From 64364be8c33fd0f0f0d2375a619ef7cb44e2c229 Mon Sep 17 00:00:00 2001 From: Jason Madigan Date: Thu, 12 Dec 2024 12:11:44 +0000 Subject: [PATCH 1/3] removed preloader, added some new styling for headers Signed-off-by: Jason Madigan --- src/_includes/layout.njk | 1 - static/css/style.css | 80 ++++++++++++++++++++-------------------- static/js/main.js | 10 ----- 3 files changed, 40 insertions(+), 51 deletions(-) diff --git a/src/_includes/layout.njk b/src/_includes/layout.njk index 44345a3..753f385 100644 --- a/src/_includes/layout.njk +++ b/src/_includes/layout.njk @@ -129,7 +129,6 @@ title: Kuadrant.io -
diff --git a/static/css/style.css b/static/css/style.css index 594053f..7818f46 100644 --- a/static/css/style.css +++ b/static/css/style.css @@ -31,45 +31,7 @@ h3, h4, h5, h6 { - font-family: "Jost", sans-serif; -} - -/*-------------------------------------------------------------- -# Preloader ---------------------------------------------------------------*/ -#preloader { - position: fixed; - top: 0; - left: 0; - right: 0; - bottom: 0; - z-index: 9999; - overflow: hidden; - background: #37517e; -} - -#preloader:before { - content: ""; - position: fixed; - top: calc(50% - 30px); - left: calc(50% - 30px); - border: 6px solid #37517e; - border-top-color: #fff; - border-bottom-color: #fff; - border-radius: 50%; - width: 60px; - height: 60px; - animation: animate-preloader 1s linear infinite; -} - -@keyframes animate-preloader { - 0% { - transform: rotate(0deg); - } - - 100% { - transform: rotate(360deg); - } + font-family: "Open Sans", sans-serif; } /*-------------------------------------------------------------- @@ -1952,4 +1914,42 @@ h1, h2, h3, h4, h5 { .footer-contact img { max-width: 20em; -} \ No newline at end of file +} + +h1 { + font-size: 2rem; + color: #37517e; + font-weight: 700; + margin-bottom: 1rem; +} + +h2 { + font-size: 1.75rem; + color: #2a4866; + font-weight: 600; + margin-bottom: 0.9rem; +} + +h3 { + font-size: 1.5rem; + color: #37517e; + font-weight: 500; + letter-spacing: 0.02rem; + margin-bottom: 0.8rem; +} + +h4 { + font-size: 1.25rem; + color: #2a4866; + font-weight: 500; + margin-bottom: 0.7rem; +} + +h5 { + font-size: 1rem; + color: #537198; + font-weight: 400; + text-transform: capitalize; + letter-spacing: 0.05rem; + margin-bottom: 0.6rem; +} diff --git a/static/js/main.js b/static/js/main.js index c7f0752..26413a0 100644 --- a/static/js/main.js +++ b/static/js/main.js @@ -155,16 +155,6 @@ } }); - /** - * Preloader - */ - let preloader = select('#preloader'); - if (preloader) { - window.addEventListener('load', () => { - preloader.remove() - }); - } - /** * Initiate glightbox */ From 5a2668bda9c80281d7c8cfe8b6600f252d912db4 Mon Sep 17 00:00:00 2001 From: Jason Madigan Date: Thu, 12 Dec 2024 12:27:36 +0000 Subject: [PATCH 2/3] add prism.js Signed-off-by: Jason Madigan --- src/_includes/layout.njk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/_includes/layout.njk b/src/_includes/layout.njk index 753f385..9a05222 100644 --- a/src/_includes/layout.njk +++ b/src/_includes/layout.njk @@ -140,6 +140,11 @@ title: Kuadrant.io + + + + + From 1c5347ae849446746556aee6ae2c3332aed8d1e2 Mon Sep 17 00:00:00 2001 From: Jason Madigan Date: Tue, 10 Dec 2024 14:36:25 +0000 Subject: [PATCH 3/3] Kuadrant v1 blog post Signed-off-by: Jason Madigan --- src/blog/kuadrant-v1.md | 211 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 211 insertions(+) create mode 100644 src/blog/kuadrant-v1.md diff --git a/src/blog/kuadrant-v1.md b/src/blog/kuadrant-v1.md new file mode 100644 index 0000000..bffc1ae --- /dev/null +++ b/src/blog/kuadrant-v1.md @@ -0,0 +1,211 @@ +--- +title: Kuadrant v1 +date: 2024-11-28 +author: Jason Madigan +--- + +**Update:** Kuadrant [v1.0.1](https://github.com/Kuadrant/kuadrant-operator/releases/tag/v1.0.1) is now available, with some small bugfixes. + +## Kuadrant v1! + +We're thrilled to announce the release of Kuadrant [v1.0.0](https://github.com/Kuadrant/kuadrant-operator/releases/tag/v1.0.0)! This marks a major milestone in the Kuadrant project after its recent acceptance into [CNCF's sandbox](https://www.cncf.io/sandbox-projects/). + +### What is Kuadrant? + +Kuadrant is a set of Kubernetes-native controllers, services, and APIs that provide gateway policies for existing [Gateway API](https://gateway-api.sigs.k8s.io/) providers in both single and multi-cluster environments. It builds on top of Kubernetes [Gateway API](https://gateway-api.sigs.k8s.io/) and technologies such as Istio and Envoy to introduce provider-agnostic Gateway Policies for Kubernetes. + +### Why v1 Matters + +Reaching v1 signifies our project's stability, maturity, and production-readiness. With v1, we believe Kuadrant is now ready to power key workloads in Kubernetes environments. + +### What's new in v1? + +Here are some key highlights from this release: + +#### CRD Graduation to v1 + +`AuthPolicy`, `DNSPolicy`, `RateLimitPolicy`, and `TLSPolicy` have now graduated to `v1` in their CRDs, signalling their readiness for production use. We now