Skip to content

Release v2.0.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Jan 17:45
· 2 commits to main since this release
v2.0.0
cabcc46
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Runtime Environment Detection: Auto-detect execution environment (Kubernetes/Container/VM)
  • Flexible Discovery Modes:
    • Kubernetes discovery from any runtime (in-cluster or remote with kubeconfig)
    • Static backend configuration for non-Kubernetes deployments
  • Enterprise TLS Management:
    • TLS_AUTO_GENERATE: Automatic self-signed certificate generation
    • TLS_AUTO_RENEW: Automatic certificate renewal for expired/invalid certs
    • TLS_RENEWAL_THRESHOLD_DAYS: Configurable renewal threshold
    • Certificate expiration validation
    • Optional TLS: TLS_ENABLED flag to make TLS completely optional
  • Professional Configuration System:
    • Runtime-aware configuration (kubernetes/container/vm)
    • Type-safe configuration with validation
    • Smart auto-detection for all modes (runtime, discovery, TLS)
  • Enhanced Environment Variables:
    • DATABASE_TYPE: Database type (postgresql)
    • RUNTIME: Explicit runtime environment setting
    • DISCOVERY_MODE: Explicit discovery mode
    • TLS_MODE: Explicit TLS provider mode
    • TLS_ENABLED: Enable/disable TLS
    • NAMESPACE: Professional naming (replaces POD_NAMESPACE)
  • Multi-Runtime Kubernetes Access:
    • Access Kubernetes from VM/Container using KUBECONFIG
    • Support for multiple Kubernetes contexts
    • Remote cluster discovery from non-Kubernetes environments
  • Configuration Validation: Comprehensive validation with helpful error messages
  • Backward Compatibility: Full support for legacy environment variables
  • New proxy manager component for advanced proxy infrastructure management
  • Comprehensive structured logger with improved console output formatting
  • Self-signed certificate generation capability for TLS
  • Database type support in resolver configurations (Kubernetes and Memory resolvers)
  • Test client script (scripts/test-client.sh) for connection testing
  • Certificate utility functions for certificate management (cmd/proxy/internal/utils/cert.go)
  • Memory-based TLS provider implementation
  • API server component for proxy management
  • Core server architecture with improved request handling
  • Protocol handler for PostgreSQL connections
  • Filesystem-based TLS storage provider

Changed

  • Removed PROXY_ENABLED: Proxy always runs when started (fail-fast on misconfiguration)
  • Professional Configuration Architecture:
    • Type-safe enums for modes (RuntimeEnvironment, DiscoveryMode, TLSMode)
    • Validation-first approach with clear error messages
    • Smart defaults for all settings
  • Improved Factory Pattern:
    • Runtime-aware resolver factory
    • TLS factory with certificate lifecycle management
    • Better error handling and logging
  • Enhanced README:
    • Complete rewrite with enterprise focus
    • Clear runtime scenarios and examples
    • Professional documentation structure
    • Architecture diagram
  • Better Logging:
    • Runtime information in startup logs
    • TLS mode and certificate status
    • Discovery mode details
  • Merged main branch into development branch for latest stable features
  • Updated Docker CMD path to reflect new folder structure (cmd/proxy)
  • Refactored connection handler to improve error handling and lifecycle management for production environments
  • Moved PostgreSQL handler from protocol package to proxy package
  • Reorganized project structure: moved from apps/proxy to cmd/proxy and pkg/* to cmd/proxy/internal/*
  • Updated TLS provider implementation with enhanced self-signed certificate support
  • Improved discovery system for both Kubernetes and memory-based resolvers
  • Enhanced PostgreSQL protocol parser implementation
  • Restructured folder hierarchy for better organization
  • Updated GitHub usernames and repository references across all configuration files
  • Modified platform support in deployment workflow (amd64, arm64, 386)
  • TLS Now Optional: Proxy can run without TLS if TLS_ENABLED=false
  • Updated all Kubernetes deployment YAMLs to use new environment variable scheme
  • Updated test and development scripts to use new configuration format

Fixed

  • PostgreSQL Database Parameter Handling: Complete fix for database defaulting logic
    • Defaults to "postgres" when client omits database name
    • Detects when client auto-fills database with username (common psql behavior)
    • Prevents "database does not exist" errors when username contains deployment_id suffix
    • Example: database=postgres.team-1992252154561 now correctly becomes database=postgres
  • PostgreSQL Resolver: Uses correct database type (postgresql) instead of mysql for routing
  • StartupMessage Rebuild: Simplified logic - now rebuilds on every handshake for consistency
    • Every TCP connection gets a fresh StartupMessage
    • Eliminates unnecessary optimization that caused edge cases
    • Ensures username parsing and database defaulting always work correctly
  • Enhanced Logging: Added comprehensive logging for connection parameters and username parsing
  • Multi-instance TLS certificate creation race conditions
  • Kubernetes discovery from non-Kubernetes runtimes
  • Certificate lifecycle management issues
  • Configuration validation edge cases
  • Connection lifecycle issues in production environments
  • Error response handling in connection handler
  • Binary file cleanup (removed proxy binary from tracking)
  • Certificate file management in repository

Removed

  • PROXY_ENABLED environment variable (proxy always runs)
  • POD_NAMESPACE in favor of generic NAMESPACE
  • POSTGRESQL_PROXY_ENABLED in favor of DATABASE_TYPE
  • TLS_ENABLE_SELF_SIGNED in favor of TLS_AUTO_GENERATE
  • Unnecessary configuration complexity
  • Deleted old HTTP health check implementation (cmd/proxy/internal/http/health.go)
  • Removed legacy Kubernetes client implementation
  • Cleaned up old proxy server implementations and tests
  • Removed temporary binary and certificate files from repository root

Security

  • Enhanced certificate validation
  • Automatic certificate renewal prevents expired certs
  • Multi-instance safe certificate generation
  • Better TLS configuration validation
  • Enhanced TLS configuration with improved certificate management
  • Added self-signed certificate generation for development environments
  • Improved certificate storage security with filesystem provider

Architecture

  • Configuration-Driven Design: All behavior controlled by environment variables
  • Runtime Awareness: Detects and adapts to execution environment
  • Fail-Fast Philosophy: Clear errors on misconfiguration
  • Production-Grade: Enterprise-ready with proper validation and error handling
  • Optional TLS: Full support for non-TLS deployments
Assets 2
Loading