Skip to main content
Version: 1.6

Older releases

Release v1.2.1


See Get the CLI for instructions.

Bugs fixed

  • [WF-978] Increase memory limit for cert-manager to address issues on AWS EKS clusters
  • [WF-833] Switch user's profile when running wf login
  • [WF-905] UI: Fix 'Upgrade' button on GCP GKE clusters

Release v1.2.0


See Get the CLI for instructions.

New features and notable changes

Multi-tenant clusters

The introduction of multi-tenancy in Wayfinder means multiple workspaces can now share a single cluster as tenants. Tenants can manage their own namespaces in the shared cluster, but cannot access cluster-wide resources.

Wayfinder comes pre-configured with RBAC and policies that model common ways of working with multi-tenant clusters, and provides tools to let you set up guardrails for what tenants can do in your cluster. You can manage access, security, and fair allocation of cluster resources.

For detailed information, see Managing Multi-tenant Clusters.

Minor improvements

  • [WF-925] Usability improvements for CLI docker image - you can now immediately issue wf commands if you bind WAYFINDER_SERVER and WAYFINDER_TOKEN environment variables into the container, e.g. docker run -e WAYFINDER_SERVER -e WAYFINDER_WORKSPACE -e WAYFINDER_TOKEN quay.io/appvia-wayfinder/cli:v1.2.0 wf get clusters -w test
  • [WF-838] Multi-tenancy policy - prevent host path access using existing PVs
  • [WF-837] Multi-tenancy policy - prevent privileged PSP access with RoleBinding to ClusterRoles
  • [WF-835] Multi-tenancy policy - prevent privileged PSP access with namespaced Role
  • [WF-420] Multi-tenancy policy - prevent most cluster wide RBAC access in multi-tenant cluster

Bugs fixed

  • [WF-866] Improve certificate management in the install flow
  • [WF-918] Retry if concurrent GCP project policy updates call failures in wf setup roles
  • [WF-823] Correct ingress namespace on 'Expose application via ingress'
  • [WF-822] wf get clusters should default to showing both shared (MT) and owned clusters
  • [WF-801] Prevent patch commands from circumventing in-cluster policy
  • [WF-777] wf setup roles --remove on GCP does not remove project/org policy assignments for service accounts
  • [WF-715] Validate OpenID Discovery URL when not configured
  • [WF-697] Improve terminology around min/max network ranges in NetworkFabric API
  • [WF-691] Member count in tab is not updated when adding members to a workspace

Release v1.1.2


See Get the CLI for instructions.

Bugs fixed

  • [WF-592] 'error generating link' instead of invite link after creating new workspace for members
  • [WF-643] wf create stage fails with operation not permitted on the resource
  • [WF-454] Improve cluster expiration support - now a TTL instead of a date/time.
  • [WF-642] Estimated and actual cost improvements/fixes
  • [WF-723] Workspace deletion timing issue
  • [WF-725] Limit cluster name to 10 characters to prevent issues with long-named cloud resources
  • [WF-779] Improve the 'Disable IDP' flow in the installer

Release v1.1.1


See Get the CLI for instructions.

Bugs fixed

  • [WF-689] An upstream issue with GCP where the master control plane was failing on 'regular' channel due to an unsupported version.

Release v1.1.0


See Get the CLI for instructions.

New features and notable changes

Private Cluster Support

Wayfinder supports provisioning private clusters in all three cloud vendors, automatically managing the network connectivity required to place workloads off public networks. With the use of peering rules administrators can define how they wish their networks to be connected.

For detailed information, see:

Bugs fixed

  • [WF-615] Directly attached domains not propagating to the in-cluster services (cert-manager / external-dns)
  • [WF-527] Installer for Azure prompting for availability zones even when non-interactive was set
  • [WF-651] Rendering of the workspace members and roles displaying 'unknown' on the CLI
  • [WF-654] UI incorrectly showing the admin workspace
  • [WF-646] Installer for Azure throws an error when trying to install into a region with only one availability zone (i.e., ukwest)

Release v1.0.3


See Get the CLI for instructions.

Bugs fixed

  • [WF-480] Issue with the vnet id used in Azure
  • [WF-480] The IDP client id supplied is not passing validation checks
  • [WF-606] Fixes an issues when multiple instances of Wayfinder is installed in the same account and roles clash
  • [WF-617] Fixed an issue where user roles in th wf access cluster were showing up twice
  • [WF-618] Adding dependency checks on the components during the install
  • [WF-621] Bumped the version of ExternalDNS to chart v6.1.1

Release v1.0.2


See Get the CLI for instructions.

Bugs fixed

  • [WF-462] Caching issue in the deletion of nodepools via UI
  • [WF-444] Installer failed to remove error condition when issue resolved
  • [WF-437] A finalizer is not correctly added
  • [WF-435] Issue with pod security policy and CoreDNS
  • [WF-434] Under certain conditions an issue can cause a memory violation
  • [WF-414] Cluster plans do not correctly show when a references object does not exist
  • [WF-410] Issue with behaviour when more than one DNSZone allocated to a cluster
  • [WF-399] Console/UI does not work without oauth provider configured
  • [WF-387] Encrypt emails in keygen for trial accounts
  • [WF-360] A ctrl-d during wf access cluster can cause EOF error

Release v1.0.1


See Get the CLI for instructions.

