v2.5.1-tf.1

Release v2.5.1-tf.1

Upgradeable Versions: v2.4.6-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases

Major New Features in v2.5

New UI navigation structure

This release introduces new, clearer navigation to the UI. Clusters can now be found in both workspace and administrative sections, allowing workspace members to see their own clusters.

Changelog

Wayfinder changes:

• [WF-3838] ✨ Support for 'user defined routing' outbound type on Azure AKS clusters
• [WF-3929] ✨ Add estimated cost for control plane cost for Azure 'paid' SKU clusters
• [WF-3855 / WF-3856] ✨ Provide a set of environment variables to deployed apps describing the runtime environment provided by Wayfinder
• [WF-3890] ✨ Allow AppEnvs to specify a reference to a CloudAccessConfig (needed where more than one cloud access configuration is provided to a workspace for a given stage)
• [WF-3540] ✨ Narrow the permissions required for GCP roles
• [WF-3947] ✨ Remove support for legacy auth proxy (this was replaced by our new kube proxy component in v2.4)
• [WF-3896] ✨ Add validation to Peering resources if directly applied
• [WF-3970] ✨ Improve validation of cloudaccessconfig types
• [WF-3943] 🐛 UI - Show dependency errors consistently on delete
• [WF-3945] 🐛 Ensure app components are successfully deleted if their owning app is deleted
• [WF-3949] 🐛 Ensure workspace owners can delete their own workspaces

Terraform Infrastructure changes:

• Bump the EKS Cluster version to v1.27
• Bump the EKS Addon minor versions by 1

Required Actions

There are no required actions for this release when upgrading from one of the listed upgradeable versions.

v2.4.6-tf.1

Release v2.4.6-tf.1

Upgradeable Versions: v2.4.5-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases

Changelog

Wayfinder changes:

• [WF-3792] ✨ CLI - Add wf logs command to follow and view Wayfinder logs
• [WF-3969] ✨ UI - Remove the downloaded wf.tgz in the CLI download tip
• [WF-3944] ✨ Restrict cloud access configuration in workspaces to Wayfinder admins
• [WF-3977] 🐛 UI - Fix incorrect cluster in access cluster modal
• [WF-3968] 🐛 UI - Show correct value for number of clusters using a clusternetworkplan
• [WF-3990] 🐛 Fix AKS node pool OS type handling
• [WF-3950] 🐛 Allow non-admins to perform cost estimates and retrieve metadata for building clusters
• [WF-3926] 🐛 Enforce correctly against deployments when preventing use of cert-manager labels

Terraform Infrastructure changes:

• None

Required Actions

There are no required actions for this release when upgrading from one of the listed upgradeable versions.

v2.4.5-tf.1

Major New Features in v2.4

Cross-cloud Web Identity support

• With credential-free access to AWS, Azure and GCP, you can now use Wayfinder's web identity to authenticate Wayfinder into your entire cloud estate, regardless of the cloud in which Wayfinder is hosted (installed)
• Benefits of credential-free access:
  • When hosted in AWS use an AWS IAM role for Service Account (IRSA) identity to give Wayfinder access to AWS accounts, Azure subscriptions and GCP projects.
  • When hosted in Azure use Entra (formerly Azure AD) Workload Identity to give Wayfinder access to Azure subscriptions, AWS accounts and GCP projects
  • When hosted in GCP use GCP Workload Identity to give Wayfinder access to GCP projects, AWS accounts and Azure subscriptions
• Complete overhaul of UI to guide and validate the configuration of cloud access and generate the YAML for your CI process
• New, simplified version of the CloudIdentity and CloudAccessConfig resources to make the configuration clearer and more readable

New Kubernetes API proxy for managed clusters

• Provides a consistent API to access clusters managed by Wayfinder without needing direct network connectivity
• Allows full access to API of managed clusters via UI, subject to your configured access policies:
  • UI now uses same RBAC as wf access cluster - request access to clusters as you need them right from UI, subject to the same policies that govern all cluster access
  • Much improved pod log support with dynamic filtering and following
  • Shell support to exec into pods for debugging, provided user has an access policy permitting this
• Full TLS verification when accessing clusters via kubectl
• Removes need for an authentication load balancer for each cluster, reducing cluster costs
• Provides same IP address filtering as existing auth proxy
• As all access is made via Wayfinder's API, cluster access is audited as per all other Wayfinder operations
• Existing auth proxy deprecated and disabled by default in new installs, support for it for existing installs will be removed in an upcoming release

New troubleshooting section

• Provides access to Wayfinder's own controller, API, kube proxy and webhook logs from UI
• Tail and filter logs to debug isuses with your configuration

IMPORTANT: Required Actions

• The Wayfinder Instance ID is now a required variable which must be supplied to the module. This is provided to you by Appvia with the licence key. You can find out what your instance ID is by running wf serverinfo, or alternatively contact Appvia Support. The Terraform variable to set is wayfinder_instance_id.
• Due to recreation of cloud identities coupled with an upgrade of EKS from v1.25 to v1.26, you may encounter a Cycle error in the Terraform Plan. You can work around this by setting the cluster_version Terraform variable to 1.25, run the terraform actions, and then remove the variable to allow the management cluster to upgrade to v1.26.

Changelog

• Wayfinder v2.4 by @KashifSaadat in #39
• Update to Wayfinder v2.4.5, improve peering acceptor role by @mrsheepuk in #45

Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases

v2.3.4-tf.2

What's Changed

• Allow passing in IAM Roles to add to the AWS Auth ConfigMap. by @KashifSaadat in #32

v2.3.4-tf.1

What's Changed

• Update to Wayfinder v2.3.4 (small patch release resolving an issue with the auth proxy load balancer in EKS Clusters)
• Grant the iam:CreateServiceLinkedRole permission to Wayfinder on the NetworkManager Role, required when using Peering (AWS Transit Gateway Attachments) in a new account where the relevant Service Linked Role does not already exist.

Full Changelog: v2.3.3-tf.2...v2.3.4-tf.1

v2.3.3-tf.2

What's Changed

• Wait for initialisation job to complete on install by @mrsheepuk in #26
• Add support to create a local admin user, make IDP configuration optional by @KashifSaadat in #27
• Update with quickstart example, and make instance id a required variable. by @KashifSaadat in #28
• Fix issue with regeneration of localadmin password by @KashifSaadat in #29

New Contributors

• @mrsheepuk made their first contribution in #26

Full Changelog: v2.3.3-tf.1...v2.3.3-tf.2

v2.3.3-tf.1

What's Changed

• Upgrade Wayfinder v2.3.3 by @vaijab in #25

Full Changelog: v2.3.2-tf.1...v2.3.3-tf.1

v2.3.2-tf.1

What's Changed

• Wayfinder v2.3.2 by @KashifSaadat in #24

Full Changelog: v2.3.1-tf.1...v2.3.2-tf.1

v2.3.1-tf.1

What's Changed

• Upgrade Wayfinder v2.3.1 by @vaijab in #23
• Product release notes: https://docs.appvia.io/wayfinder/releases#release-v231

New Contributors

• @vaijab made their first contribution in #23

Full Changelog: v2.3.0-tf.1...v2.3.1-tf.1

v2.3.0-tf.1

What's Changed

• Add a README for the example deployment by @KashifSaadat in #21
• Wayfinder v2.3.0 by @KashifSaadat in #22
• Product release notes: https://docs.appvia.io/wayfinder/releases#release-v230

Full Changelog: v2.2.1-tf.2...v2.3.0-tf.1