Releases: kyma-project/api-gateway
2.11.3
New Features
- Implement a watch mechanism to ensure that DNSEntry is up to date with the IP and host of the
istio-ingressgatewayservice (#1834). - Decrease the default reconciliation time to safeguard against possible scheduling errors (#1759).
Full changelog: 2.11.2...2.11.3
3.0.1
New Features
- Enhance watch mechanism to reconcile on changes of istio-ingressgateway Service #1801
Full changelog: 3.0.0...3.0.1
3.0.0
Release 3.0.0 of the API Gateway module introduces APIRule CustomResourceDefinition (CRD) in the stable version v2 based on Istio.
The new CRD allows you to expose your workloads using one of the three supported access strategies: jwt, noAuth, and extAuth. The noAuth access strategy provides a simple configuration for exposing workloads over the specified HTTP methods. The jwt access strategy allows you to secure your workload by defining Istio JWT configuration and the extAuth access strategy allows for providing custom authentication and authorization logic.
Migration Timeline for SAP BTP, Kyma Runtime
The API Gateway module in version 3.0.0 is scheduled to be rolled out to the fast channel on March 5, 2025, and to the regular channel on March 31, 2025.
APIRule CR in version v1beta1 has been deprecated and will be removed on May 12, 2025. Version v2alpha1, introduced for testing purposes, becomes deprecated on March 31, 2025, and is scheduled to be removed on June 16, 2025. For more information, see APIRule migration - timelines.
Migration Procedure
You must migrate all your APIRules to version v2.
To migrate APIRules from version v2alpha1 to version v2, update the version in your APIRule CRs’ metadata.
To migrate APIRules from version v1beta1 to v2, follow the procedure described in the blog posts APIRule migration - noAuth and jwt handlers and APIRule migration - Ory Oathkeeper based OAuth2 handlers. See Changes Introduced in APIRule v2. Since the APIRule CRD v2alpha1 is identical to v2, the migration procedure from version v1beta1 to version v2 is the same as from from version v1beta1 to version v2alpha1.
Full changelog: 2.11.2...3.0.0
2.10.5
Bug Fixes
We have reverted the previously released fix for issue #1632 because it added an additional AuthorizationPolicy with action ALLOW, which was difficult to override.
Full changelog: 2.10.4...2.10.5
2.11.2
Bug Fixes
We have reverted the previously released fix for issue #1632 because it added an additional AuthorizationPolicy with action ALLOW, which was difficult to override.
Full changelog: 2.11.1...2.11.2
2.11.1
Bug Fixes
We've fixed the issue where a workload exposed via a v2alpha1 APIRule was not accessible from within the cluster.
Full changelog: 2.11.0...2.11.1
2.10.4
Bug Fixes
We've fixed the issue where a workload exposed via a v2alpha1 APIRule was not accessible from within the cluster.
Full changelog: 2.10.3...2.10.4
2.11.0
New Features
- Introduce Istio based local rate limit, configurable with the new RateLimit custom resource #1365
Full changelog: 2.10.3...2.11.0
2.10.3
New Features
If you expose a path using a wildcard pattern, now you can also expose the same path without including the trailing slash. For example, if you have a rule that exposes example.com/path/*, you can also expose example.com/path without the slash at the end. (#1625)
Bug Fixes
We’ve changed the hardcoded algorithm from RSA256 to RS256. This change ensures that JWT tokens are processed correctly by the Ory Oathkeeper, resolving the error message signing key 'XXX' declares unsupported algorithm "RSA256". (#1647)
Full changelog: 2.10.2...2.10.3
2.10.2
New Features
- We've implemented a faster requeue when the error
object has been modifiedoccurs #1496 - We've added full support for special characters in asterisk paths #1569
Full changelog: 2.10.1...2.10.2