Release v0.15.0 · k8gb-io/k8gb

K8gb v0.15.0 introduces major architectural improvements, enhanced multi-zone capabilities, dynamic configuration features, and strengthened security. This release represents significant progress toward more scalable, flexible, and robust global load balancing for Kubernetes.

🚀 Major Features & Enhancements

Multi-Zone DNS Support

New capability: k8gb can now manage multiple DNS zones in a single deployment
Eliminates the need for multiple k8gb deployments across different namespaces
Simplified configuration through the new dnsZones array in Helm values
Supports managing different domains and environments from a single configuration

Example Configuration:

k8gb:
  dnsZones:
    - parentZone: "example.com"
      loadBalancedZone: "cloud.example.com"
      dnsZoneNegTTL: 30
    - parentZone: "example.org"
      loadBalancedZone: "cloud.example.org"
      dnsZoneNegTTL: 30

Dynamic GeoTags Discovery

Automatic GeoTag discovery: k8gb can now automatically discover external cluster GeoTags from DNS NS records
Reduces manual configuration overhead and eliminates the need to restart all k8gb instances when adding/removing clusters
Particularly beneficial for large-scale, dynamic multi-cluster environments
Configurable via empty extGslbClustersGeoTags value to enable dynamic discovery

Enhanced ResourceRef Support

Extended GSLB ResourceRef: Now supports name, namespace, and kind fields for more flexible resource referencing
Improved resource resolution capabilities for complex Kubernetes environments
Better integration with various ingress controllers and service mesh configurations

🏗️ Architectural Improvements

Upstream Chart Integration

CoreDNS: Migrated to official upstream CoreDNS Helm chart instead of maintaining a fork
External-DNS: Now uses upstream external-dns chart for AWS integrations and other providers
Improved maintainability and faster adoption of upstream security fixes and features

Enhanced Bootstrap & Zone Management

New bootstrap package: Improved cluster IP discovery and DNS zone initialization
Automated DNS zone setup: Better handling of zone delegation during cluster bootstrap
ClusterIP support: New flag to support CoreDNS exposed via ClusterIP instead of requiring LoadBalancer

Reverse Proxy Support

Production deployment flexibility: k8gb now supports deployment behind reverse proxies
Enhanced for enterprise environments with complex networking requirements
Improved compatibility with ingress controllers and service mesh architectures

🔧 Operational Improvements

Enhanced Testing Framework

Chainsaw integration: New Kubernetes-native e2e testing framework alongside existing Terratest
Improved test coverage: More comprehensive testing scenarios for multi-cluster setups
Better debugging: Enhanced test failure diagnostics and logging

Monitoring & Observability

Vertical Pod Autoscaling: Added VPA support for k8gb, CoreDNS, and external-dns components
Performance optimizations: Reduced external DNS configuration flapping
Event recording: GSLB now records Kubernetes events when references cannot be resolved

Configuration Enhancements

CoreDNS flexibility: Added boolean flag to disable CoreDNS ConfigMap management when not needed
Extra server blocks: Support for custom CoreDNS server block configuration per zone
Multiline plugin support: Improved indentation handling for complex CoreDNS configurations

🔒 Security & Compliance

SLSA Provenance

Official SLSA generator: Upgraded to official SLSA provenance generation for enhanced supply chain security
Improved artifact attestation: Better verification of build artifacts and container images
Compliance readiness: Enhanced security posture for enterprise and regulated environments

Documentation Site Security

MkDocs integration: New comprehensive documentation site with GitHub Pages deployment
Automated security scanning: Enhanced CI/CD pipelines with security analysis
Dependency management: Regular automated updates of non-major dependencies

Reference examples and integrations

Crossplane Integration & Global Control Planes

New reference architecture: Complete Crossplane integration example for resilient multi-region global control planes
Active/Passive failover patterns with DNS-based health monitoring
GSLB health status integration for automated control plane transitions
Reference templates and deployment guides in /docs/examples/crossplane/

⚠️ Breaking Changes

Helm Chart - dnsZone configuration is now a list

BREAKING: dnsZone and edgeDnsZone chart values are deprecated in favor of dnsZones array
Migration path:
- Old: k8gb.dnsZone and k8gb.edgeDnsZone
- New: k8gb.dnsZones[0].loadBalancedZone and k8gb.dnsZones[0].parentZone

Helm Chart - AWS Route53 Integration must be configured using external dns

BREAKING: helm values under the key route53 are deprecated in favor of configuration under the key extdns. For an exact guide on how to migrate see the section More on Breaking changes

Removed Features

SplitBrain removed: split brain logic was already deprecated and removed in a previous release. Now we simply removed it from the CRD. This is merely a CRD update with no user impact.

