v0.3.1

What's Changed

• Add Pod Security Admission (PSA)
• Add uptime checks for URLs with email notification for Whereami, Online Boutique and Bank of Anthos. In addition to a new dedicated monitoring section too.
• Update Cloud Armor section with metrics query and screenshot
• Add a Costs page
• Add 2 more policies for Service Mesh: K8sBlockAllIngress and VirtualServiceWithHost

Full Changelog: e6c61d7...e3b1bca

Tested with:

• GKE 1.25.5-gke.1500
• ASM MCP 1.15.4-asm.2 + MDP 1.15.4-asm.2
• ACM 1.14.1
• Whereami 1.2.14
• Online Boutique 0.5.0
• Bank of Anthos 0.5.10

v0.3.0

tl,dr

• Helm chart for Online Boutique 🛒
• New Config Sync UI and Policy Controller UI pages 👀 🎄 🚀
• More Cloud Armor WAF rules 🛡️

What's Changed

• The Online Boutique sample is now deployed via its Helm chart instead of using Kustomize. The end user experience is way much better, hope you will like it! The other samples will follow soon too.
• Add new Monitor resources synced page with the new Config Sync UI
• Add new Monitor policies violations page with the new Policy Controller UI
• Fix two issues with the GKE cluster provisioning related to the serviceUsageConsumer role and the Cloud DNS API and GKE cluster fields
• Update the Check deployments section of each page with a link to the new Config Sync UI and the new Policy Controller UI when appropriate
• Populate remediation field in all Constraints in order to have a link with detailed remediation per Constraint's violation in the new Policy Controller UI
• Enable Prevent drift for Config Sync for both the Config Controller instance in Host project and the GKE cluster in Tenant project
• Add more WAF rules with Cloud Armor such as cve, rce, methodenforcement, scannerdetection, protocolattack, php, sessionfixation, java and nodejs in addition to existing ones: xss, sqli, lfi and rfi.
• Add Spanner and Memorystore groups for Online Boutique in the navigation panel with their respective pages
• Review the architecture diagram image
• External links now open in a new tab

Full Changelog: ee49a08...e6c61d7

Tested with:

• GKE 1.25.4-gke.1600
• ASM MCP 1.15.3-asm.2 + MDP 1.15.3-asm.1
• ACM 1.14.0
• Whereami 1.2.14
• Online Boutique 0.5.0
• Bank of Anthos 0.5.10

v0.2.4

What's Changed

• Use Cloud DNS (now GA) with the GKE cluster in the Tenant project
• Add a new AllowedKccResources Constraint/ConstraintTemplate in the policies of the Tenant project
• Upgrade Whereami to 1.2.14 🤔
• Update screenshots for GKE Security posture 🛡️

Full Changelog: ba95bd2...ee49a08

Tested with:

• GKE 1.25.4-gke.1600
• ASM MCP 1.15.3-asm.2 + MDP 1.15.3-asm.1
• ACM 1.14.0
• Whereami 1.2.14
• Online Boutique 0.5.0
• Bank of Anthos 0.5.10

v0.2.3

What's Changed

• Better project-id annotation management on KCC resources (#137)
• Use ACM 1.14.0 in GKE cluster in Tenant project
• Upgrade Online Boutique to v0.5.0 🛒
• Upgrade Bank of Anthos to v0.5.10 🏦
• Upgrade Whereami to 1.2.13 🤔
• Update screenshots for GKE Security posture 🛡️

Full Changelog: 178a5ee...ba95bd2

Tested with:

• GKE 1.25.3-gke.800
• ASM MCP 1.15.3-asm.2 + MDP 1.15.3-asm.1
• ACM 1.14.0
• Whereami 1.2.13
• Online Boutique 0.5.0
• Bank of Anthos 0.5.10

v0.2.2

What's Changed

• Spanner with Online Boutique 🛒
• Fix ConfigConnectorContext with requestProjectPolicy: BILLING_PROJECT (as best practice and to fix issue with Spanner)
• Update screenshot for ASM version ⛵
• Update screenshots for GKE Security posture 🛡️

Full Changelog: d473bea...178a5ee

Some numbers

• 56 resources created by KCC via Config Controller
• 245 resources synced by Config Sync across 6 repositories
• 23 workloads in the Mesh
• 17 Policy Controller's Constraints

Tested with:

• GKE 1.24.4-gke.800
• ASM 1.15.3-asm.1
• ACM 1.13.1
• Whereami 1.2.12
• Online Boutique 0.4.1
• Bank of Anthos 0.5.9

v0.2.1

What's Changed

• Update the Managed ASM installation with GKEHubFeatureMembership now supported by KCC 1.96.0 ⛵
• Upgrade Online Boutique to v0.4.1 🛒
• Add new Bank of Anthos apps section 🏦
• Fix the Memorystore (Redis) and Memorystore (Redis) TLS instructions for Online Boutique
• Use ACM 1.13.1 in GKE cluster in Tenant project
• Add gcloud logging read commands for NetworkPolicies and AuthorizationPolicies logs in Monitor apps security section
• Fix duplicate listener with port 15021 with the Ingress Gateway

Full Changelog: e5fad42...d473bea

v0.2.0

What's Changed

• Use the Config Controller Autopilot instance 🛩️
• Set the managed Dataplane for the entire mesh at ASM installation, not per namespace (related to the installation via Fleet API now GA)
• Add check on resources synced with the Config Sync Status UI for the GKE cluster in the Tenant project 📊
• Review and fix the flow of the Whereami and Online Boutique apps
  • Upgrade Whereami to v1.2.12 🤔
  • Upgrade Online Boutique to v0.4.0 🛒
• Add a GKE Security Posture section 🛡️
• Use ACM 1.13.0 in GKE cluster in Tenant project
• Use the low carbon region northamerica-northeast1 for all the regional and zonal Google Cloud Services used in this workshop 🌱
• Use crane instead of docker pull|tag|push for the copy of the container images for Whereami and Online Boutique in the private Artifact Registry

Full Changelog: 3d4c0f2...e5fad42

v0.1.5

What's Changed

• Cloud Armor - support of the advancedOptionsConfig.logLevel: VERBOSE feature with KCC 1.90.0
• ACM 1.12.2 for GKE cluster in Tenant project

Full Changelog: 2fd82f5...3d4c0f2

v0.1.3

What's Changed

• Use ACM 1.12.1 for GKE cluster in Tenant project
• Use Cloud Armor's rules based on the new CRS 3.3 + Canary (was previously Stable)

Full Changelog: 4e8cd7b...2fd82f5

v0.1.1

What's Changed

• Add new Secure Memorystore (redis) instance access page
• Add gitops-tips tag
• Add HorizontalPodAutoscaler for Ingress Gateway, and add tips about replicas field management with HPA
• Update Agenda page
• Update images with TLS icon

Full Changelog: a061458...4e8cd7b