v0.17.0

🎉 v0.17.0 Release Notes

Your proxies just got a whole lot chattier (in a good way!)

This release is all about visibility. We've taught your HTTPProxy resources to tell you exactly what's happening with your TLS certificates and DNS setup—no more wondering why things aren't working.

✨ Certificate Health Tracking

Ever deployed an HTTPProxy and wondered if your TLS certificate actually got issued? Wonder no more! HTTPProxy now sports a shiny new CertificatesReady condition that tells you the state of all your HTTPS hostnames at a glance. You'll also see per-hostname CertificateReady conditions with helpful messages like "We're provisioning and applying a certificate to this hostname - it may take a few minutes" instead of cryptic error codes.

kubectl get httpproxy
NAME       HOSTNAME            PROGRAMMED   CERTIFICATES   AGE
my-proxy   app.example.com     True         True           5m

🔍 Smarter DNS Authority Checks

We've made the DNS integration smarter about figuring out whether Datum DNS actually has authority over your domain. Instead of just checking if a domain was "verified via DNSZone," we now verify the full chain: domain ownership + DNSZone readiness + nameserver delegation. This means better compatibility with domains that were verified before recent fixes, and clearer error messages when something's off.

New status reasons like DNSAuthorityMissing will tell you exactly what to fix—whether it's updating your registrar's NS records or waiting for the DNSZone to become ready.

🧹 Proper DNS Cleanup

Fixed a sneaky bug where DNSRecordSets weren't being cleaned up when you deleted a Gateway. Turns out Kubernetes garbage collection wasn't doing its job here (long story involving controller owner references), so we added explicit cleanup in the Gateway finalizer. Your DNS records will now properly disappear when the Gateway does.

---

Full details: PR #115 — @mattdjenkinson's first contribution 🎊

v0.16.0

Automatic DNS Record Management for Gateway Hostnames

Configure custom hostnames on an HTTPProxy or Gateway and DNS records are created automatically when Datum DNS manages your domain. The operator creates CNAME records pointing to the gateway's canonical hostname (or ALIAS records for apex domains).

New status fields surface DNS programming status per-hostname via status.hostnameStatuses with Verified, DNSRecordProgrammed, and Available conditions, plus an aggregate DNSRecordsProgrammed condition.

See #111 for details.

Requirements

• Domain verified via Datum DNS zone
• Feature flag enableDNSIntegration: true in operator config
• dns-operator CRDs installed

Bug Fixes

• preserve VerifiedDNSZone condition after DNSZone verification (#111)
• use non-controller ownerReference for DNSRecordSets (#111)

---

Full Changelog: v0.15.1...v0.16.0

v0.15.1

What's Changed

• fix: wait for https listener before applying envoypatchpolicy by @zachsmith1 in #112

Full Changelog: v0.15.0...v0.15.1

v0.15.0

What's Changed

• feat: Add connector EnvoyPatchPolicy for HTTPProxy backends by @zachsmith1 in #93

Full Changelog: v0.14.5...v0.15.0

v0.14.5

What's Changed

• chore: block dupe domain creation by @zachsmith1 in #108
• fix: watch Challenges instead of Certificates for ACME HTTP-01 solver by @scotwells in #110

Full Changelog: v0.14.4...v0.14.5

v0.14.4

What's Changed

• fix: wait for TLS certificates before enabling WAF by @scotwells in #107

Full Changelog: v0.14.3...v0.14.4

v0.14.3

What's Changed

• fix: make connectorclass cluster scoped by @zachsmith1 in #106

Full Changelog: v0.14.2...v0.14.3

v0.14.2

What's Changed

• fix: require tls.hostname for HTTPS backends with IP addresses by @scotwells in #105

Full Changelog: v0.14.1...v0.14.2

v0.14.1

What's Changed

• feat: make status.connectionDetails.publicKey.id selectable by @zachsmith1 in #99
• feat: add ports to connection detail addresses by @zachsmith1 in #102
• fix: engage with downstream cluster by @scotwells in #100

Full Changelog: v0.14.0...v0.14.1

v0.14.0

What's Changed

• Introduce Connector CRDs. by @joshlreese in #84
• Introduce Connector CRDs by @zachsmith1 in #87
• fix: missing rbac role by @zachsmith1 in #89
• feat: HTTPProxy connector name field + validation by @zachsmith1 in #91
• feat: add connector and advertisement controllers by @zachsmith1 in #92
• feat: add controller to delete errored ACME challenges by @scotwells in #98

Full Changelog: v0.13.1...v0.14.0