🔄 Performance & Reliability

DNS Performance Optimizations

Health computation optimization: Application health is now computed only once per reconciliation cycle
External DNS efficiency: Reduced flapping in external DNS configurations
CNAME support: Enhanced DNS utilities with CNAME record support

Resource Management

Improved reconciliation: More efficient controller reconciliation loops
Better error handling: Enhanced error reporting and recovery mechanisms
Memory optimization: Reduced memory footprint in large-scale deployments

📦 Upgrade Instructions

Backup current configuration: Save existing Helm values and GSLB resources
Review breaking changes: Update chart values for new dnsZones format
Test in staging: Validate multi-zone and dynamic GeoTag functionality
Upgrade clusters: Rolling upgrade recommended for production environments
Verify functionality: Test DNS resolution and failover scenarios post-upgrade

⚠️ More on Breaking changes:

v0.15.0 contains two breaking changes in the Helm chart. One relates to DNS zone configuration, which affects all users. The second one only affects users using the AWS Route53 integration.

DNS Zones

To support multiple dnsZones we created a new helm value called k8gb.dnsZones (list of objects), and deprecated the values k8gb.dnsZoneNegTTL, k8gb.edgeDnsZone, k8gb.dnsZone. We took this opportunity to clarify the naming since it was not always clear what an edge zone is.
In your chart you will need to change from:

k8gb:
  dnsZone: demo.example.com
  dnsZoneNegTTL: 300
  edgeDNSZone: example.com

to:

k8gb:
  dnsZones:
    - loadBalancedZone: demo.example.com
      parentZone: example.com
      dnsZoneNegTTL: 300

AWS Route53 integration

The AWS Route53 integration was migrated to native external dns configuration. This allows for more flexibility when configuring this integration, since you are no longer dependent on our wrappers of external-dns configuration.

If your authentication to AWS used a role ARN, then your configuration needs to be adapted as described in the external-dns docs from:

route53:
  enabled: true
  irsaRole: arn:aws:iam::111111:role/external-dns

route53:
  enabled: true
  assumeRoleArn: arn:aws:iam::111111:role/external-dns

to:

extdns:
  enabled: true
  provider:
    name: aws
  serviceAccount:
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::111111:role/external-dns

If your authentication to AWS used secret (called credentials in this example), then your configuration needs to be adapted as described in the external-dns docs from:

route53:
  enabled: true
  secret: credentials

extdns:
  enabled: true
  provider:
    name: aws
  extraVolumes:
  - name: aws-credentials
    secret:
      secretName: credentials
  extraVolumeMounts:
  - name: aws-credentials
    mountPath: /.aws
    readOnly: true

In addition, the new version of external-dns requires the AWS_DEFAULT_REGION environment variable to be explicitly defined:

extdns:
  env:
  - name: AWS_DEFAULT_REGION
    value: "us-east-1"

Finally, a couple of variables must be specified (there are helm validation function that make sure they are correct). Replace with the same value as k8gb.clusterGeoTag, and domainFilters with the same values as k8gb.dnsZones.parentZone:

extdns:
  txtPrefix: "k8gb-<GEOTAG>"
  txtOwnerId: "k8gb-<GEOTAG>"
  domainFilters:
  - "<domain>"

If you used to set hostedZoneID, then the txtOwnerId takes the value k8gb--.

