Skip to main content
Version: 1.5

Release Notes

Supported versions

This page provides release notes for supported versions of Wayfinder. Find older release notes in the Archive page.

For information on Wayfinder release cadence and support lifecycle, see:

Release v1.5.3


Install Wayfinder

You can install Wayfinder via the installer or Azure Marketplace.

Use the Wayfinder installer

Use one of the download links below to get the CLI (see Get the CLI for details), and then follow the instructions in Installing Wayfinder.

Install via Azure Marketplace

Follow the instructions in Install via Azure Marketplace.

Bugs fixed

  • [WF-1722] Azure deprecated the AKS NAT Gateway Preview feature, breaking AKS provisioning
  • [WF-1686] Auto generated cert has a CN name that is too long for letsEncrypt (max 64 chars)
  • [WF-1698] Portal cannot save DNS zones as the resource cannot be updated (changed at server)
  • [WF-1663] Dedicated Azure DNS zones don't work
  • [WF-1696] Cluster Build Form: UI not Propagating Backend Error to User
  • [WF-1708] When assignablenetworks exist, the default node network on cluster creation screen is wrong
  • [WF-1710] Cluster Creation - Services network "autoassign" option has errors

Release v1.5.2


Install Wayfinder

You can install Wayfinder via the installer or Azure Marketplace.

Use the Wayfinder installer

Use one of the download links below to get the CLI (see Get the CLI for details), and then follow the instructions in Installing Wayfinder.

Install via Azure Marketplace

Follow the instructions in Install via Azure Marketplace.

New features and notable changes

  • Wayfinder 'Terranetes Controller' package is now deployed to clusters by default. This lays the foundation for customers to run workloads inside the cluster to self-serve application dependencies, and reuse the wealth of terraform modules already written. (More information coming soon.)
  • Wayfinder now uses Pod Security Admission instead of Pod Security Policies, which will be removed from Kubernetes in v1.25.
  • The Wayfinder Portal now provides a direct link with matching version to download the CLI binary.

Bugs fixed

  • [WF-1493] Wayfinder cannot be installed in two AWS regions with the same name else the WF AWS identity clashes
  • [WF-1494] External DNS is failing in Azure as it doesn't have permission for the zone
  • [WF-1532] AKS: Node pool reconciliation reconciles size even if auto-scaling enabled
  • [WF-1261] UI: Actual costs not displaying when "All Providers" is selected
  • [WF-1350] GCP Project automation GCP DNS zone not working for GKE cluster
  • [WF-1075] Fix rare concurrent update issue for management cluster during upgrade
  • [WF-1365] Automatic Cluster Upgrade Not Working
  • [WF-1366] EKS Cluster Version Not Updated - ClusterManager Role
  • [WF-1457] Can't create cluster if no prices available
  • [WF-1472] Ingress does not work without adding manual network policy
  • [WF-1497] AWS install --remove can fail due to 'update in progress'
  • [WF-1513] UI - Can't create global child zones from global parent DNS zones
  • [WF-1612] Limit 'latest' in AKS to K8S versions Wayfinder is validated against

Release v1.4.2


Install Wayfinder

You can install Wayfinder via the installer or Azure Marketplace.

Use the Wayfinder installer

Use one of the download links below to get the CLI (see Get the CLI for details), and then follow the instructions in Installing Wayfinder.

Install via Azure Marketplace

Follow the instructions in Install via Azure Marketplace.

Notable changes

  • Improved namespaces UI, and included deployment details needed for Kubernetes manifests.
  • UI menu improvements

Bugs fixed

  • [1238] Workspace Quick Start page displays wrong number of packages
  • [1249] Deleting AWS Organization shows wrong warning message to remove roles
  • [1266] Can't manage labels on a cluster via UI
  • [1298] Namespace claims aren't reconciled when quota limits are updated
  • [1307] Workspace quick start page not counting shared clusters

Release v1.4.1


Install Wayfinder

You can install Wayfinder via the installer or Azure Marketplace.

Use the Wayfinder installer

Use one of the download links below to get the CLI (see Get the CLI for details), and then follow the instructions in Installing Wayfinder.

Install via Azure Marketplace

Follow the instructions in Install via Azure Marketplace.

Bugs fixed

  • [1227] DNS zone resource group not deleted in Azure
  • [1330] First SSO user is not promoted to admin if SSO is configured after install
  • [1081] Upgrade installation fails when Assignable Network exists

Release v1.4.0


Install Wayfinder

You can install Wayfinder via the installer or Azure Marketplace.

Use the Wayfinder installer

Use one of the download links below to get the CLI (see Get the CLI for details), and then follow the instructions in Installing Wayfinder.

Install via Azure Marketplace

Follow the instructions in Install via Azure Marketplace.