Bugs fixed

The following bugs were fixed:

  • [WF-360] Bug in the CLI when hitting ctrl-c early in wf access cluster
  • [WF-399] When users bypass configuration of oauth on wf install, UI now checks for authentication methods available
  • [WF-410] Issue caused by multiple domains attached to the same cluster
  • [WF-411] Using incorrect resourcegroup name on Azure managed accounts
  • [WF-414] Association between cluster plans and naming rules error
  • [WF-434] Bug associated to OIDC deletion in EKS cluster
  • [WF-435] Pod security policy fix added for EKS clusters on management plane
  • [WF-437] Bug in the patching on Helm releases which caused unnecessary reconciliations
  • [WF-438] When using Helm packages the URL was not passed into the HelmRelease, so users weren't able to use repositories within wf-manager namespace

Release v1.0.0


CLI

See Get the CLI for instructions.

New features and notable changes

Installation and upgrades

  • With this release automated installation and upgrades come out of the box.
  • The automated install is available in all three cloud vendors and is opinionated to ensure the management plane is securely configured.
  • Going forward this will be the official upgrade path - enabling customers to ensure rigor around upgrades and migrations.

Clusters

  • Automated cluster upgrades:
    • Removing the hassle of keeping the cluster up to date, this feature introduces a toggle and configurable maintainance window. This allows customers to have a policy for upgrading clusters at the plan or workspace level. When a new release is published by the cloud vendor, Wayfinder will automatically upgrade the controlplane and all nodepools during the maintenance window.
  • Clusters plans:
    • The templates for clusters have all been revamped into a concrete type.
    • Where previous installations used an embedded schema per cloud vendor, we have normalized the commonality between cloud vendors so fields are deduplicated, and where not available, introduced providerDetails field in both nodepools and clusters for cloud specific options. The change keeps the cluster plans, compact, easy to read and removes much of the cloud complexity by harmonizing on the feature rather than options.
    • Cluster policy has been placed inline with the cluster plan, this fits neatly with the ability to 'allocate' plans to workspaces.

Policy, roles, and permissions

  • Introduction of development stages:
    • Wayfinder has introduced stages to provide the platform information on the intended use for resources, for example for production, development, CI, etc. This allows customers and us to make intelligent decisions around how those resources should be managed. You can use stages to:
      • Target policy/compliance at specific stages (prod, nonprod).
      • Provide context to assumption policies, i.e, allowing those policies to 'know' if permissions are going to affect a production resource.
  • Role assumption policies:
    • The feature still allows for a colllection of constraints around when, how and why a user is permitted to escalate permissions, but the policies themselves have had a makeover, and have been made readable.
  • Cloud Managed Roles (AWS only):
    • While using the account automation feature, Wayfinder platform administrators may create and deliver roles to managed cloudaccounts (such as Readonly, Support Requests).
    • Using the same mechanics of role assumption, workspace members (and Wayfinder admins) can assume these roles via wf access cloudaccount or wf access cloudaccount --portal.
    • The feature can also be used for short-term CLI access to cloud accounts (aws cli, terraform for example).
  • Dynamic :
    • With dynamic profiling robot accounts can now learn their permissions and ensure that those permission granted are only those required and nothing more.
    • While the permissions can be profiled, they cannot conflict with security policy-any permissions learned must still comply with cluster policies.
    • Boundary roles also exist that allow customers to control what can and can't be learned during the profiling time frame.
  • Policy now supports match and expressions selectors:
    • Allows for finer grain controls over how policies are distributed to clusters.
    • Permits customers to make those distribution decisions based on context (which stage, environment, provider, etc.).
  • Following on from the above, the namespace selectors on policies have been upgraded to use label selector. This allows quick tweaks to influence policy across the namespaces easily.

Other

  • Packages and applications deployment:
    • Beyond using the resource type for our own installations, customers can now levarage the Package CRD and its global counterpart to install Helm charts across the estate.
    • These can be targeted by labels at one or more clusters (based on provider, stages or custom labels for example).
  • Managed DNS Domains and automated child domains:
    • This is the ability to provide globally managed DNS domains, allocate these domains to workspaces, and automate the the creation of subdomains to clusters.
    • It means that out of the box we can start serving traffic.
    • Workspaces can self-serve their own domains.
  • Revamped GUI:
    • We've redesigned Wayfinder's user interface.
    • We've also surfaced more of the resources available in the CLI into the UI.
  • Trial licencing:
    • Prompted during the automated install, customers coming to Wayfinder can obtain a time-limited licence to run the platform.
    • Note that after the licence expires all infrastructure will stay in place, no features are dropped, but the platform loses the ability to create new resources.
  • Workspaces have replaced teams. Previous installations of Wayfinder placed the team as the logical container for clusters.

Deprecated features

  • Container builds and registry management has been removed as a feature of Wayfinder.