From db88328b0aaccf7f65a0046632aa616cc19f4f62 Mon Sep 17 00:00:00 2001 From: Jason Madigan Date: Tue, 10 Dec 2024 14:36:25 +0000 Subject: [PATCH] Kuadrant v1 blog post Signed-off-by: Jason Madigan --- src/blog/kuadrant-v1.md | 97 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 src/blog/kuadrant-v1.md diff --git a/src/blog/kuadrant-v1.md b/src/blog/kuadrant-v1.md new file mode 100644 index 0000000..487463f --- /dev/null +++ b/src/blog/kuadrant-v1.md @@ -0,0 +1,97 @@ +--- +title: Kuadrant v1 +date: 2024-11-28 +author: Jason Madigan +--- + +**Update:** Kuadrant [v1.0.1](https://github.com/Kuadrant/kuadrant-operator/releases/tag/v1.0.1) is now available, with some small bugfixes. + +## Kuadrant v1! + +We're thrilled to announce the release of Kuadrant [v1.0.0](https://github.com/Kuadrant/kuadrant-operator/releases/tag/v1.0.0)! This marks a major milestone in the Kuadrant project after its recent acceptance into [CNCF's sandbox](https://www.cncf.io/sandbox-projects/). + +### What is Kuadrant? + +Kuadrant is a set of Kubernetes-native controllers, services, and APIs that provide gateway policies for existing [Gateway API](https://gateway-api.sigs.k8s.io/) providers in both single and multi-cluster environments. It builds on top of Kubernetes [Gateway API](https://gateway-api.sigs.k8s.io/) and technologies such as Istio and Envoy to introduce provider-agnostic Gateway Policies for Kubernetes. + +### Why v1 Matters + +Reaching v1 signifies our project's stability, maturity, and production-readiness. With v1, we believe Kuadrant is now ready to power key workloads in Kubernetes environments. + +### What's new in v1? + +Here are some key highlights from this release: + +#### CRD Graduation to v1 + +`AuthPolicy`, `DNSPolicy`, `RateLimitPolicy`, and `TLSPolicy` have now graduated to `v1` in their CRDs, signalling their readiness for production use. We now consider these APIs stable, and commit to enabling migration paths in subsequent API upgrades. + +See the following documentation for API reference and usage examples: + +- `AuthPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/auth/) +- `DNSPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/dns/) +- `RateLimitPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/rate-limiting/) +- `TLSPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/tls/) + + +#### CEL Support +[CEL](https://cel.dev/) (Common Expression Language) is now supported for [`AuthPolicy`](https://github.com/Kuadrant/authorino/blob/main/docs/features.md#common-feature-common-expression-language-cel) and [`RateLimitPolicy`](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/reference/ratelimitpolicy/#predicate) predicates, enabling more flexible and expressive configuration for both policy types. + + +#### On-cluster DNS Health Checks + +TBD https://github.com/Kuadrant/dns-operator/issues/141 + +#### Policy Machinery Integration + +Our core components now implement [policy-machinery](https://github.com/Kuadrant/policy-machinery), providing a powerful way to calculate and visualise the "state of the world" for policy-attachment based policies on Kubernetes clusters. No more guessing where policies and their behaviours originate from. Policy machinery and visualisation through the console plugin make it easier than ever to reason about policy effects, behaviours and origins. + +#### Shift to the Sail Operator + +With v1, we recommend installing Istio using the new Istio [Sail Operator](https://istio.io/latest/blog/2024/introducing-sail-operator/) instead of `istioctl`. Our guides and documentation for getting started have been amended to incorporate this change. + + +#### Envoy Gateway support + +TBD + +#### WASM-based Auth + +TBD https://github.com/Kuadrant/wasm-shim/pull/92. + +Previously, [Authorino](https://github.com/Kuadrant/authorino) (which implements `AuthPolicy`), used an Istio [AuthorizationPolicy](https://istio.io/latest/docs/reference/config/security/authorization-policy/) as a mechanism to provide authorization in the request flow. As of v1, this mechanism has been replaced with an [EnvoyFilter](https://istio.io/latest/docs/reference/config/networking/envoy-filter/) and [WASM](https://github.com/Kuadrant/wasm-shim). + +#### SectionName Support + +Added support for [SectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.SectionName) throughout our policy set, allowing users to apply policies to specific sections of Gateways. + +#### New Console Plugin + +For [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) / [OKD](https://okd.io/) console users, a new Console Plugin is available for managing policies and visualising [policy-machinery](https://github.com/Kuadrant/policy-machinery) "state of the world". We plan to make some of this functionality available through other means for Kubernetes users in the near future. + + +#### Other, smaller changes + +In addition to the above, many more smaller fixes and enhancements are captured by our [release changelogs](https://github.com/Kuadrant/kuadrant-operator/releases/tag/v1.0.0)). Take a look at our associated component release notes too for smaller changes not covered in detail here. + +### Components in this release + +The individual components that make up this release of the Kuadrant Operator: + +| **Component** | **Version** | +|---------------------|---------------------------------------------------------------------------------------------------| +| Authorino Operator | [v0.16.0](https://github.com/Kuadrant/authorino-operator/releases/tag/v0.16.0) | +| Limitador Operator | [v0.12.1](https://github.com/Kuadrant/limitador-operator/releases/tag/v0.12.1) | +| DNS Operator | [v0.12.0](https://github.com/Kuadrant/dns-operator/releases/tag/v0.12.0) | +| WASM Shim | [v0.8.1](https://github.com/Kuadrant/wasm-shim/releases/tag/v0.8.1) | +| Console Plugin | [v0.0.14](https://github.com/Kuadrant/console-plugin/releases/tag/v0.0.14) | + +### Thank you and how to get involved + +We are always looking for ways to extend the community and encourage contributions. We thank all of our community contributors for helping make v1 happen! + +To find out more and get involved: + +- Check out the [documentation](https://docs.kuadrant.io) +- Explore the Kuadrant [repositories](https://github.com/kuadrant/) +- Engage with the [community](https://kuadrant.io/community/)