New features and notable changes

  • Wayfinder can now be installed via the Microsoft Azure Marketplace.
  • Improved package management to provision workload identities and watch Wayfinder resources, allowing for automated reconfiguration when those resources change
  • Added a quick start guide for workspaces
  • New cloud account management UI
  • Added dark mode to the UI

Bugs fixed

  • [WF-1211] Strange behavior on drop-down when selecting EKS Node Pool Machine Types
  • [WF-1202] "Back to workspaces" can take user to non-existing workspace
  • [WF-1201] Wayfinder admin cannot get Workspace UI setup endpoint
  • [WF-1190] Package deployment issues related to namespace availability
  • [WF-1142] Built-in policy changes are not cleanly applied
  • [WF-362] Correct StackDriver logging text
  • [WF-848] Fix issues with advanced options when creating a cluster from the UI
  • [WF-1134] Fix issues with selecting/editing quota limits when creating a cluster from the UI
  • [WF-1140] Wayfinder install when using a wf-install.yaml uses the cluster named in the file
  • [WF-1151] Provisioning certificate during install retries error
  • [WF-1152] Better messaging when failing to register CRDs
  • [WF-1168] Provide default CIDR for simplified install
  • [WF-1191] Fix defaults for quota limit template

Release v1.3.0


See Get the CLI for instructions.

Notable changes and enhancements

Package Management

We implemented a number of package management enhancements, listed below. For more information, see Packages and Package Installation.

  • Create the CRD for Repository & Global Helm Repository
  • Create API Handlers for Repostory & Global Repostory Resources
  • Surface Package releases to the UI in Workspaces
  • Administrative view of global packages (UI)
  • Show Helm Packages within Workspace (UI)
  • Improve handling of in-cluster dependency versions

Configuration

  • Add a 'Quick setup' page to guide administrators to the areas they need to configure
  • Allow configuration of IDP after install
  • Remove CLI create cloudcredential and UI manual credential creation - use wf setup cloudidentity and wf setup roles instead
  • Improve "setup roles --remove" instructions when dropping a shared account

Installer

  • Check cert is ready before deploying Wayfinder
  • Add new simple install option with sane defaults for a test instance of Wayfinder
  • Support automatic DNS names for zero-DNS configuration install
  • Add JSON output for installer fields to allow programattic handling of the installed Wayfinder
  • Improve retry logic in installer due to connection refused errors (particularly on Azure)

Miscellaneous

  • Allow user to change their password through the UI
  • UI: Improve status icons
  • UI: Hide 'Expose application via ingress' on cluster owner's view of tenant namespaces
  • Add cloud account information to ClusterAllocation objects
  • Show user that is the subject of a session in the wf sessions CLI command
  • Add maximum estimated cost functionality (back-end support, alpha feature)

Bugs fixed

  • [WF-1138] Auth-proxy web hooks service not updated on upgrade
  • [WF-1130] Fix GCP install failures due to network not ready
  • [WF-1129] Pushing new packages to clusters before charts image is available causes upgrade failures
  • [WF-1120] Ensure we don't cause the creation of multiple secrets when ensuring service acccounts
  • [WF-1094] Continually ensure (rather than just create) the OIDC provider configuration for EKS
  • [WF-1093] Incorrect OIDC thumbprint causes AWS EKS cloud identity to fail when AWS renew OIDC TLS certs
  • [WF-1082] Azure - Selecting a stage during cluster creation causes error
  • [WF-1054] Cannot edit owner group ID on Azure Org in UI
  • [WF-1038] Autoscaler workload identity not deleted on cluster deletion
  • [WF-973] Fix --disable-idp apiserver crashloop backoff
  • [WF-963] Cluster autoscaler tag key incorrect on management cluster nodes
  • [WF-960] Fix wf get clusters not working correctly in some multi-tenancy situations
  • [WF-959] Multi-tenant cluster showed in both managed and shared cloud accounts in tenant workspace
  • [WF-920] Network Policy generated by 'expose via ingress' incorrect if port != targetPort on cluster IP service
  • [WF-679] Fix panic on wf setup cloudidentity --remove on Azure if identity/account doesn't exist
  • [WF-663] Fix prompt for wf setup roles for a shared account in UI
  • [WF-645] Cloud provider selection results in infinite loading for non-admins in UI
  • [WF-586] No error displayed when selecting to autoprovision DNS zone without a stage on UI
  • [WF-361] Fix creation of child zones of GCP DNS parent zone

Release v1.2.1


See Get the CLI for instructions.

Bugs fixed

  • [WF-978] Increase memory limit for cert-manager to address issues on AWS EKS clusters
  • [WF-833] Switch user's profile when running wf login
  • [WF-905] UI: Fix 'Upgrade' button on GCP GKE clusters

Release v1.2.0


See Get the CLI for instructions.

