# Ingress Core Module Release 1.12.0

Welcome to the latest release of Ingress module of (Kubernetes Fury Distribution)[https://github.com/sighupio/fury-distribution] maintained by team
SIGHUP.

This latest release is an attempt on upgrading the components in the module to
its latest stable release along with adding the tech preview of the latest
kubernetes release v1.23.0.

Component Images 🚢

Component	Supported Version	Previous Version
cert-manager	v1.6.1	v1.5.3
forecastle	v1.0.70	v1.0.66
nginx	v1.1.0	v1.0.1
pomerium	v0.15.8	v0.15.8
nginx-ldap-auth	v1.0.6	No update

Please refer the individual release notes to get a detailed info on the
releases

Known Issues ⚠️

• Forecastle is not supported in the versions 1.22 and 1.23 of Kubernetes
• This release involves recreation of certain resources like daemonset, deployments, etc. We recommend deleting it with --cascade=orphan, to avoid changes being made to the pods.
• We drop support of Kubernetes versions <= v1.19.x, this is especially
  important for Ingress due to its deprecation of apiVersions

Breaking Changes 💔

• cert-manager: Following their deprecation in version 1.11.0, the cert-manager APIVersions v1alpha2, v1alpha3, and v1beta1 are no longer served.This means if your deployment manifests contain any of these API versions, you will not be able to deploy them after upgrading
• #55 Added Kubernetes labels to all the components of the module: Since labels are immutable fields in deployments, daemonsets, etc., this change requires a recreation of those resources.

Features 💥

• #54 Added e2e-test support for k8s runtime 1.23
• #55 Added Kubernetes labels to all the components of the module
• #55 Added Makefile, JSON builder and .bumpversion config to the module
• #56 Updated the
  certmanager CRDs to drop apiVersion support < v1 and some syncing with upstream

Bug Fixes 🐞

• #580148 Fixed broken Ingress Config for Pomerium

Update Guide 🦮

Warnings

• Since the release ships changes to some immutable fields, if deployments and daemonsets, are not deleted first before applying the module, it will error out.
• Make sure none of the cert-manager CRDs like Certificate, ClusterIssuer,
  Challenge, etc. are using apiVersion < v1
• Make sure you use the latest Ingress syntax following version 1.22 of Kubernetes.

Process

To upgrade this core module from v1.11.x to v1.12.0, you need to download this new version, then apply the kustomize project.

kubectl -n cert-manager delete deployment.apps/cert-manager deployment.apps/cert-manager-cainjector deployment.apps/cert-manager-webhook --cascade=orphan
kustomize build katalog/cert-manager | kubectl apply -f - # This might need to be applied twice, if the deployments haven't come back up fast
# And
kubectl -n ingress-nginx delete deployment.apps/forecastle --cascade=orphan
kustomize build katalog/forecastle | kubectl apply -f -
# And
kubectl -n pomerium delete deployment.apps/pomerium --cascade=orphan
kustomize build katalog/pomerium | kubectl apply -f -
# And
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller --cascade=orphan
kustomize build katalog/nginx | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller-external daemonset.apps/nginx-ingress-controller-internal --cascade=orphan
kustomize build katalog/dual-nginx | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller --cascade=orphan
kustomize build katalog/nginx-gke | kubectl apply -f -
# Or
kubectl -n ingress-nginx delete daemonset.apps/nginx-ingress-controller --cascade=orphan
kustomize build katalog/nginx-ovh | kubectl apply -f -