v1.125.0
- Special shout-outs to @600lyy, @acpana, @anhdle-sso, @cheftako, @ericpang777, @gemmahou, @hankfreund, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @nb-goog, @svetakvsundhar, @xiaoweim, @yuwenma, @zicongmei, @ziyue-101 for their contributions to this release.
New Beta Resources (Direct Reconciler):
-
- Manage connections to connect to Google services and external data sources
-
BigQueryAnalyticsHubDataExchange
- Manage data exchange to enable self-service data sharing
-
PrivilegedAccessManagerEntitlement
- Manage entitlements to grant for projects, folders, and organizations
-
- Manage workstation cluster to define a group of workstations in a particular region and the VPC network they're attached to.
New Alpha Resources (Direct Reconciler):
-
KMSAutokeyConfig
- Manage the KMS auto key which simplifies the CMEKs provisioning and assignment.
New Fields:
AlloyDBInstance
(Beta)- Added
spec.networkConfig.enableOutboundPublicIp
field. - Added
status.outboundPublicIpAddresses
field.
- Added
Reconciliation Improvements
We've enhanced the following resources with a new direct controller, boosting their reliability and performance. While they'll continue to function with their existing Terraform-based or DCL-based controllers by default, the direct controller offers significant improvements. Notably, this enhancement doesn't require any changes to the resource CRD.
-
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on the SQLInstance CR object to opt-in the direct controller. - The direct reconciler contains 2 fix and improvement:
- Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
- Supports "creating from clone" via
spec.cloneSource
- You can use the
-
- You can use the
alpha.cnrm.cloud.google.com/reconciler: direct
annotation on theComputeFirewallPolicyRule
CR object to opt-in the direct controller, which fixes thetargetResources
error required value "priority" could not be found.
- You can use the
New features:
-
Add cluster mode to manage the rate-limit for the Config Connector requests
- In v1.119, we added rate-limit control in namespace mode. Users can configure the
NamespacedControllerReconciler
object (Alpha) to set the rate-limit for the reconciling requests to the kube-apiserver for their Config Connector resources. - In this release, we add this feature for cluster mode. User can configure the
ControllerReconciler
object (Alpha) to set the rate-limit for all their cnrm manager controllers in the cluster. This example shows how to set up the configuration.
- In v1.119, we added rate-limit control in namespace mode. Users can configure the
Bug Fixes:
- Issue 3007 ComputeBackendService cannot refer clientTLSPolicy due to invalid format
- Issue 2973 kubelet_config has
insecure_kubelet_readonly_port_enabled: true
set even if not configured in theContainerNodePool
object. - Issue 3140 BigQueryConnectionConnection requires UUID to acquire the resource.