Merge branch 'main' into kgo-version-compat-matrix

Kong · Nov 20, 2023 · 7d72863 · 7d72863
2 parents 1efc1d8 + c15f428
commit 7d72863
Show file tree

Hide file tree

Showing 18 changed files with 315 additions and 265 deletions.
diff --git a/app/_data/docs_nav_kgo_1.0.x.yml b/app/_data/docs_nav_kgo_1.0.x.yml
@@ -80,12 +80,16 @@ items:
         items:
           - text: Overview
             url: /reference/custom-resources/
+            src: reference/custom-resources/1.0.x
           - text: GatewayConfiguration
             url: /reference/custom-resources/#gatewayconfiguration
+            generate: false
           - text: ControlPlane
             url: /reference/custom-resources/#controlplane
+            generate: false
           - text: DataPlane
             url: /reference/custom-resources/#dataplane
+            generate: false
       - text: License
         url: /reference/license
       - text: Version Compatibility

diff --git a/app/_data/kong_versions.yml b/app/_data/kong_versions.yml
@@ -114,7 +114,7 @@
     pcre: 8.45
   lua_doc: true
 - release: "3.5.x"
-  ee-version: "3.5.0.0"
+  ee-version: "3.5.0.1"
   ce-version: "3.5.0"
   edition: "gateway"
   luarocks_version: "3.0.0-0"

diff --git a/app/_hub/kong-inc/application-registration/versions.yml b/app/_hub/kong-inc/application-registration/versions.yml
@@ -1,6 +1,7 @@
 strategy: gateway
 releases:
   minimum_version: '2.1.x'
+  maximum_version: '3.4.x'
 
 overrides:
   2.8.x: 2.0.0

diff --git a/app/_src/.repos/kuma b/app/_src/.repos/kuma
diff --git a/...rator/reference/custom-resources/index.md → ...rator/reference/custom-resources/1.0.x.md b/...rator/reference/custom-resources/index.md → ...rator/reference/custom-resources/1.0.x.md
diff --git a/app/_src/gateway/install/docker/build-custom-images.md b/app/_src/gateway/install/docker/build-custom-images.md
@@ -3,7 +3,7 @@ title: Build your own Docker images
 content_type: how-to
 ---
 
-Kong is distributed as prebuilt `apk`, `deb`, and `rpm` packages, in addition to official Docker images hosted on [DockerHub](https://hub.docker.com/r/kong)
+Kong is distributed as prebuilt {% if_version lte:3.3.x %}`apk`, {% endif_version %}`deb` and `rpm` packages, in addition to official Docker images hosted on [DockerHub](https://hub.docker.com/r/kong)
 
 Kong builds and verifies [Debian](#dockerhub-debian-link-here) and [RHEL](#dockerhub-rhel-link-here) images for use in production. {% if_version lte:3.3.x %}[Alpine](#dockerhub-alpine-link-here) images are provided for **development purposes only** as they contain development tooling such as `git` for plugin development purposes.{% endif_version %}
 
