0.3.0

Platform Mesh 0.3.0

This release of Platform Mesh includes updates to multiple components.

Summary

This release includes 17 component update(s).

Contributors

Thank you to all the contributors who made this release possible:

                            

14 contributor(s)

Key Changes

• account-operator: 🔥 (breaking) Removed FGA subroutine. (#141 by @simontesar)
• account-operator: 🔥 (breaking) Configuration via Viper config files and environment variables has been removed. All configuration is now done via CLI flags (Kubernetes component-base style). (#157 by @makdeniss)
• account-operator: 🔥 (breaking) Upgraded lifecycle management from golang-commons to subroutines library (#177 by @simontesar)
• kubernetes-graphql-gateway: 🔥 (breaking) The cluster endpoint URL has changed to /api/clusters/{clusterName}/graphql (suffix configurable via --endpoint-suffix). (#132 by @aaronschweig)
• kubernetes-graphql-gateway: 🔥 (breaking) Listener and gateway can now communicate over gRPC (--schema-handler=grpc), enabling independent scaling and deployment of each component. (#132 by @aaronschweig)
• kubernetes-graphql-gateway: 🔥 (breaking) Configuration via Viper config files and environment variables has been removed. All configuration is now done via CLI flags (Kubernetes component-base style). (#132 by @aaronschweig)
• kubernetes-graphql-gateway: 🔥 (breaking) CRD ClusterAccess (v1alpha1): spec.auth.secretRef renamed to spec.auth.tokenSecretRef, spec.ca.configMapRef removed, spec.auth.kubeconfigSecretRef simplified to SecretKeyRef, spec.auth.clientCertificateRef changed to corev1.SecretReference. (#132 by @aaronschweig)
• kubernetes-graphql-gateway: 🔥 (breaking) CRD ClusterAccess (v1alpha1): spec.host is now optional when kubeconfigSecretRef auth is used, status.observedPath field removed, new fields spec.introspectionPath and spec.requestPathTemplate added. (#132 by @aaronschweig)
• kubernetes-graphql-gateway: 🔥 (breaking) New --multicluster-runtime-provider flag with values single, kcp, or multi (default: single). The --enable-kcp flag has been removed in favor of --multicluster-runtime-provider=kcp. (#132 by @aaronschweig)
• security-operator: 🎉 (feature) Added FGA subroutine as a part of a new account workspaces initializer (#330 by @simontesar)
• security-operator: 🔥 (breaking) Configuration via Viper config files and environment variables has been removed. All configuration is now done via CLI flags (Kubernetes component-base style). (#378 by @makdeniss)
• security-operator: 🎉 (feature) Introduced APIExportPolicy resource and controller for ApiExport binding control (#401 by @OlegErshov)
• security-operator: 🔥 (breaking) Used OpenFGA and local cache for getting store ID, removed store ID data from accountInfo resource (#403 by @simontesar)
• security-operator: 🔥 (breaking) Moved IdentityProviderConfiguration (IDP) from core.platform-mesh.io to system.platform-mesh.io ApiExport. IDP now is created in :root:orgs workspace instead of organiztion workspace e.g :root:orgs:orgA (#409 by @OlegErshov)
• security-operator: 🔥 (breaking) Upgraded lifecycle management from golang-commons to subroutines library (#415 by @simontesar)

Component Changes

Platform Mesh Components

account-operator: 0.14.7 → 0.15.90

Resource	Version	Links

OCM Component Descriptor:

ocm get cv github.com/platform-mesh/account-operator:0.15.90 --repo ghcr.io/platform-mesh -o yaml

All Pull Requests (23)

• #118: Feat/custom account types by @simontesar
• #139: feat: upgrade KCP to v0.30.0 and controller-tools to v0.20.0 by @nexus49
• #140: fix: add label assignement in create or patch operation by @OlegErshov
• #141: Feat/migrate fga to seco by @simontesar
• #148: chore: standardize repository files by @nexus49
• #157: feat: migrate to new golang-commons config API (#146) by @makdeniss
• #159: Feat/migrate goland commons config by @makdeniss
• #160: docs: add BMWK-EU funding notice to README by @nexus49
• #165: fix(deps): remove k8s.io replace directives by @nexus49
• #175: chore: add go-approvers team to CODEOWNERS by @nexus49
• #177: Feat/migrate to subroutines by @simontesar
• #178: chore: standardize CODEOWNERS file by @aaronschweig
• #179: Fix CI failure — go-test-coverage requires Go 1.26 by @makdeniss
• #193: chore(ci): use @main for shared .github workflow references by @nexus49
• #195: ci: inline pipeline workflow (ADR 004) by @nexus49
• #203: add AGENTS.md by @makdeniss
• [#2...

