Skip to main content

Release Notes

Supported versions

This page provides release notes for supported versions of Wayfinder.

For information on Wayfinder release cadence and support lifecycle, see:

Install Wayfinder

You can install Wayfinder via the provided Terraform Modules.

Wayfinder is free to use for 30 days (you will only incur cloud provider hosting costs). After this period, the trial licence will expire and your testing period ends. Please get in touch at hello@appvia.io to request a trial extension or commercial licence.


Release v2.5.1


Downloads

See Get the CLI for instructions.


New UI navigation structure

This release introduces new, clearer navigation to the UI. Clusters can now be found in both workspace and administrative sections, allowing workspace members to see their own clusters.

New Navigation

Other enhancements and new features

  • [WF-3838] ✨ Support for 'user defined routing' outbound type on Azure AKS clusters
  • [WF-3929] ✨ Add estimated cost for control plane cost for Azure 'paid' SKU clusters
  • [WF-3855 / WF-3856] ✨ Provide a set of environment variables to deployed apps describing the runtime environment provided by Wayfinder
  • [WF-3890] ✨ Allow AppEnvs to specify a reference to a CloudAccessConfig (needed where more than one cloud access configuration is provided to a workspace for a given stage)
  • [WF-3540] ✨ Narrow the permissions required for GCP roles
  • [WF-3947] ✨ Remove support for legacy auth proxy (this was replaced by our new kube proxy component in v2.4)
  • [WF-3896] ✨ Add validation to Peering resources if directly applied
  • [WF-3970] ✨ Improve validation of cloudaccessconfig types

Bug Fixes

  • [WF-3943] 🐛 UI - Show dependency errors consistently on delete
  • [WF-3945] 🐛 Ensure app components are successfully deleted if their owning app is deleted
  • [WF-3949] 🐛 Ensure workspace owners can delete their own workspaces


Release v2.4.6


Downloads

See Get the CLI for instructions.


Enhancements / New features

  • [WF-3792] ✨ CLI - Add wf logs command to follow and view Wayfinder logs
  • [WF-3969] ✨ UI - Remove the downloaded wf.tgz in the CLI download tip
  • [WF-3944] ✨ Restrict cloud access configuration in workspaces to Wayfinder admins

Bug Fixes

  • [WF-3990] 🐛 Fix AKS node pool OS type handling
  • [WF-3977] 🐛 UI - Fix incorrect cluster in access cluster modal
  • [WF-3968] 🐛 UI - Show correct value for number of clusters using a clusternetworkplan
  • [WF-3950] 🐛 Allow non-admins to perform cost estimates and retrieve metadata for building clusters
  • [WF-3926] 🐛 Enforce correctly against deployments when preventing use of cert-manager labels


Release v2.4.5


Downloads

See Get the CLI for instructions.


Enhancements / New features

  • [WF-3928] ✨ Update terranetes (to v0.7.5) to support Azure Workload Identity auth
  • [WF-3926] ✨ Add default policy to allow cert-manager to perform HTTP01 challenges
  • [WF-3888] ✨ Add Azure AKS services network range to cluster spec
    • We recommend updating your existing AKS cluster plans to specify a fixed range to use to assign Kubernetes service IP addresses from.
    • It is safe to use the same range on all your clusters, thus specifying an allocated IP range of type 'Services' is now deprecated on Azure and will be removed in a future release.
  • [WF-3925] ✨ Stop reserving half of the allocated IP range on AKS
    • Previously, the subnet created for an AKS cluster was half the size of the allocated network, with the rest reserved for future use.
    • This is no longer the case, so any new AKS clusters will use the whole allocated range for their subnet.
    • This will not affect any existing clusters.

Bug Fixes

  • 🐛 UI - Address "All" cluster list tab not showing resources on initial navigation
  • [WF-3822 fixup] 🐛 Use workspace list API on users page, fixes invalid context error


Release v2.4.4


Downloads

See Get the CLI for instructions.


Enhancements / New features

  • [WF-3915] ✨ Add support for configuring AWS Transit Gateway routing when peering
  • [WF-3751] ✨ Add PeeringAcceptor permission to cloud access configuration for all clouds
  • [WF-3882] ✨ Ensure cached kubeproxy connections are expired before they time out (prevents occasional 401 errors accessing clusters)
  • [WF-3921] ✨ CLI - Make CLI HTTP client timeout overridable via WAYFINDER_HTTP_CLIENT_TIMEOUT environment variable (set to e.g. 30s)

Bug Fixes

  • [WF-3895] 🐛 Correct handling of 'Not Found' errors in Azure peering provider
  • [WF-3920] 🐛 CLI - Handle resources with a 'nil' common status in wf apply --wait-for-ready
  • [WF-3803] 🐛 Fix over-zealous validation for overlapping peering address ranges
  • [WF-3822] 🐌 Improve performance of workspace overview APIs used by the UI


Release v2.4.3


Downloads

See Get the CLI for instructions.