@@ -17,7 +17,8 @@ chmod +x docker-entrypoint.sh
 ```
 
 1. Download the {{site.base_gateway}} package:
-    * **Debian and Ubuntu**: [.deb]({{ site.links.cloudsmith }}/public/gateway-{{ page.major_minor_version }}/deb/ubuntu/pool/jammy/main/k/ko/kong-enterprise-edition_{{page.versions.ee}}/kong-enterprise-edition_{{page.versions.ee}}_amd64.deb).
+    * **Debian**: [.deb]({{ site.links.cloudsmith }}/public/gateway-{{ page.major_minor_version }}/deb/debian/pool/bullseye/main/k/ko/kong-enterprise-edition_{{page.versions.ee}}/kong-enterprise-edition_{{page.versions.ee}}_amd64.deb).
+    * **Ubuntu**: [.deb]({{ site.links.cloudsmith }}/public/gateway-{{ page.major_minor_version }}/deb/ubuntu/pool/jammy/main/k/ko/kong-enterprise-edition_{{page.versions.ee}}/kong-enterprise-edition_{{page.versions.ee}}_amd64.deb).
     {% comment %}
     not all of the older alpine "packages" met Cloudsmith's definition for what an alpine package must be
     so some are uploaded there as "raw" artifacts instead and must be linked to differently
@@ -32,7 +33,6 @@ chmod +x docker-entrypoint.sh
 
 1. Create a `Dockerfile`, ensuring you replace the filename by the first `COPY` with the name of the {{site.base_gateway}} file you downloaded in step 2:
 
-{% if_version lte:3.3.x %}
 {% capture dockerfile_run_steps %}COPY docker-entrypoint.sh /docker-entrypoint.sh
 
 USER kong
@@ -64,7 +64,6 @@ RUN set -ex; \
     && rm -rf /tmp/kong.deb \
     && chown kong:0 /usr/local/bin/kong \
     && chown -R kong:0 /usr/local/kong \
-    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
     && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
@@ -88,7 +87,6 @@ RUN set -ex; \
     && rm -rf /tmp/kong.deb \
     && chown kong:0 /usr/local/bin/kong \
     && chown -R kong:0 /usr/local/kong \
-    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
     && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
@@ -110,7 +108,6 @@ RUN set -ex; \
     && rm /tmp/kong.rpm \
     && chown kong:0 /usr/local/bin/kong \
     && chown -R kong:0 /usr/local/kong \
-    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
     && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
@@ -119,6 +116,8 @@ RUN set -ex; \
 {{ dockerfile_run_steps }}
 ```
 {% endnavtab %}
+
+{% if_version lte:3.3.x %}
 {% navtab Alpine %}
 ```dockerfile
 
@@ -137,7 +136,6 @@ RUN set -ex; \
     && chown kong:0 /usr/local/bin/kong \
     && chmod -R g=u /usr/local/kong \
     && rm -rf /tmp/kong.tar.gz \
-    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
     && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
     && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
@@ -147,111 +145,22 @@ RUN set -ex; \
 {{ dockerfile_run_steps }}
 ```
 {% endnavtab %}
-{% endnavtabs %}
-{% endcapture %}
-{{ dockerfile | indent }}
 {% endif_version %}
 
-{% if_version gte:3.4.x %}
-{% capture dockerfile_run_steps %}COPY docker-entrypoint.sh /docker-entrypoint.sh
-
-USER kong
-
-ENTRYPOINT ["/docker-entrypoint.sh"]
-
-EXPOSE 8000 8443 8001 8444 8002 8445 8003 8446 8004 8447
-
-STOPSIGNAL SIGQUIT
-
-HEALTHCHECK --interval=10s --timeout=10s --retries=10 CMD kong health
-
-CMD ["kong", "docker-start"]{% endcapture %}
-
-{% capture dockerfile %}
-{% navtabs codeblock indent %}
-
-{% navtab Debian %}
-```dockerfile
-
-FROM debian:bullseye-slim
-
-COPY kong.deb /tmp/kong.deb
-
-RUN set -ex; \
-    apt-get update \
-    && apt-get install --yes /tmp/kong.deb \
-    && rm -rf /var/lib/apt/lists/* \
-    && rm -rf /tmp/kong.deb \
-    && chown kong:0 /usr/local/bin/kong \
-    && chown -R kong:0 /usr/local/kong \
-    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
-    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
-    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
-    && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
-    && kong version
-
-{{ dockerfile_run_steps }}
-```
-{% endnavtab %}
-
-{% navtab Ubuntu %}
-```dockerfile
-
-FROM ubuntu:20.04
-
-COPY kong.deb /tmp/kong.deb
-
-RUN set -ex; \
-    apt-get update \
-    && apt-get install --yes /tmp/kong.deb \
-    && rm -rf /var/lib/apt/lists/* \
-    && rm -rf /tmp/kong.deb \
-    && chown kong:0 /usr/local/bin/kong \
-    && chown -R kong:0 /usr/local/kong \
-    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
-    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
-    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
-    && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
-    && kong version
-
-{{ dockerfile_run_steps }}
-```
-{% endnavtab %}
-
-{% navtab RHEL %}
-```dockerfile
-
-FROM registry.access.redhat.com/ubi8/ubi:8.1
-
-COPY kong.rpm /tmp/kong.rpm
-
-RUN set -ex; \
-    yum install -y /tmp/kong.rpm \
-    && rm /tmp/kong.rpm \
-    && chown kong:0 /usr/local/bin/kong \
-    && chown -R kong:0 /usr/local/kong \
-    && ln -s /usr/local/openresty/bin/resty /usr/local/bin/resty \
-    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/luajit \
-    && ln -s /usr/local/openresty/luajit/bin/luajit /usr/local/bin/lua \
-    && ln -s /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx \
-    && kong version
-
-{{ dockerfile_run_steps }}
-```
-{% endnavtab %}
 {% endnavtabs %}
 {% endcapture %}
 {{ dockerfile | indent }}
-{% endif_version %}
 
