0.16.1

Mainhattan

1. Frankfurt’s nickname combining the Main River and Manhattan vibe.

What's Changed

API Compliance

• Support service-keys and delete-service-key commands
• Routes when listing apps are properly displayed (issue #4123)

Misc

• Kind installer waits longer for the Korifi deployments to start (thanks @geigerj0)

Full Changelog: v0.16.0...v0.16.1

⚒️ Ready to try it? Check out the installation instructions!

0.16.0

turn the page

1. To make a transition to something else, especially a more positive period after have to deal with a negative one; to move on.

What's Changed

API Compliance

• Support pagination of list results (page and per_page query parameters) for all resources
• Ordering list results by created_at and updated_at is implemented for all resources. Improved support for ordering by for resource-specific criteria
• Implement the PATCH /v3/service_offerings/:guid endpoint (thanks @ybykov-a9s)
• Filtering list results now happens on the server side via label selectors for most resources
• Implement the GET /v3/droplets endpoint (thanks @klapkov)
• Implement include=organization query parameters for the GET /v3/spaces and GET /v3/spaces/:guid endpoints (thanks @ddraganovv)
• Support fields[service_plan.service_offering]=description,tag,documentation_url argument for the GET /v3/service_instances endpoint (thanks @klapkov)
• Implement the GET /v3/service_plans/:guid endpoint (thanks @benjaminguttmann-avtq)
• Introduce relationships.service_plan in the GET /v3/service_instances and GET /v3/service_instances/:guid endpoints (thanks @benjaminguttmann-avtq)
• Support purging of unmapped routes via the DELETE /v3/spaces/:guid/routes?unmapped=true endpoint (thanks @klapkov)
• Implement security group creation as a first step of the experimental support for security groups (thanks @klapkov)
• Implement the GET /v3/builds endpoint with support for package_guids, app_guids, states and order_by query params (thanks @benjaminguttmann-avtq)

Helm Chart

• Cert Manager is an optional dependency. Operators can bring their own certificates for both ingress and webhooks. See docs for details.
• Publish the Korifi helm chart to Github Pages (thanks @vkazmin)
• The helm chart no longer has an appVersion, since it has the same release lifecycle as Korifi. The version of the helm chart is set to the github release version.

Full Changelog: v0.15.1...v0.16.0

⚒️ Ready to try it? Check out the installation instructions!

0.15.1

a joker in the pack

1. someone or something that is unpredictable; a wild card

⚠️ Warning

The gcr.io paketo project will be shut down soon. This means that paketo images are no longer going to be available on gcr.io. As a result, older releases of Korifi that rely on them will stop functioning. Users are strongly advised to upgrade to this release to ensure continued functionality.

What's Changed

• Default cluster store changed to reflect the paketo move away from gcr.io - thanks @nicolasbender
• GET /v3/service_instances now supports the type query parameter - thanks @klapkov

Full Changelog: v0.15.0...v0.15.1

⚒️ Ready to try it? Check out the installation instructions!

0.15.0

to break a logjam

1. to change or deal with a difficult situation which has existed for a long time

What's Changed

🚨 Breaking changes

• ECR Users: Due to the splitting of the kpack image builder as a separate deployment the ECR access policy should be amended. Take a look a this commit as well as the EKS installation docs.
• Due to changes in how service instances and bindings are handled, all existing service instances must be re-created after upgrading to Korifi v0.15.0. For managed services, ensure you use the cf purge-service-instance command.

CF API compatibility improvements

• GET /v3/service_instances:
  • Now supports the fields[space] and fields[space.organization] query parameters - thanks @klapkov
  • Includes the upgrade_available and maintenance_info.version fields
• PATCH /v3/organizations/:guid now allows updating the name field - thanks @ddraganovv
• GET /v3/service_credential_bindings/:guid/parameters is now implemented - thanks @ddraganovv

Experimental features

• Added support for configuring an external log cache implementation to collect logs and metrics via the experimental.externalLogCache helm value. More details are available in the documentation.

Misc Improvements

• Controllers no longer send empty patches to the Kubernetes API server
• Enhanced the EKS installation documentation - thanks @bguttmann
• Fixed the behavior of the --wait flag in the cf create/delete-service and cf bind/unbind-service commands
• Introduced helm values for adjusting the throughput of the API Kubernetes client - thanks @rrashidov
• All CRDs now use camel case for their JSON annotations, aligning with Kubernetes API server requirements
• Removed the dependency on servicebinding.io. It is no longer requred by Korifi, so existing deployments should consider uninstalling it
• Korifi now manages the projection of service credentials on its own, addressing several issues:
  • Application pods are no longer restarted when a service instance is bound or unbound
  • The binding controller no longer assumes applications are materialized as StatefulSets
• Made the route controller optional, enabling custom routing configurations - thanks @Dariquest

Full Changelog: v0.14.0...v0.15.0

⚒️ Ready to try it? Check out the installation instructions!