Cross-cloud Web Identity support

  • With credential-free access to AWS, Azure and GCP, you can now use Wayfinder's web identity to authenticate Wayfinder into your entire cloud estate, regardless of the cloud in which Wayfinder is hosted (installed)
  • Benefits of credential-free access:
    • When hosted in AWS use an AWS IAM role for Service Account (IRSA) identity to give Wayfinder access to AWS accounts, Azure subscriptions and GCP projects
    • When hosted in Azure use Entra (formerly Azure AD) Workload Identity to give Wayfinder access to Azure subscriptions, AWS accounts and GCP projects
    • When hosted in GCP use GCP Workload Identity to give Wayfinder access to GCP projects, AWS accounts and Azure subscriptions
  • Reference public Terraform modules to install Wayfinder with the above identities configured on each cloud (AWS, Azure, GCP)
  • Reference public Terraform modules to provision the required access for Wayfinder to each AWS account, Azure subscription or GCP project
  • Complete overhaul of UI to guide and validate the configuration of cloud access and generate the YAML for your CI process
  • New, simplified version of the CloudIdentity and CloudAccessConfig resources to make the configuration clearer and more readable

Includes the following new features and improvements:

  • [WF-3552] ✨ Add CloudAccessCheck resource to perform a validation flow for cloud identities and permissions
    • [WF-3685] ✨ Validate AWS permissions using SimulatePolicyPrincipal API
    • [WF-3687] ✨ Validate Azure permissions by parsing applied policies
    • [WF-3826] ✨ List missing permissions when permission checks fail on all three clouds
    • [WF-3901] ✨ Ignore AWS organisation 'Service Control Policy' permission failures when assessing role validity on AWS
    • [WF-3769] ✨ Auto-cleanup of old CloudAccessCheck resources once the check is complete
  • Remove dependency on specific naming convetions for:
    • [WF-3783] ✨ CloudAccessConfig resource names
    • [WF-2491] ✨ CloudAccessConfig permission AWS role names
    • ✨ CloudIdentity resource names
  • [WF-3840] ✨ Improved validation of all cloud access properties
  • [WF-3834] ✨ Don't block reconciliation of clusters, networks, DNS zones if cloud access permissions out of date, only if inaccessible
  • [WF-3737] ✨ Add cloud permissions API
    • [WF-3724] ✨ CLI - Add wf describe cloudpermission
  • ✨ Provide reference cloud access Terraform modules that can set up the required access for Wayfinder in your AWS/GCP/Azure accounts:
  • [WF-3746] ✨ CLI - Implement improved wf create cloudidentity and wf create cloudaccessconfig commands
    • ✨ CLI - Add --for-workload-identity flag to wf create cloudidentity to create a cloud identity for the workload identity provided to Wayfinder at install
  • Migrate from deprecated Azure AD Pod Identity to supported Entra (formerly Azure AD) Workload Identity:
    • [WF-3659] ✨ Migrate AKS cluster provider to use new Azure SDK with Azure AD Workload Identity support
    • [WF-3703] ✨ Migrate Azure authentication to use new Azure SDK with Azure AD Workload Identity support
    • [WF-3662] ✨ Migrate Azure DNS provider to use new Azure SDK with Azure AD Workload Identity support
    • [WF-3663] ✨ Migrate WorkloadIdentity controller to provision Entra / Azure AD Workload Identities instead of AzureAD Pod Identities
    • ✨ Migrate Azure network provider to use the new Azure SDK
    • [WF-3664] ✨ Remove AAD Pod Identity package from default packages and install
  • [WF-3674] Removed cloud organisation / cloud account factory support
  • [WF-3550] Removed wf setup cloudaccessconfig and wf setup cloudidentity commands (replaced by the reference Terraform modules and wf create cloudaccesscconfig / wf create cloudidentity)

New Kubernetes API proxy for managed clusters

  • Provides a consistent API to access clusters managed by Wayfinder without needing direct network connectivity
  • Allows full access to API of managed clusters via UI, subject to your configured access policies:
    • UI now uses same RBAC as wf access cluster - request access to clusters as you need them right from UI, subject to the same policies that govern all cluster access
    • Much improved pod log support with dynamic filtering and following
    • Shell support to exec into pods for debugging, provided user has an access policy permitting this
  • [WF-3721] ✨ Full TLS verification when accessing clusters via kubectl
  • Removes need for an authentication load balancer for each cluster, reducing cluster costs
  • Provides same IP address filtering as existing auth proxy
  • As all access is made via Wayfinder's API, cluster access is audited as per all other Wayfinder operations
  • Existing auth proxy deprecated and disabled by default in new installs, support for it for existing installs will be removed in an upcoming release

New troubleshooting section

  • Provides access to Wayfinder's own controller, API, kube proxy and webhook logs from UI
  • Tail and filter logs to debug isuses with your configuration

Improvements and other new features

  • [WF-3901] ✨ Ignore regions which are denied by AWS service control policies in metadata
  • ✨ Add Azure DevOps-compatible WF toolbox image - quay.io/appvia-wayfinder/wftoolboxazdo:v2.4.3
  • [WF-3869] ✨ Allow additional node pools to be specified with zero minimum size
  • [WF-3881] ✨ Support --ca-file on wf login, improve API client logging when used with --verbose
  • [WF-3848] UI - Show message when no IP ranges exist in network range table
  • ✨ Remove persistence of asset identifiers into database (was no longer used/required)
  • [WF-3719] ✨ Support Azure AKS node image security update option
  • [WF-3284] ✨ Remove unused windowduration property from cluster plan
  • [WF-3749] ✨ Show clusters using a given ClusterNetworkPlan in UI
  • [WF-3427] ✨ Allow binding of the same role multiple times to an access token, introduce new assume/assign/kubesessions subresources for consistent web interface and CLI behaviour
  • ✨ CLI - Use new 'assume' subresource in wf access cluster
  • [WF-3793] ✨ Helm chart improvements:
    • Option to generate a single cert
    • Add default CA if secret not provided
    • Remove some unused options
    • [WF-3720] ✨ Allow local logins to be completely disabled
  • [WF-2912, WF-2891] ✨ Use secure, HTTPS-only cookies instead of bearer tokens for UI authentication - allows opening new tabs without re-authenticating and improves security
  • [WF-3717] ✨ Respect upstream IDP refresh tokens if provided - ensures users removed from IDP are blocked as soon as their upstream token indicates expiry
  • ✨ Replace hard-coded default deny network policy with kyverno policy doing the same

