Kalm 0.1.0

New features

• Supports the creation and auto renewal of wildcard SSL certificates via "Let's encrypt".
• Support added for allocating user and group permissions. Kalm administrators can now create, manage, and impersonate permissions for Kalm users. Much of the client manager logic was refactored to support this feature. Kalm implements its own RBAC and authentication logic instead of using Kubernetes's. Read more at https://kalm.dev/docs/next/auth/overview.
• Support added for OAuth Refresh Tokens. When the id_token is expired but the refresh_token is still valid, Auth Proxy supports refreshing id_token when requests come. This allows Kalm administrators to set a shorter id_token validity time, useful for quickly expiring user accounts that have lost permissions.
• An access tab was added to the component form, which can manage authentication and authorization.
• Support added for configuring Cross-Origin Resource Sharing (CORS) in http route form

Refactoring

• [Dashboard] Migrated to React Final Form from Redux From / Formik
• [Dashboard] Migrated to Immer from Immutable.js
• [Dashboard] Componentization and code splitting (Forms / Tables / Labels / Validators).
• [Api] Use zap logger

Dependency

• Upgraded Istio from version 1.6.1 to version 1.7.3

Miscellaneous

• Fixed excessively strict incidental resource restrictions #138
• Fixed an error involving https redirection that changed the original route matching path to "/"
• Fixed a dashboard error that displayed an incorrect UI status in the volumes tab of the component form

Migration Guide

Compared with the alpha5 version, this version has a lot of changes, including CRD changes. Therefore, it is not recommended to upgrade directly from alpha5 to v0.1.0. If there is not too much workload within your cluster, it is recommended that you install 0.1.0 directly on a new cluster.

However, you can still try to upgrade manually. Here are the steps:

1. Update to the new version

# update operator deployment to new version
kubectl edit deploy -n kalm-operator kalm-operator

# change image tag to v0.1.0
image: kalmhq/kalm-operator:v0.1.0

# save and exit

# update operator-config to the new version
kubectl patch kalmoperatorconfigs -n kalm-operator $(kubectl get kalmoperatorconfigs.install.kalm.dev -n kalm-operator -o jsonpath="{.items[0].metadata.name}") --type json -p='[{"op": "replace", "path": "/spec/kalmVersion", "value": "v0.1.0"}]'

2. Recreate the deployment key

Due to the refactor of the Kalm authentication system, the underlying permission logic of the Deploy key has been changed. Therefore, there is no suitable way to automatically migrate. All Deploy Keys created before will become invalid, so you need to recreate the deploy token(deploy key was renamed deploy token) with the corresponding permissions in the Kalm dashboard, then modify the value of the token in your CI pipeline.

After all deploy keys have been migrated to deploy tokens, the old deploy keys can be deleted via kubectl delete crd deploykeys.core.kalm.dev

Release v0.1.0-alpha.5

Summary

1. Fix invalid storage class name bug
2. Logging system https://kalm.dev/docs/guide-logging-for-kalm

How to update

1. Update kalm-config by running

kubectl patch kalmoperatorconfigs -n kalm-operator $(kubectl get kalmoperatorconfigs.install.kalm.dev -n kalm-operator -o jsonpath="{.items[0].metadata.name}") --type json -p='[{"op": "replace", "path": "/spec/kalmVersion", "value": "v0.1.0-alpha.5"}]'

Release v0.1.0-alpha.4

Summary

1. Frontend: Refactor table and misc changes

2. A bug may cause kalm-controller working incorrectly when deleting routes.

3. Use refresh_token to refresh id_token in SSO component auth-proxy.

4. AuthProxy supports transparent transmission of requests that have bearer token.

5. More secure kalm permissions. The port with administrator rights is extracted, and currently it only starts at localhost:3010. So the port-forward command also changes.

   kubectl port-forward -n kalm-system $(kubectl get pod -n kalm-system -l app=kalm -ojsonpath="{.items[0].metadata.name}") 3010:3010
   

6. Registry password won't pass to frontend any more for safety reason.

How to update

1. Update kalm-operator by running

kubectl patch deployment kalm-operator -n kalm-operator --type json -p='[{"op": "replace", "path": "/spec/template/spec/containers/1/image", "value": "kalmhq/kalm-operator:v0.1.0-alpha.4"}]'

2. Update kalm-config by running

kubectl patch kalmoperatorconfigs -n kalm-operator $(kubectl get kalmoperatorconfigs.install.kalm.dev -n kalm-operator -o jsonpath="{.items[0].metadata.name}") --type json -p='[{"op": "replace", "path": "/spec/kalmVersion", "value": "v0.1.0-alpha.4"}]'

3. Delete deprecated route [Optional]

The webhook route is no longer used. It can be deleted safely.

v0.1.0-alpha.3

1. Add image convertor to change image to azure china dns.
2. Misc changes.

Alpha Version 2

This is the first release of kalm. Basic functions have been basically stable. This release is mainly to test whether the tag-based release process is correct.