0.14.0

get in(to) a bind

1. To enter into a challenging, problematic, or dangerous situation, especially unintentionally or unwittingly.

What's Changed

🚨 Breaking changes

• The following helm values have been removed: kpackImageBuilder.clusterStackID and kpackImageBuilder.clusterStackBuildImage. The default cluster builder configuration is not configurable anymore. If you are not happy with it, you could create your own cluster builder and set the kpackImageBuilder.clusterBuilderName value when applying Korifi's helm chart - thanks @pbusko

New features

• Service parameters in app manifest are now supported
• Improved performance when listing resources across multiple spaces (e.g. GET /v3/apps), see #3636 for details
• Korifi optional components (the statefulset runner, kpack image builder and task runner) are now deployed as separate Kubernetes deployments. This allows for fine-grained configuration of resource requirements - thanks @pbusko

CF API compatibility improvements

The following endpoints are implemented:

• GET /v3/service_instances/:guid - thanks @klapkov
• GET /v3/service_instances/:guid/credentials - thanks @klapkov
• GET /v3/apps/guid/droplets - thanks @benjaminguttmann-avtq
• GET /v3/apps/:guid/environment_variables - thanks @gogolok
• GET /v3/stacks - thanks @benjaminguttmann-avtq
• DELETE /v3/service_offerings/:guid - thanks @klapkov
• DELETE /v3/service_plans/:guid - thanks @klapkov
• GET v3/service_brokers/:guid - thanks @klapkov
• DELETE /v3/service_instances/:guid?purge=true (purging service instances) - thanks @klapkov

Experimental features

Managed Services Support

• Asynchronous service instance provisioning
• Bind/Unbind (both sync and async)
• Creating keys for a managed service instance (cf create-service-key) - thanks @ddraganovv, @klapkov
• Organizations can be removed from plan visibility - thanks @klapkov
• Filtering service instances and bindings by plan guid

Authentication via UAA

See the documentation for details

Misc

• Release has been tested against latest cf cli (v8.9.0)
• Makefile is compatible with bash 3.x (useful for Mac users) - thanks @cniles
• create-new-user.sh utility script checks whether openssl is available - thanks @gciavarrini
• Custom buildpacks documented - thanks @benjaminguttmann-avtq
• Korifi custom resource definitions (CRDs) installation can be skipped when installing the helm chart via setting the crds.include: false helm value
• Newly created Korifi resources have valid v4 UUIDs
• API compatibility doc has been updated - thanks @gogolok
• Floating point number values for disk_quota and memory in app manifests are supported - thanks @gogolok
• Improved filtering logic in the API - thanks @gogolok

Full Changelog: v0.13.0...v0.14.0

⚒️ Ready to try it? See the install instructions!

0.13.0

triskaidekaphobia
/ˌtrɪskʌɪdɛkəˈfəʊbɪə/
noun

1. an irrational or disproportionate fear of the number thirteen

What's Changed

🚨 Breaking changes

• This release brings several improvements in the definitions of the statefulset and pod resources backing the app workload. This means that all workload pods will be restarted after an upgrade. Use caution and upgrade in a maintenance window.
• Gateway API v1.1.0 contains a breaking change. According to their guide the existing BackendTLSPolicy resource definition should be deleted before installing the new version. This should not affect Korifi as we are not using BackendTLSPolicy, but might affect other software running on your cluster.

Partial Managed Services Support

• This is an experimental feature. It is disabled by default. To enable it set the experimental.managedServices.enabled flag to true
• Future releases might contain incompatible changes with regards to managed services
• Supported commands so far:
  • cf create-service-broker
  • cf update-service-broker
  • cf service-brokers
  • cf delete-service-broker
  • cf service-access
  • cf enable-service-access
  • cf disable-service-access
  • cf marketplace
  • cf create-service
  • cf services
  • cf delete-service
• Some limitations:
  • Space scoped brokers are not supported
  • Space plan visibility is not supported

Bug Fixes

• Fix BuildWorkload getting stuck in failed status (thanks @pbusko)
• Fix pushing apps with latest cf CLI

Misc

• Documentation improvements (thanks @benjaminguttmann-avtq @FloThinksPi @marsteg)
• Use topology spread constraint instead of pod affinity in workload statefulsets (thanks @modulo11, @c0d1ngm0nk3y)
• Korifi's Gateway ports and infrastructure are now configureable (thanks @pbusko)
• Multi-arch builds for local development are now supported (thanks @pbusko)
• Use the Kubernetes downward API to set CF_INSTANCE_INDEX environment variable (thanks @pbusko)
• Adopt go-functional (thanks @BooleanCat)
• cf restart-app-instance command now works (thanks @marsteg)
• The statefulsetRunnerTemporarySetPodSeccompProfile and jobTaskRunnerTemporarySetPodSeccompProfile flags have been removed and the pod security context is now unconditionally setting the seccomp profile to RuntimeDefault. This allows for better support of Istio CNI.

