Releases: appvia/terraform-aws-wayfinder
v2.9.6-tf.1
Release v2.9.6-tf.1
Upgradeable Versions: v2.8.7-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Major New Features in v2.9
Wayfinder 2.9 introduces four major new features - templated Cloud Resource Plans, 'Follow-Published' Cluster Plan version management, UI Policy management, and Azure AKS Private Endpoint connectivity - along with our usual selection of enhancements, fixes and improvements.
Cloud Resource Plans
With our new generation of Cloud Resource Plans, you can now use our standard templating to configure the tfvars used to apply your Terraform and choose your own inputs for app teams to provide on consumption.
This gives you full control over the configuration applied to the module, and allows you to choose simple inputs that app teams provide on consumption and flexibly map those through to whatever complex configuration the Terraform module needs. This makes it possible to support a much wider range of existing modules and gives far more flexibility in how you choose to configure them.
Our new Cloud Resource Plan management form interactively pulls the details of your selected Terraform module, producing an example tfvars template and showing you the module's readme and outputs, making configuring new Terraform modules significantly simpler.
Cloud Resource Plans are also now versioned, allowing you to produce and test new versions of the plan without affecting existing deployed resources.
'Follow Published' Cluster Plan version management
This enhancement to Cluster Plan versioning (introduced in 2.8) simplifies the rollout of new plan versions by allowing clusters to be specified as simply 'Follow Published', rather than choosing a specific plan version.
From the platform side, plan versions now have a simple 'Draft' / 'Published' / 'Deprecated' life cycle, and only versions in a 'Published' state will be offered to app teams when building clusters. When a cluster is built with 'Follow Published', Wayfinder will automatically select the latest published version of the plan as the initial version.
Upgrades are also simplified - When you are happy with a new version of your plan, moving it from 'Draft' to 'Published' makes the update available to all 'Follow Published' clusters using that plan. Your app teams then just make a single click, CLI command (wf update cluster) or API call to accept the upgrade at a time of their choosing. They can preview the upgrade with an easy-to-understand diff from the current version, allowing them to understand exactly what is being changed on their Cluster between the ClusterPlan versions.
A future release will allow updates to be automatically applied to 'Follow Published' clusters, according to your own rollout strategy.
Policy Functionality
You can now view and manage all of your Provisioning Policies (Clusters, Nodes, Regions), Cluster Policies (k8s resource validators and generators) and Cluster Access Policies (user access) through the UI, within a new Policy menu.
Azure AKS Private Endpoints
With this beta feature, if you run Wayfinder in Azure, it is now possible to provision private AKS clusters without establishing network connectivity between Wayfinder and the cluster's API, via Wayfinder's new capability to manage private link access to the cluster directly in its own subnet. This also allows cross-tenant management of private clusters.
Changelog
Wayfinder changes:
- A full list of the Wayfinder changes are available here: https://docs.appvia.io/wayfinder/releases
Terraform Infrastructure changes:
- Updated all EKS managed add-ons
- Updated upstream helm chart versions
- Add variable
cluster_enabled_log_typesto override which EKS log types should be enabled in the Wayfinder Management Cluster - Add variables
wayfinder_custom_logo_urlandwayfinder_custom_logo_collapsed_url, allowing you to specify URLs pointing to your own logo to be displayed within the Wayfinder Portal UI.
Required Actions
There are no required actions for this release when upgrading from one of the listed upgradeable versions.
v2.8.7-tf.1
Release v2.8.7-tf.1
Upgradeable Versions: v2.7.4-tf.2
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Major New Features in v2.8
Cluster Plan Versioning
In this release, Wayfinder now supports immutable versioning of Cluster Plans, allowing you to roll out changes to cluster plans across your fleet in a testable and deterministic way.
Clusters now refer to a plan and version and Wayfinder uses the details of the plan directly to build and manage the cluster. Creating a new plan version gives you a testable upgrade path for each plan, meaning you can use the exact same upgrade across all clusters on that plan, reducing bespoke per-cluster testing needs.
This release also introduces Compute Templates, which contain suggested node pool configurations that application teams can select from when self-serving clusters.
Provisioning Policies
Along with versioned cluster plans, this release introduces a new Provisioning Policy resource allowing you to restrict self-service of clusters, replacing the 'policy' construct on older cluster plans.
Limits can be configured for the maximum estimated costs for a cluster, along with what regions, instance types, number of nodes and the number of clusters can be provisioned.
A UI to manage provisioning policies will be available in a future release.