 1. Build your image:
-```bash
-docker build --no-cache -t kong-image .
-```
+
+    ```bash
+    docker build --platform linux/amd64 --no-cache -t kong-image .
+    ```
 
 1. Test that the image built correctly:
-```
-docker run -it --rm kong-image kong version
-```
+
+    ```
+    docker run -it --rm kong-image kong version
+    ```
 
 1. To run {{ site.base_gateway }} and process traffic, follow the [Docker install instructions](/gateway/latest/install/docker/), replacing the image name with your custom name.
diff --git a/..._src/gateway/production/deployment-topologies/db-less-and-declarative-config.md b/..._src/gateway/production/deployment-topologies/db-less-and-declarative-config.md
@@ -294,6 +294,10 @@ This restriction is limited to what would be otherwise database operations. In
 particular, using `POST` to set the health state of targets is still enabled,
 since this is a node-specific in-memory operation.
 
+#### Kong Manager compatibility
+
+Kong Manager cannot guarantee compatibility with {{site.base_gateway}} operating in DB-less mode. You cannot create, update, or delete entities with Kong Manager when {{site.base_gateway}} is running in this mode. Entity counters in the "Summary" section on the global and workspace overview pages will not function correctly as well.
+
 #### Plugin compatibility
 
 Not all Kong plugins are compatible with DB-less mode. By design, some plugins

diff --git a/app/gateway/changelog.md b/app/gateway/changelog.md
@@ -9,6 +9,13 @@ Changelog for supported Kong Gateway versions.
 
 For product versions that have reached the end of sunset support, see the [changelog archives](https://legacy-gateway--kongdocs.netlify.app/enterprise/changelog/).
 
+## 3.5.0.1
+**Release Date** 2023/11/14
+
+### Fixes
+#### Kong Manager
+* Fixed an issue where some values in the config cards did not display correctly.
+
 ## 3.5.0.0
 **Release Date** 2023/11/08
 
@@ -18,7 +25,7 @@ For product versions that have reached the end of sunset support, see the [chang
 This change alters the behavior of `logout_post_arg` in such a way that it is no longer considered, 
 unless `read_body_for_logout` is explicitly set to `true`. This adjustment prevents the Session plugin from automatically reading request bodies for logout detection, particularly on POST requests.
 
-* As of this release, the product component known as Kong Enterprise Portal is no longer included in the Kong Gateway Enterprise (previously known as Kong Enterprise) software package. Existing customers who have purchased Kong Enterprise Portal can continue to use it and be supported via a dedicated mechanism. 
+* As of this release, the product component known as Kong Enterprise Portal (Developer Portal) is no longer included in the Kong Gateway Enterprise (previously known as Kong Enterprise) software package. Existing customers who have purchased Kong Enterprise Portal can continue to use it and be supported via a dedicated mechanism. 
 
   If you have purchased Kong Enterprise Portal in the past and would like to continue to use it with this release or a future release of Kong Gateway Enterprise, contact [Kong Support](https://support.konghq.com/support/s/) for more information.
 
