@@ -11,13 +11,135 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1111
1212### Changed
1313
14- ### Deprecated
14+ ### Fixed
1515
1616### Removed
1717
18+ ### Security
19+
20+ ## [ 2.0.0] - 2026-01-12
21+
22+ ### Added
23+ - ** Runtime Environment Detection** : Auto-detect execution environment (Kubernetes/Container/VM)
24+ - ** Flexible Discovery Modes** :
25+ - Kubernetes discovery from any runtime (in-cluster or remote with kubeconfig)
26+ - Static backend configuration for non-Kubernetes deployments
27+ - ** Enterprise TLS Management** :
28+ - ` TLS_AUTO_GENERATE ` : Automatic self-signed certificate generation
29+ - ` TLS_AUTO_RENEW ` : Automatic certificate renewal for expired/invalid certs
30+ - ` TLS_RENEWAL_THRESHOLD_DAYS ` : Configurable renewal threshold
31+ - Certificate expiration validation
32+ - ** Optional TLS** : ` TLS_ENABLED ` flag to make TLS completely optional
33+ - ** Professional Configuration System** :
34+ - Runtime-aware configuration (kubernetes/container/vm)
35+ - Type-safe configuration with validation
36+ - Smart auto-detection for all modes (runtime, discovery, TLS)
37+ - ** Enhanced Environment Variables** :
38+ - ` DATABASE_TYPE ` : Database type (postgresql)
39+ - ` RUNTIME ` : Explicit runtime environment setting
40+ - ` DISCOVERY_MODE ` : Explicit discovery mode
41+ - ` TLS_MODE ` : Explicit TLS provider mode
42+ - ` TLS_ENABLED ` : Enable/disable TLS
43+ - ` NAMESPACE ` : Professional naming (replaces POD_NAMESPACE)
44+ - ** Multi-Runtime Kubernetes Access** :
45+ - Access Kubernetes from VM/Container using KUBECONFIG
46+ - Support for multiple Kubernetes contexts
47+ - Remote cluster discovery from non-Kubernetes environments
48+ - ** Configuration Validation** : Comprehensive validation with helpful error messages
49+ - ** Backward Compatibility** : Full support for legacy environment variables
50+ - New proxy manager component for advanced proxy infrastructure management
51+ - Comprehensive structured logger with improved console output formatting
52+ - Self-signed certificate generation capability for TLS
53+ - Database type support in resolver configurations (Kubernetes and Memory resolvers)
54+ - Test client script (` scripts/test-client.sh ` ) for connection testing
55+ - Certificate utility functions for certificate management (` cmd/proxy/internal/utils/cert.go ` )
56+ - Memory-based TLS provider implementation
57+ - API server component for proxy management
58+ - Core server architecture with improved request handling
59+ - Protocol handler for PostgreSQL connections
60+ - Filesystem-based TLS storage provider
61+
62+ ### Changed
63+ - ** Removed ` PROXY_ENABLED ` ** : Proxy always runs when started (fail-fast on misconfiguration)
64+ - ** Professional Configuration Architecture** :
65+ - Type-safe enums for modes (RuntimeEnvironment, DiscoveryMode, TLSMode)
66+ - Validation-first approach with clear error messages
67+ - Smart defaults for all settings
68+ - ** Improved Factory Pattern** :
69+ - Runtime-aware resolver factory
70+ - TLS factory with certificate lifecycle management
71+ - Better error handling and logging
72+ - ** Enhanced README** :
73+ - Complete rewrite with enterprise focus
74+ - Clear runtime scenarios and examples
75+ - Professional documentation structure
76+ - Architecture diagram
77+ - ** Better Logging** :
78+ - Runtime information in startup logs
79+ - TLS mode and certificate status
80+ - Discovery mode details
81+ - Merged main branch into development branch for latest stable features
82+ - Updated Docker CMD path to reflect new folder structure (` cmd/proxy ` )
83+ - Refactored connection handler to improve error handling and lifecycle management for production environments
84+ - Moved PostgreSQL handler from protocol package to proxy package