Bug Fixes

  • [WF-3904] 🐛 Ensure we only trigger reconciliation of cloudmeta when relevant condition of cloud access changes, not on any update
  • [WF-3612] 🐛 Validate name of environment variables on app components are populated
  • [WF-3493] 🐛 Fix issue handling empty Linux/Windows profile on AKS cluster build (prevented copying default AKS cluster plans)
  • 🐛 Prevent package releases showing 'Success' when required DNS zone dependencies are unmet
  • [WF-3734] 🐛 Ensure cluster exists before pre-cluster deletion logic
  • [WF-3642] 🐛 Cannot edit ClusterPlan if ClusterNetworkPlan disabled
  • [WF-3892] 🐛 CLI - Fix wf create member for usernames containing '@' characters
  • [WF-2560] 🐛 CLI - Set namespace correctly when using wf access namespace
  • 🐛 CLI - Don't refresh tokens if there's no refresh tokens (prevents edge case where lack of refresh token blocks CLI indefinitely)
  • [WF-3564] 🐛 UI - Highlight validation error by navigating to correct pane or scrolling to issue
  • [WF-3680] 🐛 UI - Fix app component list occasionally showing components from other app


Release v2.3.3


Downloads

See Get the CLI for instructions.


Enhancements / New features

  • [WF-3690] ✨ Add namespaceType label to all namespaces managed by Wayfinder in child clusters

Bug Fixes

  • [WF-3691] 🐛 Fix EKS KMS key alias deletion when alias not created
  • [WF-3689] 🐛 Check if assignablenetwork spec has changed when checking for dependencies


Release v2.3.2


Downloads

See Get the CLI for instructions.

Bug Fixes

  • [WF-3682] 🐛 Allow access token network manager roles to manage ClusterNetworks and ClusterNetworkPlans


Release v2.3.1


Downloads

See Get the CLI for instructions.

Notice

Wayfinder now includes a cluster's network configuration within the cluster plan's setup. This streamlines the creation and definition of cluster plans while providing greater transparency regarding the anticipated cluster network assignments when utilising a specific cluster plan. Please be aware that this modification introduces breaking changes, as detailed in the sections below.

Breaking changes

  • NetworkFabricPlan renamed to ClusterNetworkPlan - update your CI definitions, existing ones will be migrated.
  • NetworkFabric renamed to ClusterNetwork
  • AssignableNetwork 'Stages' property deprecated in favour of a single 'Stage' - update your CI definitions, existing ones will be migrated.

Action required

  • If you have any existing NetworkFabricPlan resources stored in a repository, you must migrate those to use the new API type. To do this:

    • Change the kind from NetworkFabricPlan to ClusterNetworkPlan
    • Remove any 'spec.allocation' - cluster network plans are now implicitly available via the allocation of cluster plans.
    • If using assignable networks, specify which assignable networks to use by populating spec.assignableNetworks (previously this implicitly used all configured ranges)
    • Post upgrade, ensure that you update Wayfinder CLI to v2.3.1 locally and in CI
  • To use EKS secrets encryption, the following additional IAM permissions are required for Wayfinder's ClusterManager role to manage KMS keys for EKS:

      - kms:CreateKey
    - kms:ScheduleKeyDeletion
    - kms:TagResource
    - kms:CreateAlias
    - kms:DeleteAlias
    - kms:UpdateAlias
    - kms:ListKeys
    - kms:ListAliases
    - kms:DescribeKey
    - kms:ListResourceTags

Alterations to existing CLI behaviour

  • wf apply --diff no longer supported. Use wf diff command instead.
  • If differences are found with wf diff command, then it will now exit with 0, unless you run it with --fail-on-diff flag.

Cluster networking (Bug Fixes / New Features)

  • [WF-3250] ✨ Rename NetworkFabric and NetworkFabricPlan to ClusterNetwork and ClusterNetworkPlan in API
  • [WF-3250] ✨ Deprecate 'Stages' on an AssignableNetwork, only support a single 'Stage' (existing AssignableNetworks will be migrated)
  • [WF-3524] ✨ Migrate existing NetworkFabrics and NetworkFabricPlans to ClusterNetworks and ClusterNetworkPlans
  • [WF-3397] ✨ Add NetworkAllocations and status to ClusterNetworkPlan API object
  • [WF-3411] ✨ Remove allocations from ClusterNetworkPlan spec
  • [WF-3410] ✨ Improve Assignable Network validation
    • [WF-3414] ✨ Check for collisions when creating assignable networks
    • 🐛 Fix incorrect validation error index on overlapping assignable network ranges
  • [WF-3383, WF-3418, WF-3419] ✨ Provide networking details, capacity information and validation on the status of ClusterNetworkPlans
    • ✨ Make cluster network plan controller less stateful and more deterministic
  • [WF-3416] ✨ Validate ClusterNetworkPlans for assigned ranges and fixed IPs
  • [WF-3412, WF-3415] ✨ Validate that network ranges removed from plans are not in use
  • [WF-3580] 🐛 Perform network ranges size validation per provider and range type
    • [WF-3581] ✨ Correct array notation on invalid CIDR block size validation message
    • [WF-3582] 🐛 Don't continue with range validation if invalid CIDRs are specified
  • [WF-3567] ✨ Block deletion of ClusterNetworkPlan if cluster networks referencing it exist
  • [WF-3383] ✨ Add API endpoint to describe a network from a proposed spec
  • [WF-3621] ✨ Don't allow a cluster network plan to be deleted if cluster networks reference it
  • [WF-3421, WF-3467] ✨ Use only the AssignableNetworks specified on a ClusterNetworkPlan when allocating IPs to new networks
  • [WF-3660] ✨ Remove default assignable networks and make default plans editable (our default plans will no longer be provided in v2.4, in favour of example plans)