@@ -157,7 +164,7 @@ action items when certain conditions are met.
 #### Enterprise
 
 * Fixed a keyring issue where Kong nodes failed to send keyring material when using the cluster strategy.
-* Enforced Content Security Policy (CSP) headers for serving static resources via Dev Portal and Kong Manager.
+* Enforced Content Security Policy (CSP) headers for serving static resources via Kong Manager.
 * Fixed an RBAC issue related to retrieving group roles with a numeric group name type.
 * When using `openid-connect` as the `admin_gui_auth` method for Kong Manager, some `admin_gui_auth_conf` required settings are now hardcoded.
 * Fixed an issue where the data plane hostname was `nil` in Vitals when running Kong Gateway in hybrid mode.
@@ -173,11 +180,6 @@ action items when certain conditions are met.
 * Implemented lazy enabling of FIPS mode upon receiving a valid license, emitting warnings instead of blocking Kong Gateway startup. This approach allows normal use of non-FIPS content without a license, and FIPS mode activates only with a valid license. When no license is present, the service can start with a warning log, and FIPS mode remains disabled until a valid license is added. Additionally, deleting a valid license via the Admin API results in a warning without disabling FIPS mode.
 * Unified the error responses for failed admin authentication via Admin and Portal APIs.
 
-##### Dev Portal
-
-* Sanitized developer names in emails to prevent hyperlink recognition and mitigate the risk of unexpected visits to email receivers (admins).
-* Fixed an issue causing 500 errors during Dev Portal visits by verifying replacement types and converting unsupported types to strings before passing to `string.gsub`.
-
 ##### Kong Manager
 
 * Resolved an issue where the admin page remained pending when no admin was added.

diff --git a/app/konnect/compatibility.md b/app/konnect/compatibility.md
@@ -10,17 +10,21 @@ title: Compatibility
 
 ## {{site.base_gateway}} version compatibility
 
-|                                | {{site.konnect_saas}} | First supported patch version
-|--------------------------------|:---------------------:|-----------------------------
-| {{site.ee_product_name}} 3.3.x | <i class="fa fa-check"></i>    | 3.3.0.0
-| {{site.ee_product_name}} 3.2.x | <i class="fa fa-check"></i>    | 3.2.1.0
-| {{site.ee_product_name}} 3.1.x | <i class="fa fa-check"></i>    | 3.1.0.0
-| {{site.ee_product_name}} 3.0.x | <i class="fa fa-check"></i>    | 3.0.0.0
-| {{site.ee_product_name}} 2.8.x | <i class="fa fa-check"></i>    | 2.8.0.0
-| {{site.ee_product_name}} 2.7.x | <i class="fa fa-check"></i>    | 2.7.0.0
-| {{site.ee_product_name}} 2.6.x | <i class="fa fa-check"></i>    | 2.6.0.0
-| {{site.ee_product_name}} 2.5.x | <i class="fa fa-check"></i>    | 2.5.0.1
-| {{site.ee_product_name}} 2.4.x or earlier | <i class="fa fa-times"></i>    | --
+
+|                                | {{site.konnect_saas}} | Beginning with version | End of support | 
+|--------------------------------|:---------------------:|-------------------------------|----------------|
+| {{site.ee_product_name}} 3.5.x | <i class="fa fa-check"></i>    | 3.5.0.0 | Nov 2024 
+| {{site.ee_product_name}} 3.4.x (LTS)| <i class="fa fa-check"></i>    | 3.4.0.0 | Aug 2026 
+| {{site.ee_product_name}} 3.3.x | <i class="fa fa-check"></i>    | 3.3.0.0 | May 2024
+| {{site.ee_product_name}} 3.2.x | <i class="fa fa-check"></i>    | 3.2.1.0 | Feb 2024
+| {{site.ee_product_name}} 3.1.x | <i class="fa fa-check"></i>    | 3.1.0.0 | Feb 2024
+| {{site.ee_product_name}} 3.0.x | <i class="fa fa-check"></i>    | 3.0.0.0 | Feb 2024
+| {{site.ee_product_name}} 2.8.x (LTS)| <i class="fa fa-check"></i>    | 2.8.0.0 | Mar 2025 
+| {{site.ee_product_name}} 2.7.x | <i class="fa fa-check"></i>    | 2.7.0.0 | Feb 2024
+| {{site.ee_product_name}} 2.6.x | <i class="fa fa-check"></i>    | 2.6.0.0 | Feb 2024
+| {{site.ee_product_name}} 2.5.x | <i class="fa fa-check"></i>    | 2.5.0.1 | Feb 2024
+| {{site.ee_product_name}} 2.4.x or earlier | <i class="fa fa-times"></i>    | -- | -- 
+
 