What's Changed

Update Offline Changelog by @github-actions[bot] in #1733
Update Helm Docs by @github-actions[bot] in #1729
chore(deps): update goreleaser/goreleaser-action digest to 006a7a4 by @renovate[bot] in #1708
Allow configuration of extra coredns server blocks by @abaguas in #1709
chore(deps): update all non-major dependencies by @renovate[bot] in #1726
Update Helm Docs by @github-actions[bot] in #1736
chore(deps): update dependency k8gb-io/k8gb to v0.14.0 by @renovate[bot] in #1735
chore(deps): update actions/checkout digest to v4.1.7 by @renovate[bot] in #1730
chore(deps): update endbug/add-and-commit digest to v9.1.4 by @renovate[bot] in #1734
chore(deps): update docker/login-action digest to v3.3.0 by @renovate[bot] in #1728
chore(deps): update step-security/harden-runner digest to v2.10.1 by @renovate[bot] in #1725
chore(deps): update github/codeql-action digest to v3.26.9 by @renovate[bot] in #1723
chore(deps): update peter-evans/create-pull-request digest to v7.0.5 by @renovate[bot] in #1722
chore(deps): update golangci/golangci-lint-action digest to v6.1.0 by @renovate[bot] in #1721
chore(deps): update actions/upload-artifact digest to v4.4.0 by @renovate[bot] in #1715
chore(deps): update fossa-contrib/fossa-action digest to v3.0.0 by @renovate[bot] in #1713
chore(deps): update docker/build-push-action digest to v6.8.0 by @renovate[bot] in #1740
Documentation: update GOVERNANCE for incubation application - vendor neutrality by @elohmrow in #1747
chore(deps): update all non-major dependencies by @renovate[bot] in #1737
chore(deps): update otel/opentelemetry-collector docker tag to v0.111.0 by @renovate[bot] in #1738
chore(deps): update dependency ubuntu to v24 by @renovate[bot] in #1739
Update Helm Docs by @github-actions[bot] in #1748
fix(deps): update module github.com/gruntwork-io/terratest to v0.47.2 by @renovate[bot] in #1742
chore(deps): update fkirc/skip-duplicate-actions digest to v5.3.1 by @renovate[bot] in #1751
chore(deps): update goreleaser/goreleaser-action digest to v6.0.0 by @renovate[bot] in #1750
chore(deps): update heinrichreimer/github-changelog-generator-action digest to v2.4 by @renovate[bot] in #1752
Add Open Systems to the adopters list by @abaguas in #1753
Add PagBank to the adopters list by @altieresfreitas in #1755
fix(deps): update module go.uber.org/mock to v0.5.0 by @renovate[bot] in #1757
chore(deps): update otel/opentelemetry-collector docker tag to v0.112.0 by @renovate[bot] in #1759
fix(deps): update module sigs.k8s.io/controller-runtime to v0.19.1 by @renovate[bot] in #1760
Update Helm Docs by @github-actions[bot] in #1761
Update unit tests reference by @emmanuel-ferdman in #1763
chore(deps): update all non-major dependencies by @renovate[bot] in #1749
Update Helm Docs by @github-actions[bot] in #1764
Record event if GSLB references cannot be resolved by @abaguas in #1769
Readme/website update by @ytsarev in #1771
Allow override of DEPLOY_APPS by @abaguas in #1768
Prevent flapping of external DNS configuration by @abaguas in #1767
fix(deps): update module sigs.k8s.io/external-dns to v0.15.0 by @renovate[bot] in #1716
chore(deps): update all non-major dependencies by @renovate[bot] in #1770
Update Helm Docs by @github-actions[bot] in #1779
Bump coreDNS image by @abaguas in #1784
Compute health of applications only once by @abaguas in #1777
chore(deps): update all non-major dependencies by @renovate[bot] in #1780
Update Helm Docs by @github-actions[bot] in #1785
fix(deps): update module sigs.k8s.io/controller-runtime to v0.19.3 by @renovate[bot] in #1781
Introduce chainsaw as e2e testing framework by @abaguas in #1758
Add CNAME support to util.Dig by @bewing in #1783
Add flag to support ClusterIP exposed CoreDNS by @bewing in #1788
use upstream coreDNS chart instead of fork by @abaguas in #1776
Update Helm Docs by @github-actions[bot] in #1793
fix(deps): update module github.com/gruntwork-io/terratest to v0.48.1 by @renovate[bot] in #1787
Add KubeCon NA 2024 recording by @ytsarev in #1794
chore(deps): update kyverno/action-install-chainsaw action to v0.2.12 by @renovate[bot] in #1790
chore(deps): update otel/opentelemetry-collector docker tag to v0.116.1 by @renovate[bot] in #1775
Update Helm Docs by @github-actions[bot] in #1795
Fix CI badges in README by @ytsarev in #1796
Support k8gb behind a reverse proxy by @abaguas in #1710
Update Helm Docs by @github-actions[bot] in #1801
[maintenance] bump golangci-lint to latest by @kuritka in #1802
[maintenance] bump module dependencies 2025-01-15 by @kuritka in #1803