85+ - Reorganized project structure: moved from ` apps/proxy ` to ` cmd/proxy ` and ` pkg/* ` to ` cmd/proxy/internal/* `
86+ - Updated TLS provider implementation with enhanced self-signed certificate support
87+ - Improved discovery system for both Kubernetes and memory-based resolvers
88+ - Enhanced PostgreSQL protocol parser implementation
89+ - Restructured folder hierarchy for better organization
90+ - Updated GitHub usernames and repository references across all configuration files
91+ - Modified platform support in deployment workflow (amd64, arm64, 386)
92+ - ** TLS Now Optional** : Proxy can run without TLS if ` TLS_ENABLED=false `
93+ - Updated all Kubernetes deployment YAMLs to use new environment variable scheme
94+ - Updated test and development scripts to use new configuration format
95+
1896### Fixed
97+ - ** PostgreSQL Database Parameter Handling** : Complete fix for database defaulting logic
98+ - Defaults to "postgres" when client omits database name
99+ - Detects when client auto-fills database with username (common psql behavior)
100+ - Prevents "database does not exist" errors when username contains deployment_id suffix
101+ - Example: ` database=postgres.team-1992252154561 ` now correctly becomes ` database=postgres `
102+ - ** PostgreSQL Resolver** : Uses correct database type (postgresql) instead of mysql for routing
103+ - ** StartupMessage Rebuild** : Simplified logic - now rebuilds on every handshake for consistency
104+ - Every TCP connection gets a fresh StartupMessage
105+ - Eliminates unnecessary optimization that caused edge cases
106+ - Ensures username parsing and database defaulting always work correctly
107+ - ** Enhanced Logging** : Added comprehensive logging for connection parameters and username parsing
108+ - Multi-instance TLS certificate creation race conditions
109+ - Kubernetes discovery from non-Kubernetes runtimes
110+ - Certificate lifecycle management issues
111+ - Configuration validation edge cases
112+ - Connection lifecycle issues in production environments
113+ - Error response handling in connection handler
114+ - Binary file cleanup (removed ` proxy ` binary from tracking)
115+ - Certificate file management in repository
116+
117+ ### Removed
118+ - ` PROXY_ENABLED ` environment variable (proxy always runs)
119+ - ` POD_NAMESPACE ` in favor of generic ` NAMESPACE `
120+ - ` POSTGRESQL_PROXY_ENABLED ` in favor of ` DATABASE_TYPE `
121+ - ` TLS_ENABLE_SELF_SIGNED ` in favor of ` TLS_AUTO_GENERATE `
122+ - Unnecessary configuration complexity
123+ - Deleted old HTTP health check implementation (` cmd/proxy/internal/http/health.go ` )
124+ - Removed legacy Kubernetes client implementation
125+ - Cleaned up old proxy server implementations and tests
126+ - Removed temporary binary and certificate files from repository root
19127
20128### Security
129+ - Enhanced certificate validation
130+ - Automatic certificate renewal prevents expired certs
131+ - Multi-instance safe certificate generation
132+ - Better TLS configuration validation
133+ - Enhanced TLS configuration with improved certificate management
134+ - Added self-signed certificate generation for development environments
135+ - Improved certificate storage security with filesystem provider
136+
137+ ### Architecture
138+ - ** Configuration-Driven Design** : All behavior controlled by environment variables
139+ - ** Runtime Awareness** : Detects and adapts to execution environment
140+ - ** Fail-Fast Philosophy** : Clear errors on misconfiguration
141+ - ** Production-Grade** : Enterprise-ready with proper validation and error handling
142+ - ** Optional TLS** : Full support for non-TLS deployments
21143
22144## [ 1.0.8] - 2025-07-07
23145
0 commit comments