  • [WF-3608] ✨ UI - Tweaks to cluster network table
  • [WF-3611] ✨ UI - conditionally display network details
  • ✨ UI - Update cluster network plan view mode from old style
  • [WF-3577] ✨ UI - Cluster networking - remove VPC & subnets radio + copy change
  • [WF-3381] ✨ UI - Add cluster network list to cluster networking page
  • [WF-3578] 🐛 UI - Fix for incorrect error message toast displaying when saving a cluster plan
  • [WF-3210] ✨ UI - show network description when creating a ClusterNetworkPlan
  • [WF-3572] 🐛 UI - Show service field for azure on assignable network form
  • [WF-3576] ✨ UI - After adding a new cluster network plan, make it the selected one by default
  • [WF-3579] 🐛 UI - Fix breadcrumb on cluster network plan page
  • [WF-3565] ✨ UI - Move IP address ranges (and the management of) to updated Cluster networking page
  • [WF-3538] ✨ UI - Update cluster networking page to use update cluster network plan form
  • [WF-3517] ✨ UI - Implement cluster network plan form (via cluster plan)
  • [WF-3210] ✨ UI - Implement updated networking tab on cluster plan form
  • [WF-3522] 🐛 UI - Update Network assignments page to use stage property (rather than stages)

EKS Encryption (New Feature)

EKS clusters now support enabling AWS's EKS secrets encryption. This can be enabled in cluster settings and cluster plans for EKS. Enabling it will cause a new KMS key to be created for a new cluster, and that cluster configured to use it for envelope encryption of Kubernetes secrets. This can only be enabled on new clusters at this time.

  • [WF-3503] ✨ Implement optional secrets envelope encryption for EKS
  • [WF-3502] ✨ Add API support for EKS secrets encryption
  • [WF-3508] ✨ Validate EKS encryption settings as immutable
  • [WF-3504] ✨ UI - Add configuration of EKS encryption
  • [WF-3505, WF-3507] ✨ Populate EKS encryption status and show on UI
  • [WF-3506] ✨ Turn on EKS secrets encryption by default in the eks-hardened plan

Misc (Bug Fixes / New Features)

  • [WF-3463] ✨ Validate stage deletion - block if cloud access configs, global DNS zones or clusters exist in the stage
  • [WF-3596] ✨ Update auth proxy HorizontalPodAutoscaler to API version v2 (required for K8S v1.26)
  • [WF-3598] ✨ Allow --force to override delete dependency checks
  • [WF-3599] ✨ Add 'localadmin' user management to helm chart values
  • [WF-3568] 🐛 Fix workspace occasionally going to 'Success' status before all elements are ready
  • [WF-3485] 🐛 Use high (but not system) priority level for Kyverno package (allows install on GCP)
  • [WF-3494] 🐛 Reconcile app DNS zones when the status of a global DNS zone changes (addresses race condition causing delayed DNS configuration where global DNS zone added and applications already exist)
  • [WF-3571] 🐛 Ensure 'create' API operations cannot overwrite existing resources
  • [WF-3566] 🐛 Fix regression in GCP service account handling for Workload Identity
  • [WF-3147] 🐛 Update the ingress-nginx package to apply the correct flags
  • ✨ UI - Display dependency errors on deletion
  • ✨ UI - Attempt to display underlying error messages from API where structured error handling fails
  • [WF-3280] 🐛 / ✨ UI - Hide delete action when resource is already deleting
  • [WF-3518] 🐛 UI - Fix error deleting cluster created from app env which no longer exists
  • [WF-3633] 🐛 UI - Fix error creating a new, blank GKE cluster plan
  • [WF-3498] ✨ CLI - Remove wf apply --diff option (use wf diff instead)
  • [WF-3499] ✨ CLI - Make wf diff exit 0 if differences found unless run with --fail-on-diff
  • [WF-3535] 🐛 CLI - Validate workspace/name on get cloudaccessconfigdependents
  • [WF-3495] 🐛 CLI - Make deploy --wait-for-ready only wait for the components being deployed
  • [WF-3516] 🐛 CLI - Correct ClusterNetworkPlan and KubernetesUpdate CLI resource types
  • [WF-3279] 🐛 CLI - Improve error message for wf delete with a non-existent object
  • [WF-3466] 🐛 CLI - Add missing --force, --owner, --dry-run and --no-wait flags to wf delete cluster command


Release v2.2.1


Downloads

See Get the CLI for instructions.

Enhancements / New features

  • [WF-3405] ✨ Verify referenced container secrets and component image pull secrets are present when using wf deploy
  • [WF-3511] ✨ Update wftoolbox docker image - add 'bash', update kubectl to v1.25.12 and kustomise to v5.1.1

Bug Fixes

  • [WF-3516] 🐛 Correct client-side validation of NetworkFabricPlan and KubernetesUpdate resources with wf apply
  • [WF-3501] 🐛 CLI - Correct name column and add username column for wf get users
  • [WF-3520] 🐛 CLI - Support --plan in wf create appcomponent
  • [WF-3514] 🐛 UI - Allow editing of quota limits for multi-tenant namespaces
  • [WF-3519] 🐛 UI - show the replicas value correctly on existing application components


Release v2.2.0


Downloads

See Get the CLI for instructions.