fix(deps): update all non-major dependencies by @renovate[bot] in #1786
Update Helm Docs by @github-actions[bot] in #1807
Update self-assessment.md by @elohmrow in #1806
fix(deps): update all non-major dependencies by @renovate[bot] in #1808
chore(deps): update helm release coredns to v1.38.1 by @renovate[bot] in #1811
Update Helm Docs by @github-actions[bot] in #1812
Update self-assessment.md by @elohmrow in #1809
chore(deps): update stackrox/kube-linter-action digest to c232ba1 by @renovate[bot] in #1804
fix(deps): update module sigs.k8s.io/controller-runtime to v0.20.1 by @renovate[bot] in #1798
More updates to Security self assessments by @ytsarev in #1810
Update CODEOWNERS by @elohmrow in #1805
Add ChatLoopBackOff - Episode 42 (K8gb) to recordings by @ytsarev in #1814
chore(deps): update github/codeql-action action to v3.28.6 by @renovate[bot] in #1813
chore(deps): update otel/opentelemetry-collector docker tag to v0.118.0 by @renovate[bot] in #1799
chore(deps): update actions/setup-go digest to 5a083d0 by @renovate[bot] in #1789
Update Helm Docs by @github-actions[bot] in #1815
chore(deps): update github/codeql-action action to v3.28.7 by @renovate[bot] in #1816
chore(deps): update all non-major dependencies by @renovate[bot] in #1817
Update Helm Docs by @github-actions[bot] in #1818
Update CODEOWNERS by @elohmrow in #1821
Adding Darede to the ADOPTERS list by @diego7marques in #1824
chore(deps): update otel/opentelemetry-collector docker tag to v0.119.0 by @renovate[bot] in #1823
fix(deps): update module github.com/gruntwork-io/terratest to v0.48.2 by @renovate[bot] in #1822
Update Helm Docs by @github-actions[bot] in #1825
chore(deps): update all non-major dependencies by @renovate[bot] in #1819
Update Helm Docs by @github-actions[bot] in #1826
Update Non-goals in Security Self-Assessment by @ytsarev in #1820
Remove SplitBrain implementation by @kuritka in #1829
ubuntu-20.04 hosted runner image is closing down: bump to 24.04 by @jkremser in #1836
Add support for multiple zones by @kuritka in #1845
Add namespace label to terratests by @kuritka in #1846
Update Helm Docs by @github-actions[bot] in #1847
Possibility to Stop Regular Reconciliation by @kuritka in #1848
chore(deps): update otel/opentelemetry-collector docker tag to v0.121.0 by @renovate[bot] in #1835
Update Helm Docs by @github-actions[bot] in #1852
fix(deps): update module sigs.k8s.io/controller-runtime to v0.20.2 by @renovate[bot] in #1834
Improve external dns performance by @abaguas in #1855
fix(deps): update module sigs.k8s.io/controller-runtime to v0.20.3 by @renovate[bot] in #1854
Ignore 'mesh' gateway in Istio Virtual Service by @abaguas in #1853
Fix status field requirements by @k0da in #1861
DNSZones setup on bootstrap by @kuritka in #1860
Infoblox v2 by @kuritka in #1866
UnitTest: Fix DNS Factory tests by @kuritka in #1867
Unit Tests: Create Zone Delegation for external-dns provider by @kuritka in #1865
Bootstrap in standalone package by @kuritka in #1864
Fix: Remove EDGE_DNSZONE and DNS_ZONE envvars by @kuritka in #1871
Weight tests, Extract QueryService by @kuritka in #1873
GO v1.24.1, golangci-lint v2.0.2, bump references by @kuritka in #1874
Bootstrap refactored; k8gb.io/ip-source="true" for ingress by @kuritka in #1878
Update Helm Docs by @github-actions[bot] in #1879
Add Bradley's KubeCon EU 2025 lightning talk by @ytsarev in #1883
chore(deps): update otel/opentelemetry-collector docker tag to v0.123.0 by @renovate[bot] in #1862
fix(deps): update all non-major dependencies by @renovate[bot] in #1827
Update Helm Docs by @github-actions[bot] in #1884
Remove GSLB-derived annotations from generated Ingress and add management label by @kuritka in #1890
Remove .cancelled files by @kuritka in #1891
fix(deps): update module go.uber.org/mock to v0.5.2 by @renovate[bot] in #1880
Remove outdated linters by @ytsarev in #1893
Use upstream chart for external-dns for AWS integration by @abaguas in #1856
Fix: Upgrade testing, split stable and test versions by @kuritka in #1899
Waiting for ingress IP addresses in the local environment, fix logger… by @kuritka in #1898
Update Helm Docs by @github-actions[bot] in #1894
ExtendResourceRef, Change ingress lifecycle by @kuritka in #1889
Don't write uselsess namespace into resourceRef by @k0da in #1903
FIX: Processing rest of targets when querying GlueA or NS fails by @kuritka in #1904
[breaking] deprecate dnsZone and edgeDnsZone chart values by @abaguas in #1876
Update Helm Docs by @github-actions[bot] in #1911