Changelog
Wayfinder changes:
- A full list of the Wayfinder changelog is available here: https://docs.appvia.io/wayfinder/releases
Terraform Infrastructure changes:
- Updated EKS management cluster to v1.30 and related EKS addons
- Switched to a supported version of the kubectl provider for Terraform
Required Actions
With the introduction of versioned Cluster Plans and Packages, the following manual updates should be made within your Wayfinder instance and manifest repositories:
- Authenticate with AWS (with permissions to modify the Terraform remote state) and run
terraform state replace-provider gavinbunney/kubectl alekc/kubectlprior to upgrading to this version. - Next steps to be performed post-upgrade:
- Copy any default Packages you require from the wayfinder-defaults repository into your own Wayfinder Platform configuration repository. This is no longer shipped or applied by default on Wayfinder upgrades, to prevent overwriting user customisations.
- Update any of your own custom Packages to the new versioned Package spec. Examples available in the wayfinder-defaults repository.
- Update any of your own custom ClusterPlans to the new versioned ClusterPlan spec. Examples available in the wayfinder-defaults repository.
- Update existing Clusters (ClusterSpec objects) to point at the new ClusterPlan version you have created (see Cluster YAML
spec.planRef)
v2.7.4-tf.2
Release v2.7.4-tf.2
Upgradeable Versions: v2.7.1-tf.1, v2.7.4-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Changelog
Wayfinder changes:
- None
Terraform Infrastructure changes:
- Add variable wayfinder_no_defaults (default value: true), preventing Wayfinder from preloading with default resources such as access policies, cluster plans, packages, etc.
Required Actions
There are no required actions for this release when upgrading from one of the listed upgradeable versions.
v2.7.4-tf.1
Release v2.7.4-tf.1
Upgradeable Versions: v2.7.1-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Changelog
Wayfinder changes:
- Update to v2.7.4. A full list of the Wayfinder changes are available here: https://docs.appvia.io/wayfinder/releases
Terraform Infrastructure changes:
- None
Required Actions
There are no required actions for this release when upgrading from one of the listed upgradeable versions.
v2.7.1-tf.1
Release v2.7.1-tf.1
Upgradeable Versions: v2.6.5-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Changelog
Wayfinder changes:
- Update to v2.7.1. A full list of the Wayfinder changes are available here: https://docs.appvia.io/wayfinder/releases
Terraform Infrastructure changes:
- Switch Wayfinder's management cluster to use a Network Load Balancer
- Update the management cluster's default storage class to gp3
- Update EKS to v1.29 and related addons
Required Actions
For existing Wayfinder installations, the switch for Ingress from a Classic Load Balancer to Network Load Balancer requires some manual intervention. You should perform one of the following (first is preferred):
- Delete the
ingress-nginx-controllerService within theingress-nginxnamespace prior to upgrading to this version (access to the Wayfinder UI and API will be unavailable until the upgrade completes). - (post-upgrade) Delete the legacy Classic Load Balancer from the AWS account where you have installed Wayfinder, as there will now be a Network Load Balancer routing traffic to the Wayfinder UI and API.
If you have built Wayfinder prior to v2.7, it will be using the gp2 StorageClass for the mysql Persistent Volume. This will need to persist (not force a change to the new default gp3), and so you must provide the following variable: var.eks_encrypted_sc_type: gp2
v2.6.5-tf.1
Release v2.6.5-tf.1
Upgradeable Versions: v2.6.4-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Changelog
Wayfinder changes:
- Update to v2.6.5 including minor bug fixes and improvements. A full list of the Wayfinder changes are available here: https://docs.appvia.io/wayfinder/releases
Terraform Infrastructure changes:
- Update the Managed Node Group to use separate gp3 root and containerd volumes
- Update the default EKS Addons to their latest versions available for EKS v1.28
Required Actions
When upgrading your Wayfinder installation from the previous module version to this, you will need to pass in a variable override for the EBS CSI Driver addon version and perform multiple updates to bring it in-line with the latest release version configured.
The variable aws_ebs_csi_driver_addon_version should be set with the below values specifically, until you are at the latest release (default configured value) within this module:
1. aws_ebs_csi_driver_addon_version = "v1.23.2-eksbuild.1"
2. aws_ebs_csi_driver_addon_version = "v1.24.1-eksbuild.1"
3. aws_ebs_csi_driver_addon_version = "v1.25.0-eksbuild.1"
4. aws_ebs_csi_driver_addon_version = "v1.26.1-eksbuild.1"
5. aws_ebs_csi_driver_addon_version = "v1.27.0-eksbuild.1"
6. unset aws_ebs_csi_driver_addon_version to use the default version specified in the module
v2.6.4-tf.1
Release v2.6.4-tf.1
Upgradeable Versions: v2.5.1-tf.1, v2.5.1-tf.2, v2.5.1-tf.3
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Major New Features in v2.6
Private DNS support
This release introduces full support for Private DNS zones on AWS, Azure and GCP. This allows you to extend Wayfinder's auto-provisioning of DNS zones for your clusters and apps to fully-private DNS within your cloud environment.