0.2.0

Platform Mesh 0.2.0

This release of Platform Mesh includes updates to multiple components.

Summary

This release includes 17 component update(s), including breaking changes 🔥.

Contributors

Thank you to all the contributors who made this release possible:

                      

11 contributor(s)

Key Changes

• kubernetes-graphql-gateway: 🔥 (breaking) Feature: Improved Subscription handling to align with Kubernetes WATCH API by adding an Event Envelope. (#105 by @makdeniss)
• kubernetes-graphql-gateway: 🔥 (breaking) Feature: Plural queries return an object with resourceVersion, continue, remainingItemCount, and items, replacing the previous bare array of items. (#112 by @makdeniss)
• kubernetes-graphql-gateway: 🔥 (breaking) Feature: Queries/Mutations grouped by API group and version (e.g., core { v1 { ... } }, non-core groups use underscores). Legacy flat query/mutation names removed. Subscriptions renamed to flat versioned fields (e.g., core_v1_configmaps, core_v1_configmap). Old unversioned names removed; (#113 by @makdeniss)
• kubernetes-graphql-gateway: 🔥 (breaking) Queries/Mutations: Path changed from core { v1 { ... } } to v1 { ... }. Update client queries accordingly. Subscriptions: Renamed from core_v1_<resource> to v1_<resource> (e.g., core_v1_configmaps → v1_configmaps) (#114 by @makdeniss)
• kubernetes-graphql-gateway: 🔥 (breaking) Feature: Grouped mutation fields into hierarchical objects by Group and Version. (#122 by @makdeniss)
• platform-mesh-operator: 🎉 Feature: Added account in accounts content configuration to enable the Feature to created Child Accounts of Accounts to build up a Account Tree. (#226 by @Sobyt483)
• platform-mesh-operator: 🔥 (breaking) Update defineEntity Id core_namespace -> namespace and remove core group from resourceDefinition and graphqlEntity because there's no longer any core group. Existing UI definitions would need to update their entity if core_namespace was used. (#303 by @Sobyt483)
• security-operator: 🎉 Feature: Removed Cross-plane dependency for managing new keycloak realms by adding support for a IdentityProviderConfiguration resource (#200 by @OlegErshov)
• security-operator: 🎉 Feature: Support for setting a default user password - enabling user onboarding in local-setup without emails. (#282 by @makdeniss)

Component Changes

Platform Mesh Components

keycloak: 25.2.3 → 26.5.2 🔥

Resource	Version	Links
📦 Helm Chart	25.3.0	Package • Source
🐳 Container Image	26.5.2-debian-12-r0	Package
🐳 postgresql Image	17.6.0-debian-12-r4	Release

OCM Component Descriptor:

ocm get cv github.com/platform-mesh/keycloak:26.5.2 --repo ghcr.io/platform-mesh -o yaml

account-operator: 0.10.13 → 0.14.7

Resource	Version	Links
📦 Helm Chart	0.14.7	Package • Source
🐳 Container Image	v0.9.3	Package • Release

OCM Component Descriptor:

ocm get cv github.com/platform-mesh/account-operator:0.14.7 --repo ghcr.io/platform-mesh -o yaml

All Pull Requests (9)

• #100: feat: removed auth configuration reference by @OlegErshov
• #115: feat: use TARGETARCH to support cross-platform multi-arch builds by @simontesar
• #121: Feat/mcr mcp update by @simontesar
• #122: feat: improve retry behavior with static-then-exponential rate limiter by @nexus49
• #126: feat: introduced oidc section in account info resouce spec by @OlegErshov
• #128: fix: preserve AuthenticationConfigurations when updating WorkspaceType by @nexus49
• #129: Fix/flaky integration test by @simontesar
• #130: fix: oidc info retrieval from parent account info by @OlegErshov
• #131: Fix/account deletion by @simontesar