improve default values of cluster geo tags by @abaguas in #1902
Update also tags in chart's default values by @abaguas in #1913
chore(deps): update otel/opentelemetry-collector docker tag to v0.126.0 by @renovate[bot] in #1905
Update Helm Docs by @github-actions[bot] in #1916
FIX: internal logr adapter panics by @kuritka in #1915
Update coredns tag by @k0da in #1918
RELEASE: v0.15.0-rc1 by @kuritka in #1917
Update Helm Docs by @github-actions[bot] in #1920
FIX: Stable version fur upgrade testing. Sticking RELEASE by @kuritka in #1922
Update Offline Changelog by @github-actions[bot] in #1923
Dynamic GeoTags by @kuritka in #1914
2021-present - change fixed year in license header by @kuritka in #1924
Create automated test setup for AWS route53 by @abaguas in #1897
FIX: HELM Disable validation - parentZones equal to extDNSZones by @kuritka in #1929
RELEASE: v0.15.0-rc2 by @kuritka in #1930
Update Offline Changelog by @github-actions[bot] in #1931
fix values.schema.json for Dynamic GeoTags by @mel3c in #1933
FIX: inline license for zz_generated.deepcopy.go by @kuritka in #1935
Documentation for v0.15.0 features by @kuritka in #1932
BUMP GO references May 2025 by @kuritka in #1934
Crossplane + k8gb reference example by @ytsarev in #1936
Update Helm Docs by @github-actions[bot] in #1925
Update otel/opentelemetry-collector Docker tag to v0.128.0 by @renovate[bot] in #1927
Update registry.k8s.io/external-dns/external-dns Docker tag to v0.17.0 by @renovate[bot] in #1895
Update Helm Docs by @github-actions[bot] in #1937
Refactor depresolver to resolver by @kuritka in #1928
Update all non-major dependencies by @renovate[bot] in #1885
Update Helm Docs by @github-actions[bot] in #1938
Update all non-major dependencies by @renovate[bot] in #1939
Update module github.com/gruntwork-io/terratest to v0.50.0 by @renovate[bot] in #1901
Update Helm Docs by @github-actions[bot] in #1941
Update all non-major dependencies by @renovate[bot] in #1942
Switch from Endpoints to EndpointSlice API (deprecation) by @jkremser in #1940
Update Helm Docs by @github-actions[bot] in #1944
add coredns plugin and server bocks per zone by @barmettlerl in #1947
Update Terraform terraform-aws-modules/eks/aws to v20.37.1 by @renovate[bot] in #1946
Update Terraform aws to v6 by @renovate[bot] in #1945
Update Helm Docs by @github-actions[bot] in #1948
Add artifacts from KubeCon China 2025 to frontpage readme by @ytsarev in #1951
Update all non-major dependencies by @renovate[bot] in #1949
Update github/codeql-action action to v3.29.1 by @renovate[bot] in #1955
Use add selector labels to pod by @k0da in #1957
RELEASE: v0.15.0-rc3 by @k0da in #1958
add vertical pod scaling for k8gb, coredns and externaldns by @barmettlerl in #1963
[Documentation] WRR caveats by @kuritka in #1965
Allow multiline extraplugin by @barmettlerl in #1966
Update Offline Changelog by @github-actions[bot] in #1961
Update otel/opentelemetry-collector Docker tag to v0.129.1 - autoclosed by @renovate[bot] in #1962
Update all non-major dependencies by @renovate[bot] in #1956
Update Helm Docs by @github-actions[bot] in #1960
created docs site with mkdocs by @itsfarhan in #1971
Revert "created docs site with mkdocs" by @ytsarev in #1972
add option to disable coredns configmap provided by k8gb by @barmettlerl in #1968
Update all non-major dependencies by @renovate[bot] in #1970
Update Helm Docs by @github-actions[bot] in #1974
Update badges, mitigate false negatives by @ytsarev in #1975
RELEASE: v0.15.0 by @ytsarev in #1981
Fix SLSA provenance generation with official generator by @ytsarev in #1982
Revert "RELEASE: v0.15.0 (#1981)" by @ytsarev in #1984
Revamped K8GB site with Mkdocs by @itsfarhan in #1979
Fix mkdocs GitHub Pages deployment with reliable chart preservation by @ytsarev in #1985
Fix mkdocs warnings and missing links by @ytsarev in #1986
Fix mkdocs preservation logic issue, add workflow_dispatch by @ytsarev in #1987
Upgrade to official SLSA provenance generation by @ytsarev in #1983
RELEASE: v0.15.0 (#1981) by @ytsarev in #1988

New Contributors

@altieresfreitas made their first contribution in #1755
@emmanuel-ferdman made their first contribution in #1763
@bewing made their first contribution in #1783
@diego7marques made their first contribution in #1824
@mel3c made their first contribution in #1933
@barmettlerl made their first contribution in #1947
@itsfarhan made their first contribution in #1971

Full Changelog: v0.14.0...v0.15.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v0.15.0