Important notes - actions required on upgrade from 2.1 to 2.2
  1. The 'components' field of the Application CRD has been deprecated in favour of a dedicated new AppComponent resource. All existing Applications will be migrated on upgrade with AppComponents created automatically. If you are managing your Applications from an external source via wf apply, you should update these definitions.

  2. Kubernetes v1.24 has reached the end of its support window, so in Wayfinder v2.2 new clusters must use (at minimum) v1.25. Please review any existing cluster plans which specify v1.24 and update to v1.25 or later before upgrading.

Application Component enhancements

With this release, we have enhanced the configurability of application components to allow many more use cases to be served. Retaining the simplicity of the defaults, you can optionally now provide more advanced configuration:

  • Specify multiple containers
  • Specify specific user and group IDs to execute as
  • Provide environment variables and image pull secrets from existing secrets
  • Override entry point and arguments for the containers
  • Specify multiple ports to expose on a service, and choose which one to expose externally
  • Specify custom labels to be applied to all deployed resources

Underlying this change, we have introduced a new AppComponent resource. The container definition uses the same fields and values as Kubernetes' own container definition, meaning if you graduate to managing your own manifests, the definition should be immediately familiar.

Enhancements / New features

  • [WF-3271 / WF-3202] ✨ Add dedicated resource for AppComponent and migrate components from existing Applications
  • [WF-3392] ✨ Update Kyverno scheduling priority to avoid risk of it being pre-empted in a cluster
  • [WF-3058] ✨ CLI - Add delete confirmation for clusters, namespaces and applications with components
  • [WF-2507] ✨ CLI - Enhance wf help get and wf help delete to list all resource types
  • [WF-3056] ✨ CLI - Validate field keys in wf apply so it errors if unknown/invalid fields are included in an applied file
  • [WF-3017] ✨ CLI - Make wf create user --dry-run consistent with other create commands
  • [WF-3015] ✨ CLI - Make wf create namespace --dry-run consistent with other create commands
  • [WF-3238] ✨ UI - Show warning prompt when attempting to delete a global DNS zone
  • [WF-3292] ✨ UI - Update admin side menu so plans are all in one place
  • [WF-3257] ✨ UI - Give a useful error message when trying to enable/disable plans
  • [WF-3205] ✨ UI - Update cluster plan form to use vertical tabs for sections

Bug Fixes

  • [WF-3386] 🐛 Wait 5 minutes for packages in deleting clusters to be deleted, then continue with cluster deletion
  • [WF-3212] 🐛 Use correct release name when removing helm release from the cluster
  • [WF-3138] 🐛 Fix DNS zone tags
  • [WF-3236] 🐛 Ensure cluster status correctly reflects cluster updates
  • [WF-3293] 🐛 CLI - Fix no --output flag causing validate error on wf create namespace
  • [WF-3232] 🐛 CLI - Set export and eject directory and file perms
  • [WF-3171] 🐛 UI - Make Package / Cluster update button clearer, don't show on superceded updates
  • [WF-3363] 🐛 UI - Fix channel/version issue when saving a copied cluster plan
  • [WF-3240] 🐛 UI - Cluster deletion message shows undefined
  • [WF-3367] 🐛 UI - Make Workspace table text visible in dark mode if not a member of any workspaces
  • [WF-3364] 🐛 UI - Ensure CIDR length is a number before posting
  • [WF-3197] 🐛 UI - Make sure admins can access users page of workspaces they don't own


Release v2.1.2


Downloads

See Get the CLI for instructions.


Enhancements / New features

  • [WF-3196] ✨ Implement app DNS for app-envs on multi-tenant clusters

Bug fixes

  • [WF-3230] 🐛 Allow creation of an app if you have a multi-tenant cluster shared with your workspace, even if no cloud access configured
  • [WF-3226] 🐛 Mutate on an empty values object when no package values supplied by user
  • [WF-3219] 🐛 Allow Wayfinder itself to make changes to clusters when a plan-policy prevents users from making those changes, allowing it to manage versions
  • [WF-3200] 🐛 UI - Make labels editable/uneditable correctly on cluster plan/settings form
  • [WF-3186] 🐛 UI - Allow user to navigate directly to a namespace resource tab
  • [WF-3215] 🐛 Create and manage package updates respecting the package selectors, clear defunct updates on package delete, and fix CLI cluster column on package updates
  • [WF-3187] 🐛 Correctly remove detargeted clusters and namespaces when updating global cluster policies
  • [WF-3199] 🐛 UI - Remove erroneous uniqueness validation on workspace key when updating a workspace
  • [WF-3170] 🐛 CLI - Don’t update object if unchanged in wf edit
  • [WF-3172] 🐛 Fix for custom package Repositories
  • [WF-2862] 🐛 CLI - Allow cascading deletion of Global DNS Zones


Release v2.1.1


Downloads

See Get the CLI for instructions.


Important note - action required on upgrade from 2.0 to 2.1

With this release, we have aligned the 'version' property of clusters and cluster plans with the values supported natively by the cloud providers. On AWS, this means that the version property must now be set to a Kubernetes major.minor (such as 1.24), as EKS does not support setting a full patch version (such as 1.24.11).

Any existing AWS EKS clusters will have their spec automatically migrated to the correct major.minor after Wayfinder is upgraded (this will not cause any changes to the cluster in AWS).