New features and notable changes

Multi-tenant clusters

The introduction of multi-tenancy in Wayfinder means multiple workspaces can now share a single cluster as tenants. Tenants can manage their own namespaces in the shared cluster, but cannot access cluster-wide resources.

Wayfinder comes pre-configured with RBAC and policies that model common ways of working with multi-tenant clusters, and provides tools to let you set up guardrails for what tenants can do in your cluster. You can manage access, security, and fair allocation of cluster resources.

For detailed information, see Managing Multi-tenant Clusters.

Minor improvements

  • [WF-925] Usability improvements for CLI docker image - you can now immediately issue wf commands if you bind WAYFINDER_SERVER and WAYFINDER_TOKEN environment variables into the container, e.g. docker run -e WAYFINDER_SERVER -e WAYFINDER_WORKSPACE -e WAYFINDER_TOKEN quay.io/appvia-wayfinder/cli:v1.2.0 wf get clusters -w test
  • [WF-838] Multi-tenancy policy - prevent host path access using existing PVs
  • [WF-837] Multi-tenancy policy - prevent privileged PSP access with RoleBinding to ClusterRoles
  • [WF-835] Multi-tenancy policy - prevent privileged PSP access with namespaced Role
  • [WF-420] Multi-tenancy policy - prevent most cluster wide RBAC access in multi-tenant cluster

Bugs fixed

  • [WF-866] Improve certificate management in the install flow
  • [WF-918] Retry if concurrent GCP project policy updates call failures in wf setup roles
  • [WF-823] Correct ingress namespace on 'Expose application via ingress'
  • [WF-822] wf get clusters should default to showing both shared (MT) and owned clusters
  • [WF-801] Prevent patch commands from circumventing in-cluster policy
  • [WF-777] wf setup roles --remove on GCP does not remove project/org policy assignments for service accounts
  • [WF-715] Validate OpenID Discovery URL when not configured
  • [WF-697] Improve terminology around min/max network ranges in NetworkFabric API
  • [WF-691] Member count in tab is not updated when adding members to a workspace

Release v1.1.2


See Get the CLI for instructions.

Bugs fixed

  • [WF-592] 'error generating link' instead of invite link after creating new workspace for members
  • [WF-643] wf create stage fails with operation not permitted on the resource
  • [WF-454] Improve cluster expiration support - now a TTL instead of a date/time.
  • [WF-642] Estimated and actual cost improvements/fixes
  • [WF-723] Workspace deletion timing issue
  • [WF-725] Limit cluster name to 10 characters to prevent issues with long-named cloud resources
  • [WF-779] Improve the 'Disable IDP' flow in the installer

Release v1.1.1


See Get the CLI for instructions.

Bugs fixed

  • [WF-689] An upstream issue with GCP where the master control plane was failing on 'regular' channel due to an unsupported version.

Release v1.1.0


See Get the CLI for instructions.

New features and notable changes

Private Cluster Support

Wayfinder supports provisioning private clusters in all three cloud vendors, automatically managing the network connectivity required to place workloads off public networks. With the use of peering rules administrators can define how they wish their networks to be connected.

For detailed information, see:

Bugs fixed

  • [WF-615] Directly attached domains not propagating to the in-cluster services (cert-manager / external-dns)
  • [WF-527] Installer for Azure prompting for availability zones even when non-interactive was set
  • [WF-651] Rendering of the workspace members and roles displaying 'unknown' on the CLI
  • [WF-654] UI incorrectly showing the admin workspace
  • [WF-646] Installer for Azure throws an error when trying to install into a region with only one availability zone (i.e., ukwest)

Release v1.0.3


See Get the CLI for instructions.

Bugs fixed

  • [WF-480] Issue with the vnet id used in Azure
  • [WF-480] The IDP client id supplied is not passing validation checks
  • [WF-606] Fixes an issues when multiple instances of Wayfinder is installed in the same account and roles clash
  • [WF-617] Fixed an issue where user roles in th wf access cluster were showing up twice
  • [WF-618] Adding dependency checks on the components during the install
  • [WF-621] Bumped the version of ExternalDNS to chart v6.1.1

Release v1.0.2


See Get the CLI for instructions.

Bugs fixed

  • [WF-462] Caching issue in the deletion of nodepools via UI
  • [WF-444] Installer failed to remove error condition when issue resolved
  • [WF-437] A finalizer is not correctly added
  • [WF-435] Issue with pod security policy and CoreDNS
  • [WF-434] Under certain conditions an issue can cause a memory violation
  • [WF-414] Cluster plans do not correctly show when a references object does not exist
  • [WF-410] Issue with behaviour when more than one DNSZone allocated to a cluster
  • [WF-399] Console/UI does not work without oauth provider configured
  • [WF-387] Encrypt emails in keygen for trial accounts
  • [WF-360] A ctrl-d during wf access cluster can cause EOF error

Release v1.0.1


See Get the CLI for instructions.