consider these APIs stable, and commit to enabling migration paths in subsequent API upgrades. + +See the following documentation for API reference and usage examples: + +- `AuthPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/auth/) +- `DNSPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/dns/) +- `RateLimitPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/rate-limiting/) +- `TLSPolicy`: [Overview](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/overviews/tls/) + + +#### CEL Support +[CEL](https://cel.dev/) (Common Expression Language) introduces a powerful and flexible way to define conditions and predicates in [`AuthPolicy`](https://github.com/Kuadrant/authorino/blob/main/docs/features.md#common-feature-common-expression-language-cel) and [`RateLimitPolicy`](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/reference/ratelimitpolicy/#predicate). With CEL, you can evaluate custom boolean logic, extract and manipulate request data, and conditionally apply policies in expressive, dynamic ways. CEL's rich syntax includes string operations (e.g., `split`, `indexOf`), type-safe expressions, and robust support for combining logical operators. + +**Example: Dynamic Authorization Rules in an `AuthPolicy`** + +With CEL, you can configure AuthPolicy conditions to enforce access control based on dynamic request attributes. The following example demonstrates a Gateway deny-all policy with a CEL-based exception for requests to the `/health` path: + +```yaml +apiVersion: kuadrant.io/v1 +kind: AuthPolicy +metadata: + name: my-gateway-auth + namespace: gateways +spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: my-gateway + defaults: + when: + - predicate: "request.path != '/health'" + rules: + authorization: + deny-all: + opa: + rego: "allow = false" + response: + unauthorized: + headers: + "content-type": + value: application/json + body: + value: | + { + "error": "Forbidden", + "message": "Access denied by default by the gateway operator. If you are the administrator of the service, create a specific auth policy for the route." + } +``` + +For much more detailed examples, see this [document](https://github.com/Kuadrant/authorino/blob/main/docs/features.md#common-feature-conditions-when). + +**Example: User-Specific Rate Limiting in RateLimitPolicy** + +CEL can also simplify rate-limiting rules. Here's an example limiting general users to 1 request every 3 seconds while giving a specific user, "bob" a higher limit of 2 requests per 3 seconds: + +```yaml +apiVersion: kuadrant.io/v1 +kind: RateLimitPolicy +metadata: + name: toystore +spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: toystore + limits: + "general-user": + rates: + - limit: 1 + window: 3s + counters: + - expression: auth.identity.userid + when: + - predicate: "auth.identity.userid != 'bob'" + "bob-limit": + rates: + - limit: 2 + window: 3s + when: + - predicate: "auth.identity.userid == 'bob'" +``` + +#### Helm Installation Support + +Kuadrant now offers a way to install the Kuadrant Operator via Helm charts. The Helm charts are available and indexed on [ArtifactHub.io](https://artifacthub.io/packages/helm/kuadrant/kuadrant-operator). + +To get started with Helm, add the Kuadrant Helm repository and install the operator: + +```bash +helm repo add kuadrant https://kuadrant.io/helm-charts/ --force-update +helm install kuadrant kuadrant/kuadrant-operator --namespace kuadrant-system --create-namespace +helm status -n kuadrant-system kuadrant +``` + +For more details, explore our [Helm charts repository](https://kuadrant.io/helm-charts/). + + +#### On-cluster Gateway DNS Health Checks + +`DNSPolicy` now supports DNS health checks for `Gateway` resources. This allows you to define HTTP-based health checks for targetted `Gateway` listeners with specific (i.e. non-wildcard) hostnames. These health checks evaluate the health of configured endpoints, ensuring that unhealthy enpoints are unpublished or excluded from DNS records. + +An example: + +Suppose you have a `Gateway` called `external` with a listener for `example.com` and want to ensure only healthy endpoints are published. You can define a `DNSPolicy` with the following configuration: + +```yaml +apiVersion: kuadrant.io/v1 +kind: DNSPolicy +metadata: + name: gateway-dns +spec: + healthCheck: + failureThreshold: 3 + interval: 5m + path: /health + ... + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: external +``` + +This policy sets up a health check that probes the `/health` endpoint on `example.com` every 5 minutes. If `3` consecutive checks fail, the `DNSRecord` for `example.com` will be marked unhealthy. Depending on the policy's configuration, the IP will either be excluded from DNS records (say, if it's part of a multi-value A record) or unpublished altogether. This ensures that only healthy endpoints are routed through DNS. + + +To read more about `DNSPolicy` and health checks, see our [DNS health checks documentation](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/user-guides/dns/dnshealthchecks/) + +#### Policy