v1.5.2

What's Changed

• Revert cert-manager version constraint to ">=v1.0.0" from 0.23.0 wrongly added by CI by @carlydf in #252
• Skip automatic helm chart bump for patch releases by @Shivs11 in #254
• Bump Go to 1.25.8 to fix stdlib CVEs by @Shivs11 in #253
• Fix greedy sed in release.yml and restore cert-manager constraint by @Shivs11 in #255
• Add extra field when doing SubjectAccessReview by @jinjiaKarl in #265

New Contributors

• @jinjiaKarl made their first contribution in #265

Full Changelog: v1.5.0...v1.5.2

v1.5.1

What's Changed

• Bump Go to 1.25.8 to fix stdlib CVEs (PR #253)

Full Changelog: v1.5.0...v1.5.1

v1.5.0

Highlights

This release introduces WorkerResourceTemplate, enabling per-version autoscaling in Public Preview!

See docs/worker-resource-templates.md and our metrics-based autoscaling demo for more information on how to set it up.

This release is available in controller and CRD Helm charts v0.23.0.

What's Changed

• Enable Controller-managed versioned scaling resources with WorkerResourceTemplate by @carlydf in #217
• Fix demo readme and grafana dashboard for autoscaling demo by @carlydf in #251

Full Changelog: v1.4.0...v1.5.0

v1.4.0

Highlights

This release introduces a separate Helm chart for the CRDs needed by the worker controller. See docs/crd-management.md for more details.

Other improvements within the controller code include:

• Using ManagerIdentity to coordinate handoff between worker controller and other clients modifying the same Worker Deployment resource. See docs/ownership.md for more details.
• Omit DescribeVersion calls for drained versions to avoid hitting RPS limits
• Add Ready and Progressing conditions to TemporalWorkerDeployment for consumption by CD tools

This release is available in controller and CRD Helm charts v0.22.0.

What's Changed

• fix: append custom CA to system cert pool instead of replacing it by @Shivs11 in #227
• Add manual branch image publish workflow by @Shivs11 in #224
• fix: lowercase CleanStringForDNS output for RFC 1123 compliance by @aarontsharp in #228
• Separate CRDs Helm chart for upgradeable CRD lifecycle by @carlydf in #208
• Use ManagerIdentity API instead of LastModifierIdentity + ignore-last-modifier metadata hack by @carlydf in #220
• Revert "Use ManagerIdentity API instead of LastModifierIdentity + ignore-last-modifier metadata hack (#220)" by @carlydf in #233
• omit DescribeVersion API calls for drained versions by @Shivs11 in #229
• Bug fix: Do not call CheckHealth when authenticating with API keys by @Shivs11 in #232
• Reapply "Use ManagerIdentity API instead of LastModifierIdentity + ignore-last-modifier metadata hack (#220)" (#233) by @carlydf in #234
• Lower reconcile-loop log to debug level by @carlydf in #238
• Add unit tests for clientpool auth code paths by @carlydf in #236
• update the helm.yml workflow to now publish helm charts from feature branches without bumping up the chart version by @Shivs11 in #242
• feat: replace domain conditions with standard Ready/Progressing conditions by @carlydf in #235
• fix: retry on conflict in test helper to fix flaky integration test by @Shivs11 in #244
• docs: add Helm ownership labeling step to CRD migration guide by @Shivs11 in #245
• Bump google.golang.org/grpc from 1.75.1 to 1.79.3 by @dependabot[bot] in #243
• bump helm chart version to 0.20.0 by @Shivs11 in #248
• Bump chart version to 0.21.0 with appVersion 1.4.0 by @Shivs11 in #250

New Contributors

• @aarontsharp made their first contribution in #228

Full Changelog: v1.3.0...v1.4.0

v1.3.1

Contains bug fixes:

• fix: append custom CA to system cert pool instead of replacing it (#227)
  • Previous PR broke TLS auth, this fixes it
• omit DescribeVersion API calls for drained versions (#229)
  • Excessive DescribeVersion calls were exceeding server rate limits, and not needed
• Bug fix: Do not call CheckHealth when authenticating with API keys (#232)
  • Fixes a regression specific to API Key Auth that was introduced in #203

This release is available in controller Helm chart v0.20.0.

Full Changelog: v1.3.0...v1.3.1

v1.2.4

Contains bug fixes:

• Helm chart bug Fix: Make sure image has nonRoot (#195)
• fix: append custom CA to system cert pool instead of replacing it (#227)
  • Previous PR broke TLS auth, this fixes it
• omit DescribeVersion API calls for drained versions (#229)
  • Excessive DescribeVersion calls were exceeding server rate limits, and not needed

Full Changelog: v1.2.3...v1.2.4

v1.2.3

Warning

This release is unstable and should not be used in production.
PR #212 introduced a bug in TLS certificate handling.
The issue is fixed in #227.

Recommended action: Skip this version and upgrade to the release containing the fix.

---

Full Changelog: v1.2.2...v1.2.3

v1.2.2

Warning

This release is unstable and should not be used in production.
PR #212 introduced a bug in TLS certificate handling.
The issue is fixed in #227.

Recommended action: Skip this version and upgrade to the release containing the fix.

---

• Cherry picked commit: #195
  Full Changelog: v1.2.1...v1.2.2

v1.3.0

Warning

This release is unstable and should not be used in production.
PR #212 introduced a bug in TLS certificate handling.
The issue is fixed in #227.

Recommended action: Skip this version and upgrade to the release containing the fix.

---

What's Changed

• Adding a CI action to validate helm chart renderings by @Shivs11 in #199
• Helm chart bug Fix: Make sure image has nonRoot by @Shivs11 in #195
• fix: use CA certificate from mTLS secret for server verification by @Shivs11 in #212
• Bump golang.org/x/crypto from 0.37.0 to 0.45.0 by @dependabot[bot] in #185
• Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 in /internal/tests by @dependabot[bot] in #201
• Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in #202
• Add event recording and status conditions for worker deployments by @thearcticwatch in #203
• Bump go.opentelemetry.io/otel/sdk from 1.34.0 to 1.40.0 by @dependabot[bot] in #213
• Add CI check to verify Helm chart image references are pullable by @carlydf in #222
  • This PR replaces the deprecated gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 image with registry.k8s.io/kubebuilder/kube-rbac-proxy:v0.14.1, and adds a CI check to ensure that this issue won't happen in the future.
• Shorten deployment names when over 47 characters by @carlydf in #204

New Contributors

• @thearcticwatch made their first contribution in #203

Full Changelog: v1.2.0...v1.3.0

v1.1.2

Contains fix: migrate kube-rbac-proxy image from deprecated gcr.io to registry.k8s.io #219 on top of the v1.1.1 release, solving the ImagePullBackoff issue caused by the deprecation of gcr.io/kubebuilder/kube-rbac-proxy in favor of registry.k8s.io.

Full Changelog: v1.1.1...v1.1.2