Any custom EKS cluster plans which specify a version must be updated to the desired major.minor version after Wayfinder is upgraded. If this action is not completed, the plan will not be usable for new clusters.


Support for Kubernetes v1.25

Wayfinder 2.1 introduces support for Kubernetes v1.25 on all three cloud providers.

  • [WF-3133] ✨ Update default Kubernetes version on all three clouds to v1.25 for new clusters
  • [WF-3191] ✨ Align Kubernetes version handling with the cloud-provider supported syntax for all three clouds:
    • AWS: Only major.minor (e.g. 1.25) now supported - previously the patch version was allowed to be specified, but would be ignored
      • Any existing clusters which specify a full version on their spec will be migrated to major.minor.
      • See action required above - any existing cluster plans which specify major.minor.patch (e.g. 1.25.1) must be updated to a major.minor (e.g. 1.25) after upgrading to v2.1.
    • Azure: Only major.minor.patch (e.g. 1.25.1) supported (no change)
    • GCP: major.minor (e.g. 1.25), major.minor.patch (e.g. 1.25.1), and major.minor.patch-gkepatch (e.g. 1.25.1-gke.1500) supported
    • Cluster plans and clusters are now validated against these syntaxes and against supported versions
  • [WF-2843, WF-2771] ✨ Update dependencies to support K8S v1.25:
    • Cert Manager (v1.9.1 to v1.12.0)
    • External DNS (v6.2.4 to v6.20.3)
    • Ingress-NGINX (v4.2.0 to v4.6.1)
    • Kyverno (v2.6.5 to v2.7.3)
    • Terranetes Controller (v0.4.2 to v0.6.8 - including setting MSI details when deploying on Azure)
    • Amazon EKS: Tigera Operator (v3.23.2 to v3.25.1)
    • Amazon EKS: Metrics Server (v3.8.2 to v3.10.0)
    • Amazon EKS: Cluster Autoscaler (v9.21.0 to v9.29.0)
    • Amazon EKS: EBS CSI Driver (v2.18.0 to v2.19.0)
    • Azure AKS: AAD Pod Identity (v4.1.12 to v4.1.17)

Enhancements / New features

  • [WF-3069] ✨ Add wf diff command, align behaviour with kubectl diff
  • [WF-2946] ✨ Add EKS image field to node pool, allowing selection of any supported EKS image type
  • [WF-2921] ✨ Reduce scope of AWS security group ports for private clusters to the minimum required
  • [WF-3145] ✨ Show package release in action required, rather than pending, state if cluster in error state
  • [WF-3073] ✨ Remove overbearing client-side finalizer validation from wf apply (allows wf get -o yaml to be piped to wf apply -f -)
  • [WF-2825] ✨ Ensure updates to container registry secrets are distributed when the secret itself is updated
  • [WF-3080] ✨ Add more useful messages to package validation indicating how to set version correctly
  • [WF-3090] ✨ Improve wf export to only export configmaps and secrets for workspace namespaces
  • [WF-3081] ✨ Exclude AuditEvents from wf export (these are not resources so cannot be exported in this manner)
  • [WF-3037] ✨ Improve headers for wf get nodepool output
  • [WF-2635] ✨ Display multiple server-side errors nicely in a single toast
  • [WF-3190] ✨ Add requests for Wayfinder resources to the helm chart
  • [WF-3048, WF-3049] ✨ Add support for reconciliation pausing, add pause/resume reconciliation CLI commands

App, component and app environment improvements:

  • [WF-3030] ✨ Add available ingress classes to appenv status and use in manifest generation
    • This allows custom ingress controller deployments to be detected and used when generating manifests for app components
  • [WF-2982] ✨ Improve example deploy commands in "How to deploy" modal
  • [WF-2557, WF-2672] ✨ Block cluster deletion if there are existing appenvs, unless delete cascaded
    • This prevents appenvs causing clusters to be re-created after deletion
  • [WF-3074, WF-2908] ✨ Improve wf deploy / wf deploy component help text

Bug fixes

  • [WF-3071] 🐛 Ensure Node Pool updates are only generated for immutable changes to the node pool definition
    • This unblocks making non-immutable changes to node pools, which could become stuck previously
  • [WF-3079] 🐛 Correct generated secret name for helm releases that use custom secrets
  • [WF-2893] 🐛 Remove owner (if applicable) when a member is removed from workspace
  • [WF-2893] 🐛 Fix various quirks with workspace users page
  • [WF-3094] 🐛 Ensure cluster plan labels are saved correctly
  • [WF-2999] 🐛 Clean up form errors (duplicate toasts etc.)
  • [WF-3067] 🐛 Fix application component key validation/generation with max-length keys
  • [WF-3063] 🐛 Use appenv metadata.name when looking up the env - addresses not being able to deploy to an env if it had the same name as the app
  • [WF-2937] 🐛 Show access rather than deploy command for components of type OwnManifest
  • [WF-2931] 🐛 Fix deploy --eject for apps with ownmanifests components
  • [WF-3036] 🐛 Fix app list empty row in dark mode
  • [WF-2671] 🐛 Improve default input variable handling on cloud resource plans
  • [WF-3077] 🐛 Ensure empty-both-sides pass plan validation on cloud resource component updates in apps
  • [WF-3107] 🐛 Support valuesFrom prefix and suffix on all package values and perform deep JSON merges on the values to allow configuration of complex structures
  • [WF-3125] 🐛 Add permissions allowing Azure clusters to use internal load balancers
  • [WF-3211] 🐛 Ensure app environments don't block deletion of clusters on cluster expiry
  • [WF-2751] 🐛 / ✨ Ensure defaults passed to CloudResourcePlan on creation


Release v2.0.5


Downloads

See Get the CLI for instructions.


