Added​

• Added AWS RDS PostgreSQL support with full CRUD operations for database instances
• Added AWS RDS read replica support, including automatic backup retention management
• Added RDS PostgreSQL service binding claims to enable seamless application connectivity
• Added support for external AWS KMS keys for customer-managed encryption
• Added replica count information to RDS PostgreSQL instance status output
• Added comprehensive AWS RDS documentation, including:
  • Developer how-to guide
  • Managed databases overview with PostgreSQL-specific behavior
  • RDS troubleshooting guide
  • Core concepts and workflows
  • Platform operator setup instructions
• Added a glossary to improve documentation clarity
• Added automatic KMS key detection and dynamic permission grants for target buckets in the Object Storage (S3) integration
• Added richer and more informative status output for Object Storage (S3) resources
• Added automatic IAM resource tagging for auditing and cost tracking in the Object Storage (S3) integration

Changed​

• Updated S3 bucket provisioning to automatically enable KMS encryption, including dependency handling for managed key creation
• Improved connection secret handling in the Object Storage (S3) integration for greater reliability and completeness
• Improved behavior when Object Storage Instances are missing — bindings now remain READY=False with a clear status message in the XR object
• Set the default IAM user access level in the Object Storage (S3) integration to readWrite to enforce least-privilege security
• Bumped the Object Storage integration version to 1.0.0 following updates to the ObjectStorageInstance resource

Chores​

• Upgraded Crossplane to version v1.20.1
• Updated crossplane aws providers
  • provider-aws-s3 upgraded to v1.23.2
  • provider-aws-rds upgraded to v1.23.2
  • provider-aws-iam upgraded to v1.23.2
  • provider-aws-kms upgraded to v1.23.2
• Updated crossplane functions
  • function-patch-and-transform upgraded to v0.9.1
  • function-go-templating upgraded to v0.11.0
• Bumped dependencies to remove security vulnerabilities

Added​

• Added XRD XTCPConnection, which defines an API schema which can be used by multiple implementations that enable network connectivity from a tenant cluster to a data service instance via the Klutch control plane.
• Added "nop" composition for XTCPConnection to opt out of a network connector implementation
• Added ObjectStorageInstance resource for provisioning object storage; initial implementation includes AWS S3 buckets.
• Added ObjectStorageBinding to enable applications to connect to provisioned object storage instances.

Chores​

• Fixed security vulnerabilities identified by Dependabot.
• Upgraded Crossplane to version v1.19.0
• Updated crossplane functions
  • function-patch-and-transform upgraded to v0.8.2
  • function-go-templating upgraded to v0.9.2

Changed​

• Removed duplicate code from Klutch, as the same logic is now sourced from Klutchio.

• Updated image link and version for provider-anynines.

  Breaking Change The provider-anynines image has been updated, requiring a reapplication with the correct repository path and version.

  Old: public.ecr.aws/w5n9a2g2/anynines/provider-anynines:v1.X.X

  New: public.ecr.aws/w5n9a2g2/klutch/provider-anynines:1.3.2

  Please reapply using the following command:

  kubectl apply -f https://raw.githubusercontent.com/anynines/klutchio/refs/heads/main/crossplane-api/deploy/provider-anynines.yaml
  

• Updated naming conventions. Consumer Cluster is now App Cluster and Management Cluster is now Control Plane Cluster.

• Renamed backend resources for bindings. Changed the namespace used for bindings on the App Clusters from kube-bind to klutch-bind.

  This change automatically applies to new bindings.

  Breaking Change this change also changes the namespace of the konnector deployment. Please make sure that only one deployment of konnector is running. Please delete the old konnector deployment by running

  kubectl delete -n kube-bind deployment konnector
  

  before creating any new bindings. Creating a new binding will deploy the konnector to the new namespace.

  Breaking Change The service account created on the provider cluster, and all role bindings have been updated. In order to migrate please

  1. Create a new ServiceAccount called klutch-binder in each cluster-<xyz> namespace without an additional suffix.

  2. Create a new secret to hold the servic account token in the same namespace:

     apiVersion: v1
     data:
     kind: Secret
     metadata:
       annotations:
       kubernetes.io/service-account.name: klutch-binder
         kubernetes.io/service-account.uid: <service account UID>
       name: klutch-binder
       namespace: cluster-<xyz>
     type: kubernetes.io/service-account-token
     

  3. Copy the token and replace the old token in the kubeconfig secret within the same namespace

  4. Copy the content of the kubeconfig secret from the provider cluster to kubeconfig-<abc> secret in the klutch-bind namespace in the App Cluster.