Full Changelog: v0.12.0...v0.13.0

⚒️ Ready to try it? See the install instructions!

0.12.0

What's Changed

CF API improvements

• More API endpoints supported:
  • GET /v3/info is supported (#2914 - thanks @gogolok)
  • Stub GET /v3/apps/:guid/features/:name (#2357 - thanks @marsteg)
  • Initial support for GET /v3/apps/:guid/processes/:type/stats (#2340 - thanks @gogolok)
• Improved support for services in manifest (#3050), both formats are now supported:

services:
  - my_service
  - name: your_service

• Trailing slashes in the request URLs are accepted (#2749 - thanks @alperdedeoglu)
• Objects for user-provided services credentials are now supported (#2900)
• MEMORY_LIMIT and CF_INSTANCE_PORTS environment variables are now available to applications (#3081 and #3229 - thanks @marsteg)
• CF CLI 8.7.8+ now supported (#3142)
• Application restart is now synchronous (#3036)
• Uppercase characters now allowed in routes (#3210 - thanks @marsteg)
• Lower case memory limit units is now supported in manifests (#3231 - thanks @marsteg)
• Pre-release CF CLI versions is now allowed (#3255 - thanks @gogolok)

Korifi custom resources improvements

• The following Korifi custom resources now have a Ready condition (by setting the Ready condition, Korifi signals that the resource is reconciled and usable; interested parties could wait on that condition to ensure they are not getting an inconsistent state):
  • CFDomain
  • CFRoute
  • CFServiceBinding
  • CFServiceInstance
  • CFApp
  • CFOrg
  • CFSpace
  • CFPackage
  • CFProcess
  • CFTask
  • AppWorkload
• CFRoute's Valid and Invalid status conditions have been removed in favour of the Ready condition

Misc

• Improved Istio support (#3156 - thanks @shanman190)
• Node selectors and tolerations can be configured for Korifi API and controllers deployments (#3308 - thanks @panevpla)
• Kind installer now uses contour dynamic provisioning
• Documentation improvements (thanks @spgreenberg, @beyhan)
• Dependencies bumped to latest

Full Changelog: v0.11.0...v0.12.0

⚒️ Ready to try it? See the install instructions!

0.11.0

What's Changed

• Korifi ingress (both api and workloads) is now leveraging the Gateway API.
  • This means that it is now possible to deploy Korifi against any Gateway API compatible ingress controller.
  • The api.expose and contourRouter.include helm values have become redundant so they are removed from the chart.
• The VCAP_APPLICATION env var attributes now include uris and application_uris. Thanks @szeort

⚠️ Warning

• Enabling the Gateway API in Contour requires a restart of the Contour deployment. This causes a short period of downtime for the Korifi API and workloads. Once Contour is up and running all existing applications will imediately be reachable on the same routes.
• Contour supports the Gateway API since v1.22.0
• Websocket support in Contour's Gateway API mode is available since Contour v1.26. It is possible to use older Contour versions, but websockets won't work.

🚨 Breaking changes

• A new required networking.gatewayClass helm value has been introduced to the chart as part of enabling the Gateway API

Full Changelog: v0.10.0...v0.11.0

⚒️ Ready to try it? See the install instructions!

0.10.0

What's Changed

• Hassle-free Korifi installer for kind clusters (thanks @beyhan for feedback and testing)
• New systemImagePullSecrets helm value to enable pulling korifi system images from private registries.
• Improve documentation of known differences with CF-for-VMs (thanks @beyhan)

Full Changelog: v0.9.0...v0.10.0

⚒️ Ready to try it? See the install instructions!

0.9.0

What's Changed

• Support pushing docker images: more info in the docs
• The default clusterbuilder stack is updated to Ubuntu Jammy Jellyfish
• Fix: Not all contour resources get turned off causing the deployment to fail (thanks @a2geek)
• Make the helm jobs image configurable (thanks @wanddynosios)

🚨 Breaking changes

• The global section in the helm values has been removed. All values that used to be there are now top-level ones. See README.helm.md
• The helm value api.lifecycle.stagingRequirements has been moved to stagingRequirements
• Removed redundant helm value api.builderName in favour of reconcilers.build

Full Changelog: v0.8.1...v0.9.0

⚒️ Ready to try it? See the install instructions!