Enhancements / New features

  • [WF-3020] ✨ Make --dry-run on wf create workspace consistent with other commands
  • [WF-2772] ✨ Remove superseded un-applied package updates when newer updates are generated
  • [WF-2434] ✨ Add Application/Cloud Resource Plan policy validation
  • [WF-2844] ✨ Improve generic error handling across UI
  • [WF-2996] ✨ Allow admins to use wf export to export secret data for backup purposes
  • [WF-2892] ✨ Ensure disabled/deleted users are immediately blocked
  • [WF-2949] ✨ Add --diff flag to wf apply to show changes that will be applied
  • ✨ Improve description of network plan AWS specific fields

Bug fixes

  • [WF-3042] 🐛 Ensure deleted namespace claims are reconciled by container registry controller
  • [WF-2968] 🐛 Ensure cluster list is using unique key + tests
  • [WF-2939] 🐛 Ensure quotes in environment variables are handled correctly when generating app manifests
  • [WF-2966] 🐛 Ensure node pool fields are editable when editing from cluster plan / creating a cluster
  • [WF-2964] 🐛 Allow creation of clusters without a channel and validate channels are valid when specified
  • [WF-3004] 🐛 Ensure underlying namespace is deleted cleanly before removing namespace claim, and show meaningful error when the deletion is blocked
  • [WF-3007] 🐛 Fix specifying multiple node pool instances types in EKS
  • [WF-2989] 🐛 UI - Fix navigation into workspaces as admin when not a member of any workspaces
  • [WF-2993/2952] 🐛 Cluster page package list errors when the cluster has no channel


Release v2.0.4


Downloads

See Get the CLI for instructions.


Bug fixes

[WF-2988] 🐛 Fix nodepool panic if cluster deleted rapidly after creation (#5042)



Release v2.0.3


Downloads

See Get the CLI for instructions.


important note

In this release, we have introduced separate packages for public and private ingress which target different labels. In order to ensure existing clusters keep their public ingress, before upgrading, edit any existing clusters that you wish to keep public ingress controller in and add the label appvia.io/ingresspublic: "true". This is added by default in our standard plans so any new clusters will have that by default. If you have any custom plans, ensure those have the label added as follow:

apiVersion: compute.appvia.io/v2beta1
kind: ClusterPlan
spec:
template:
clusterLabels:
appvia.io/ingresspublic: "true"

You can enable private/internal ingress in a similar manner in a plan or on a cluster with the label appvia.io/ingressinternal: "true"


New features

  • [WF-2905] ✨ Use metadata.name for application name in side nav and application list
  • [WF-2866] ✨ Add internal ingress controller for private clusters
  • [WF-2762] ✨ Use availability zones to set subnets and NAT gateways (AWS)
  • [WF-2797] ✨ Show the user that something is happening when they decide to delete their application
  • [WF-2819] ✨ Do not create cloud access configurations as part of install
  • [WF-2735] ✨ Add owner flag to delete and edit commands
  • [WF-2851] ✨ Show Wayfinder instance identifier with wf serverinfo
  • [WF-2717] ✨ Only show enabled clouds on cloud access screen
  • [WF-2828] ✨ Ignore unparseable files and don't get secrets in wf apply
  • [WF-2827] ✨ Implement 'wf dump' command to output Wayfinder configuration to disk
  • [WF-2796] ✨ Hide internal implicit groups
  • [WF-2279] ✨ Add UI for network plans
  • [WF-2791] ✨ Use user's group memberships in UI to display/hide sections
  • [WF-2812] ✨ Add region label to network fabric
  • [WF-2812] ✨ Add region label to Cluster
  • [WF-2756] ✨ Cluster plan UI - make network fabric plan configurable
  • [WF-2779] ✨ Make wf apply --dry-run consistent with kubectl apply --dry-run
  • [WF-2760] ✨ Add fields for network understanding
  • [WF-2764] ✨ Upgrade flux helm machinery, and make configurable
  • [WF-2577] ✨ Add wf follow command to watch resources to success/completion
  • [WF-2753] ✨ Show more useful details for own-manifest components
  • [WF-2632] ✨ Improve messaging when trying to create an application with no clouds enabled
  • [WF-2615] ✨ Allow app environments to be re-ordered (UI)
  • [WF-2701] ✨ Implement initial deployment dashboard
  • [WF-2594] ✨ Improve copy in cloud identity UI
  • [WF-2829] ✨ Add network policies for component-to-component dependencies in generated app manifests
  • [WF-2954] ✨ Freeze opinion-default packages and cluster policies if updated
  • [WF-2660] ✨ Implement whitelist annotation to ingress in generated app manifests
  • [WF-2521] ✨ Add validation for whitelist field on component form
  • [WF-2874] ✨ Strip dashes from AWS account ID on cloud configuration UI
  • [WF-2929] ✨ UI: remove strange transition on TLS/expose switches in app
  • [WF-2944] ✨ Don't block cloud access if role hash is out of date
  • [WF-2899] ✨ Add availability zone ID support to AWS VPCs / network plans
  • [WF-2733] ✨ UI - Move networking stuff into developer self service menu
  • [WF-2718/WF-1603] ✨ Validate cluster versions against what we support
  • [WF-2637/WF-2763/WF-2759] ✨ Improvements to networkfabrics and assignablenetworks
  • [WF-2875/WF-2894/WF-2895] ✨ Support internal and external ingress on the same cluster
  • ✨ Re-reconcile action required cloud access configs every 30s
  • ✨ Enable container registy controller