Bugs fixed

The following bugs were fixed:

  • [WF-360] Bug in the CLI when hitting ctrl-c early in wf access cluster
  • [WF-399] When users bypass configuration of oauth on wf install, UI now checks for authentication methods available
  • [WF-410] Issue caused by multiple domains attached to the same cluster
  • [WF-411] Using incorrect resourcegroup name on Azure managed accounts
  • [WF-414] Association between cluster plans and naming rules error
  • [WF-434] Bug associated to OIDC deletion in EKS cluster
  • [WF-435] Pod security policy fix added for EKS clusters on management plane
  • [WF-437] Bug in the patching on Helm releases which caused unnecessary reconciliations
  • [WF-438] When using Helm packages the URL was not passed into the HelmRelease, so users weren't able to use repositories within wf-manager namespace

Release v1.0.0


CLI

See Get the CLI for instructions.

New features and notable changes

Installation and upgrades

  • With this release automated installation and upgrades come out of the box.
  • The automated install is available in all three cloud vendors and is opinionated to ensure the management plane is securely configured.
  • Going forward this will be the official upgrade path - enabling customers to ensure rigor around upgrades and migrations.

Clusters

  • Automated cluster upgrades:
    • Removing the hassle of keeping the cluster up to date, this feature introduces a toggle and configurable maintainance window. This allows customers to have a policy for upgrading clusters at the plan or workspace level. When a new release is published by the cloud vendor, Wayfinder will automatically upgrade the controlplane and all nodepools during the maintenance window.
  • Clusters plans:
    • The templates for clusters have all been revamped into a concrete type.
    • Where previous installations used an embedded schema per cloud vendor, we have normalized the commonality between cloud vendors so fields are deduplicated, and where not available, introduced providerDetails field in both nodepools and clusters for cloud specific options. The change keeps the cluster plans, compact, easy to read and removes much of the cloud complexity by harmonizing on the feature rather than options.
    • Cluster policy has been placed inline with the cluster plan, this fits neatly with the ability to 'allocate' plans to workspaces.

Policy, roles, and permissions

  • Introduction of development stages:
    • Wayfinder has introduced stages to provide the platform information on the intended use for resources, for example for production, development, CI, etc. This allows customers and us to make intelligent decisions around how those resources should be managed. You can use stages to:
      • Target policy/compliance at specific stages (prod, nonprod).
      • Provide context to assumption policies, i.e, allowing those policies to 'know' if permissions are going to affect a production resource.
  • Role assumption policies:
    • The feature still allows for a colllection of constraints around when, how and why a user is permitted to escalate permissions, but the policies themselves have had a makeover, and have been made readable.
  • Cloud Managed Roles (AWS only):
    • While using the account automation feature, Wayfinder platform administrators may create and deliver roles to managed cloudaccounts (such as Readonly, Support Requests).
    • Using the same mechanics of role assumption, workspace members (and Wayfinder admins) can assume these roles via wf access cloudaccount or wf access cloudaccount --portal.
    • The feature can also be used for short-term CLI access to cloud accounts (aws cli, terraform for example).
  • Dynamic permission profiling:
    • With dynamic profiling robot accounts can now learn their permissions and ensure that those permission granted are only those required and nothing more.
    • While the permissions can be profiled, they cannot conflict with security policy-any permissions learned must still comply with cluster policies.
    • Boundary roles also exist that allow customers to control what can and can't be learned during the profiling time frame.
  • Policy now supports match and expressions selectors:
    • Allows for finer grain controls over how policies are distributed to clusters.
    • Permits customers to make those distribution decisions based on context (which stage, environment, provider, etc.).
  • Following on from the above, the namespace selectors on policies have been upgraded to use label selector. This allows quick tweaks to influence policy across the namespaces easily.

Other

  • Packages and applications deployment:
    • Beyond using the resource type for our own installations, customers can now levarage the Package CRD and its global counterpart to install Helm charts across the estate.
    • These can be targeted by labels at one or more clusters (based on provider, stages or custom labels for example).
  • Managed DNS Domains and automated child domains:
    • This is the ability to provide globally managed DNS domains, allocate these domains to workspaces, and automate the the creation of subdomains to clusters.
    • It means that out of the box we can start serving traffic.
    • Workspaces can self-serve their own domains.
  • Revamped GUI:
    • We've redesigned Wayfinder's user interface.
    • We've also surfaced more of the resources available in the CLI into the UI.
  • Trial licencing:
    • Prompted during the automated install, customers coming to Wayfinder can obtain a time-limited licence to run the platform.
    • Note that after the licence expires all infrastructure will stay in place, no features are dropped, but the platform loses the ability to create new resources.
  • Workspaces have replaced teams. Previous installations of Wayfinder placed the team as the logical container for clusters.

Deprecated features

  • Container builds and registry management has been removed as a feature of Wayfinder.