 
 ## {{site.mesh_product_name}} compatibility

diff --git a/app/konnect/gateway-manager/configuration/vaults/how-to.md b/app/konnect/gateway-manager/configuration/vaults/how-to.md
@@ -24,6 +24,7 @@ Set up a new vault. For this example, we're going to use the environment variabl
     * [AWS vault configuration options](/gateway/latest/kong-enterprise/secrets-management/backends/aws-sm/#vault-configuration-options)
     * [Google Cloud vault configuration options](/gateway/latest/kong-enterprise/secrets-management/backends/gcp-sm/#vault-entity-configuration-options)
     * [HashiCorp vault configuration options](/gateway/latest/kong-enterprise/secrets-management/backends/hashicorp-vault/#vault-configuration-options)
+    * [Azure Key Vault configuration options](/gateway/latest/kong-enterprise/secrets-management/backends/azure-key-vaults/#vault-entity-configuration-options)
 1. Enter an environment variable prefix. This will be the prefix that the vault
 uses to recognize relevant values on the data plane.
 

diff --git a/app/konnect/gateway-manager/configuration/vaults/index.md b/app/konnect/gateway-manager/configuration/vaults/index.md
@@ -57,6 +57,7 @@ Konnect supports the following vault backends:
 * AWS Secrets Manager
 * HashiCorp Vault
 * GCP Secret Manager
+* Azure Key Vault
 * Environment variables
 
 You can manage all of these vaults through the [Gateway Manager](/konnect/gateway-manager/configuration/vaults/how-to/) or with [decK](/deck/latest/guides/vaults/).
@@ -70,4 +71,5 @@ documentation:
 * [AWS Secrets Manager](/gateway/latest/kong-enterprise/secrets-management/backends/aws-sm/)
 * [GCP Secrets Manager](/gateway/latest/kong-enterprise/secrets-management/backends/gcp-sm/)
 * [HashiCorp Vault](/gateway/latest/kong-enterprise/secrets-management/backends/hashicorp-vault/)
+* [Azure Key Vault](/gateway/latest/kong-enterprise/secrets-management/backends/azure-key-vaults/)
 * [Environment variables](/gateway/latest/kong-enterprise/secrets-management/backends/env/)
diff --git a/app/konnect/gateway-manager/data-plane-nodes/renew-certificates.md b/app/konnect/gateway-manager/data-plane-nodes/renew-certificates.md
@@ -75,7 +75,8 @@ You can generate a certificate locally and use the [pin data plane client certif
 1. `POST` the certificate to your control plane using the Konnect API:
 
     ```bash
-    curl https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/dp-client-certificates --json '{"cert":"'$CERT'"}'
+    curl https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/dp-client-certificates --json '{"cert":"'"$CERT"'"}' \
+       --header "Authorization: Bearer ${KONNECT_TOKEN}"
     ```
 {% endnavtab %}
 {% endnavtabs %}

diff --git a/app/konnect/updates.md b/app/konnect/updates.md
@@ -9,6 +9,13 @@ an application that lets you manage configuration for multiple runtimes
 from a single, cloud-based control plane, and provides a catalog of all deployed
 services. [Try it today!](https://cloud.konghq.com/quick-start)
 
+## November 2023
+
+**Gateway Manager** 
+: The {{site.konnect_short_name}} Gateway Manager has been updated to pull the most accurate data and remain consistent across {{site.konnect_short_name}}.
+
+**Gateway 3.5 Support**
+: {{site.konnect_short_name}} now supports the latest Gateway release version of 3.5 including all [Konnect-compatible plugins](/konnect/compatibility/#plugin-compatibility) and now supports Azure key vault for [Secrets Manager](/konnect/gateway-manager/configuration/vaults/).
 
 ## October 2023
 **Portal Management API**