Bug fixes

  • [WF-2896] 🐛 Dark mode obscures workspace selection
  • [WF-2879] 🐛 Fix merge order for cluster/network plan to spec, preventing plan overriding cluster spec
  • [WF-2901] 🐛 Cluster Creation, Cloudwatch logs not labelled correctly
  • [WF-2903] 🐛 Corrected small and large QuotaLimits for all EKS plans
  • [WF-2880] 🐛 Remove mask columns from UI (no longer on the spec)
  • [WF-2846] 🐛 Validate disabled network plans
  • [WF-2741] 🐛 Some routes break the back button (UI)
  • [WF-2719] 🐛 Correct user and admin counts in platform setup
  • [WF-2827] 🐛 UI doesn't handle nil value of TLS field in container component
  • [WF-2766] 🐛 Fix for users not showing in user search filter on audit page
  • [WF-2857] 🐛 Don't expose disabled network fabric plans to the cluster plan form
  • [WF-2863] 🐛 Add missing validation for workspace key
  • [WF-2742] 🐛 Remove old robot illustrations
  • [WF-2861] 🐛 Helm versions like 3.0.0-alpha.2-1 throw a validation error
  • [WF-2833] 🐛 Pods ready show undefined when ready replicas is nil
  • [WF-2757] 🐛 Show error and message from status (not just from conditions) on Cluster status page
  • [WF-2822] 🐛 Fix Cluster Plan enable and disable
  • [WF-2727] 🐛 Correct prompt for create admin cloudaccessconfig
  • [WF-2815] 🐛 Improve error messaging in the case of network fabric failures
  • [WF-2785] 🐛 Don't error if AWS IAM policy in use when removing IAM roles
  • [WF-2813] 🐛 Fix installer and AWS network validation
  • [WF-2810] 🐛 Do not overwrite default assignable networks if updated by users
  • [WF-2813] 🐛 Improve validation of network subnets for AWS
  • [WF-2809] 🐛 Fix AWS Transit Gateway attachments
  • [WF-2138] 🐛 Report on failed networks in cluster status
  • [WF-2788] 🐛 Can't deploy app if image tag is a number
  • [WF-2755] 🐛 Version unset when editing cluster plan
  • [WF-2807] 🐛 Allow users with viewall or workspace viewer groups to see apps and enabled clouds in workspaces
  • [WF-2783] 🐛 Show dependency deletion errors for workspace delete (UI)
  • [WF-2734] 🐛 Ensure modals do not get overlapped by any other element
  • [WF-2538] 🐛 Allow user to edit workspace once selected when creating a cluster
  • [WF-2750] 🐛 Return an understandable error if the component doesn't exist on a deploy
  • [WF-2740] 🐛 Ensure user can see what the current status of the Workspace is (e.g. if it's currently being deleted)
  • [WF-2558] 🐛 Unable to add new owners to workspaces
  • [WF-2782] 🐛 Ensure all non-success roles requeue the cloud access config
  • [WF-2730] 🐛 Show correct name for node pools in CLI
  • [WF-2745] 🐛 Fix viewing Users in access policies
  • [WF-2754] 🐛 Allow setup cloudidentity to be re-run, improve error messages
  • [WF-2725] 🐛 Improve validation in setup cloudaccess to prevent errors
  • [WF-1609] 🐛 Improve retry logic in install flow to prevent retryable errors failing the install
  • [WF-2728] 🐛 Correct stage on aws-prod assignable network
  • [WF-2578] 🐛 Fix user count on Wayfinder groups page
  • [WF-2681] 🐛 Omit applying org bindings when preparing GCP service accounts in setup identity/cloudaccessconfig unless required
  • [WF-2703] 🐛 Correct cloudaccessmanager IAM role
  • [WF-2468] 🐛 Display quota limit management tab correctly on cluster screens
  • [WF-2945] 🐛 Unable to set machine type on new node pools
  • [WF-2948] 🐛 Ensure node pools are deleted in cloud when removed from cluster spec
  • [WF-2944] 🐛 Add describe keys permission to EKS cluster manager role
  • [WF-2821] 🐛 Only users with correct access policies should see create access token button
  • [WF-2956] 🐛 Node pool form - fix AMI config visibility in dark mode
  • [WF-2907] 🐛 Heading colour fix in dark mode
  • [WF-2942] 🐛 Fix/improve package updates
  • [WF-2950] 🐛 UI - Ensure version mapping happens correctly on cluster update
  • [WF-2832] 🐛 wf get appenv should return the spec.name of the env not metadata.name
  • [WF-2878] 🐛 UI - TLS value should be based on both container expose and TLS values
  • [WF-2978] 🐛 Fix role binding names for non-lower-case usernames
  • [WF-2979] 🐛 Fix appenv de-referencing in wf deploy app
  • [WF-2957] 🐛 UI - Workspace selector CSS fixes
  • [WF-2535] 🐛 Delete accessrolebindings when associated accessrole is deleted
  • [WF-2732/WF-2731] 🐛 UI - Add default network config and copying plan button
  • [WF-2743/WF-2744] 🐛 Fix broken access policy links
  • 🐛 Ensure deepcopys are performed correctly in cluster operators
  • 🐛 Log as progress, not warning, when endpoint not ready in auth proxy (expected situation)
  • 🐛 Allow workspace viewers to list members
  • 🐛 Remove incorrect Network Fabric CLI resource column
  • 🐛 Correct Peering Rule CLI columns
  • 🐛 Fix AWS Network Manager role typo


Release v2.0.2


Downloads

See Get the CLI for instructions.