With this change, a new version of the GlobalDNSZone and DNSZone resources has been introduced (v2beta2) and the existing version (v2beta1) is now deprecated and will be removed in v2.7. Please update any stored GlobalDNSZone or DNSZone resources in your repositories to the new API version after upgrading.
Improvements to wf apply & wf diff commands
The validation performed by Wayfinder has been improved to return warnings for missing dependencies, allowing wf apply and wf diff to intelligently reorder multiple resources as required so they apply successfully.
App environment variables
This release introduces variables on application environments. This allows container and cloud app components to use variables which vary across your environments.
Peering improvements
Validation and required fields have been improved on peering rules, and the error handling on the resulting peerings has been improved to better identify issues with peering set-up.
Changelog
Wayfinder changes:
- A full list of the Wayfinder changelog is available here: https://docs.appvia.io/wayfinder/releases
Terraform Infrastructure changes:
- Create a Node Group per Availability Zone
- Update EKS version to v1.28 and related EKS addons
- Move from EKS ConfigMap auth to EKS API (access entries)
Required Actions
- The Module input
subnet_idshas been replaced withsubnet_ids_by_az, which requires a map of AZ to subnet IDs to build the Cluster within. An example of this is below:
subnet_ids_by_az = {
"eu-west-2a" = ["subnet-1", "subnet-2"]
"eu-west-2b" = ["subnet-3", "subnet-4"]
"eu-west-2c" = ["subnet-5", "subnet-6"]
}- Support has been added for EKS Access Entries. The example of this is below:
access_entries = {
tf_plan = {
principal_arn = "arn:aws:iam::123456789012:role/tf-plan"
policy_associations = {
cluster_admin = {
policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
access_scope = {
type = "cluster"
}
}
}
}
tf_apply = {
principal_arn = "arn:aws:iam::123456789012:role/tf-apply"
policy_associations = {
cluster_admin = {
policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
access_scope = {
type = "cluster"
}
}
}
}
}v2.5.1-tf.3
Release v2.5.1-tf.3
Upgradeable Versions: v2.4.6-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Changelog
Wayfinder changes:
- None
Terraform Infrastructure changes:
- Split the management cluster's compute nodepool into a node group per Availability Zone
Required Actions
The module variable subnet_ids has been replaced with subnet_ids_by_az, this is of type map(list(string)), an example of which would be:
subnet_ids_by_az = {
"eu-west-2a" = ["subnet-123456"]
"eu-west-2b" = ["subnet-363477"]
"eu-west-2c" = ["subnet-846262"]
}v2.5.1-tf.2
Release v2.5.1-tf.2
Upgradeable Versions: v2.4.6-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Changelog
Wayfinder changes:
- 🐛 Correct the name of the CostsEstimates feature when setting up the relevant cloud access role for Wayfinder
Terraform Infrastructure changes:
- None
Required Actions
There are no required actions for this release when upgrading from one of the listed upgradeable versions.
v2.5.1-tf.1
Release v2.5.1-tf.1
Upgradeable Versions: v2.4.6-tf.1
Full Wayfinder Changelog: https://docs.appvia.io/wayfinder/releases
Major New Features in v2.5
New UI navigation structure
This release introduces new, clearer navigation to the UI. Clusters can now be found in both workspace and administrative sections, allowing workspace members to see their own clusters.
Changelog
Wayfinder changes:
- [WF-3838] ✨ Support for 'user defined routing' outbound type on Azure AKS clusters
- [WF-3929] ✨ Add estimated cost for control plane cost for Azure 'paid' SKU clusters
- [WF-3855 / WF-3856] ✨ Provide a set of environment variables to deployed apps describing the runtime environment provided by Wayfinder
- [WF-3890] ✨ Allow AppEnvs to specify a reference to a CloudAccessConfig (needed where more than one cloud access configuration is provided to a workspace for a given stage)
- [WF-3540] ✨ Narrow the permissions required for GCP roles
- [WF-3947] ✨ Remove support for legacy auth proxy (this was replaced by our new kube proxy component in v2.4)
- [WF-3896] ✨ Add validation to Peering resources if directly applied
- [WF-3970] ✨ Improve validation of cloudaccessconfig types
- [WF-3943] 🐛 UI - Show dependency errors consistently on delete
- [WF-3945] 🐛 Ensure app components are successfully deleted if their owning app is deleted
- [WF-3949] 🐛 Ensure workspace owners can delete their own workspaces
Terraform Infrastructure changes:
- Bump the EKS Cluster version to v1.27
- Bump the EKS Addon minor versions by 1
Required Actions
There are no required actions for this release when upgrading from one of the listed upgradeable versions.