Machinery Integration + +Our core components now implement [policy-machinery](https://github.com/Kuadrant/policy-machinery), providing a powerful way to calculate and visualise the "state of the world" for policy-attachment based policies on Kubernetes clusters. No more guessing where policies and their behaviours originate from. Policy machinery and visualisation through the console plugin make it easier than ever to reason about policy effects, behaviours and origins. + +#### Shift to the Sail Operator + +With v1, we recommend installing Istio using the new Istio [Sail Operator](https://istio.io/latest/blog/2024/introducing-sail-operator/) instead of `istioctl`. Our guides and documentation for getting started have been amended to incorporate this change. + + +#### Envoy Gateway support + +We've recently added [support](https://github.com/Kuadrant/kuadrant-operator/issues/325) for [Envoy Gateway](https://gateway.envoyproxy.io/) as a Gateway API implementation, complementing the Istio support we’ve provided so far. Until now, Kuadrant relied exclusively on Istio as a Gateway API provider, leveraging its robust extension mechanisms, such as [Wasm Plugins](https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/). However, recent advancements in Envoy Gateway, including the introduction of [`EnvoyPatchPolicy`](https://gateway.envoyproxy.io/contributions/design/envoy-patch-policy/) and [Wasm Extensions](https://gateway.envoyproxy.io/v1.1/tasks/extensibility/wasm/), enable us to achieve similar functionality with Envoy Gateway. + +Our [installation guides](https://docs.kuadrant.io/1.0.x/kuadrant-operator/doc/install/install-kubernetes/#optional-install-envoy-gateway-as-a-gateway-api-provider) for Kubernetes now include optional steps to choose between Istio or Envoy Gateway as your preferred Gateway API provider. + + +#### Wasm-based Auth + +Although primarily an "under the hood" enhancement, this change is significant and worth highlighting. + +Previously, [Authorino](https://github.com/Kuadrant/authorino), which implements `AuthPolicy`, relied on Istio's [AuthorizationPolicy](https://istio.io/latest/docs/reference/config/security/authorization-policy/) to provide authorization in the request flow. Starting with v1, this mechanism has been replaced with an [EnvoyFilter](https://istio.io/latest/docs/reference/config/networking/envoy-filter/) and [Wasm Extensions](https://github.com/Kuadrant/wasm-shim), aligning its implementation with how `RateLimitPolicy` operates. + +`RateLimitPolicy` has long utilised a Wasm-shim as an intercept point to apply rate-limiting logic in Envoy. By adopting a similar Wasm-shim-based approach, `AuthPolicy` now gains improved flexibility and extensibility. This update also simplifies our architecture by standardising the mechanisms used across our core policies, ensuring both consistency and better alignment. + +#### SectionName Support + +Added support for [SectionName](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.SectionName) throughout our policy set, allowing users to apply policies to specific sections of Gateways. + +#### New Console Plugin + +For [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) / [OKD](https://okd.io/) console users, a new Console Plugin is available for managing policies and visualising [policy-machinery](https://github.com/Kuadrant/policy-machinery) "state of the world". We plan to make some of this functionality available through other means for Kubernetes users in the near future. + + +#### Other, smaller changes + +In addition to the above, many more smaller fixes and enhancements are captured by our [release changelogs](https://github.com/Kuadrant/kuadrant-operator/releases/tag/v1.0.0)). Take a look at our associated component release notes too for smaller changes not covered in detail here. + +### Components in this release + +The individual components that make up this v1.0.0 release of the Kuadrant Operator: + +| **Component** | **Version** | +|---------------------|---------------------------------------------------------------------------------------------------| +| Authorino Operator | [v0.16.0](https://github.com/Kuadrant/authorino-operator/releases/tag/v0.16.0) | +| Limitador Operator | [v0.12.1](https://github.com/Kuadrant/limitador-operator/releases/tag/v0.12.1) | +| DNS Operator | [v0.12.0](https://github.com/Kuadrant/dns-operator/releases/tag/v0.12.0) | +| Wasm Shim | [v0.8.1](https://github.com/Kuadrant/wasm-shim/releases/tag/v0.8.1) | +| Console Plugin | [v0.0.14](https://github.com/Kuadrant/console-plugin/releases/tag/v0.0.14) | + +### Thank you and how to get involved + +We are always looking for ways to extend the community and encourage contributions. We thank all of our community contributors for helping make v1 happen! + +To find out more and get involved: + +- Check out the [documentation](https://docs.kuadrant.io) +- Explore the Kuadrant [repositories](https://github.com/kuadrant/) +- Engage with the [community](https://kuadrant.io/community/)