• Replace native patch&transform patching in compositions with composite functions

Added​

• Experimental support for exposing a9s data services via TCP proxy. This can be opted in to by using the composition a9s-service-binding-proxy. Installation of a8s service guard is required.

Changed​

• breaking change API groups for binding (formerly kube-bind)

Added​

• Add support for PostgreSQL extensions via parameters field

Chores​

• Added support for Server-Side Apply (SSA) by upgrading Crossplane to version v1.15.0
• Updated all internal dependencies and packages to their latest compatible versions

Added​

• Add health check for ProviderConfigs
• Add basic readinessProbe

Changed​

• Improve user-friendliness of a9s Messaging created secrets
• Extend validations for 'plan' and 'service' for all supported DSIs
• Add validations for postgresql claim

Fixed​

• Log sanitization for anynines-backend to exclude any recording of confidential information

Added​

• provider anynines: Add support for additional Data Services:
  • a9s Logme2
  • a9s MariaDB
  • a9s Messaging
  • a9s MongoDB
  • a9s Prometheus
  • a9s Search
• docs: Application Developer: all services: Add instructions for using the supported a9s Data Services through Kubernetes. This includes setting up a Kubernetes environment, offering templates and examples for interacting with the Data Service Instances and presenting tables with supported plans and services. For more information see Application Developer.
• docs: Application Developer: all services: Add "Coming Soon" section for each Data Service, outlining upcoming features. For more information see Application Developer.

Changed​

• all services: Update the Crossplane Configuration Package with the latest version of provider-anynines and enable support for the additional a9s Data Services.
• all services: Update the API group and version for claims, compositions, and managed resources.
• all services: Improve readability of error messages.
• all services: Update provider-anynines container images to provide multi-architecture support.
• all services: Update build, push, and installation scripts to include the additional a9s Data Services.
• docs: Platform Operators: all services: Update the Platform Operators documentation, which now uses a single page to deliver information on configuring Central Management and Tenant clusters with the supported a9s Data Services. For more information see Setting up Central Management and Tenant Clusters.
• docs: Platform Operators: all services: Update the Platform Operators documentation by introducing a "Coming Soon" section that outlines upcoming supported features. For more information see Setting up Central Management and Tenant Clusters.

Fixed​

• all services: ServiceBinding: Fix ServiceBinding to use the same Kubernetes namespace as the Composition Claim. This ensures that ServiceBindings work seamlessly in both Tenant and Central Management clusters synchronized with kube-bind.

Added​

• provider anynines: Add a Crossplane Provider named "provider-anynines" tailored to utilize a9s Data Services.
• provider anynines: Add build, push, and installation scripts, along with instructions for locally deploying provider-anynines.
• a9s PostgreSQL: Add Crossplane Configuration Packages for the installation of provider-anynines and the necessary Configuration Package for integrating a9s PostgreSQL with Kubernetes.
• a9s PostgreSQL: Add examples for provisioning a9s PostgreSQL Data Service Instances, creating service bindings, performing backups and restoring data. For more information see Using a9s PostgreSQL.
• a9s PostgreSQL: Add a demo scenario that showcases the process of establishing a Central Management Cluster on Amazon EKS, utilising Crossplane, Kube-bind, and the a8s framework.
• docs: Application Developer: a9s PostgreSQL: Add instructions for using a9s Data Services through Kubernetes. This includes setting up a Kubernetes environment, provided templates and examples for interacting with the data service and providing tables with supported plans and services. For more information see Using a9s PostgreSQL.
• docs: Application Developer: a9s PostgreSQL: Add a new "Coming Soon" section describing upcoming features. For more information see Using a9s PostgreSQL.
• docs: Platform Operators: Add instructions for setting up a Central Management cluster and the Tenant cluster. For more information see Setting up Central Management and Tenant Clusters.