Note: 30 renovate bot PR(s) omitted for brevity.

example-httpbin-operator: 0.5.1 → 0.5.9

Resource	Version	Links
📦 Helm Chart	0.5.9	Package • Source
🐳 Container Image	v0.5.1	Package • Release

OCM Component Descriptor:

ocm get cv github.com/platform-mesh/example-httpbin-operator:0.5.9 --repo ghcr.io/platform-mesh -o yaml

extension-manager-operator: 0.31.137 → 0.34.44

Resource	Version	Links
📦 Helm Chart	0.34.44	Package • Source
🐳 Container Image	v0.4.159	Package • Release

OCM Component Descriptor:

ocm get cv github.com/platform-mesh/extension-manager-operator:0.34.44 --repo ghcr.io/platform-mesh -o yaml

All Pull Requests (2)

• #299: feat(validation): add additionalContextKeys to DefineEntity and update schema by @akafazov
• #313: feat: add version to GraphqlEntity and update schema ...

0.1.1

Platform Mesh 0.1.1

This is a patch release of Platform Mesh

Summary

This release addresses an issue in the local setup of Platform Mesh. The Platform Mesh Components remain unchanged.

Key Changes

• helm-charts / local-setup: fix: update flux-sync.yaml to use specific commit reference instead of branch platform-mesh/helm-charts#801

Platform Mesh OCM Component Descriptor (click to expand)

component:
  componentReferences:
  - componentName: github.com/platform-mesh/account-operator
    name: account-operator
    version: 0.10.13
  - componentName: github.com/crossplane/crossplane
    name: crossplane
    version: 1.20.1
  - componentName: github.com/gardener/etcd-druid
    name: etcd-druid
    version: v0.31.0
  - componentName: github.com/platform-mesh/extension-manager-operator
    name: extension-manager-operator
    version: 0.31.137
  - componentName: github.com/platform-mesh/example-httpbin-operator
    name: example-httpbin-operator
    version: 0.5.1
  - componentName: github.com/platform-mesh/infra
    name: infra
    version: 0.16.0
  - componentName: github.com/platform-mesh/keycloak
    name: keycloak
    version: 25.2.3
  - componentName: github.com/kcp-dev/kcp-operator
    name: kcp-operator
    version: 0.3.0
  - componentName: github.com/platform-mesh/kubernetes-graphql-gateway
    name: kubernetes-graphql-gateway
    version: 0.27.2
  - componentName: github.com/platform-mesh/rebac-authz-webhook
    name: rebac-authz-webhook
    version: 0.11.15
  - componentName: github.com/platform-mesh/security-operator
    name: security-operator
    version: 0.19.16
  - componentName: github.com/openfga/openfga
    name: openfga
    version: 0.2.38
  - componentName: github.com/platform-mesh/platform-mesh-operator
    name: platform-mesh-operator
    version: 0.9.3
  - componentName: github.com/platform-mesh/portal
    name: portal
    version: 0.7.9
  - componentName: github.com/platform-mesh/virtual-workspaces
    name: virtual-workspaces
    version: 0.2.10
  - componentName: github.com/platform-mesh/platform-mesh-operator-components
    name: platform-mesh-operator-components
    version: 0.32.1
  - componentName: github.com/platform-mesh/platform-mesh-operator-infra-components
    name: platform-mesh-operator-infra-components
    version: 0.2.0
  - componentName: github.com/platform-mesh/iam-service
    name: iam-service
    version: 0.11.15
  - componentName: github.com/platform-mesh/iam-ui
    name: iam-ui
    version: 0.2.2
  - componentName: github.com/platform-mesh/organization-idp
    name: organization-idp
    version: 0.4.6
  - componentName: github.com/platform-mesh/marketplace-ui
    name: marketplace-ui
    version: 0.3.2
  - componentName: github.com/kubernetes-sigs/gateway-api
    name: gateway-api
    version: v1.4.0
  - componentName: github.com/traefik/traefik
    name: traefik
    version: 37.3.0
  - componentName: github.com/cert-manager/cert-manager
    name: cert-manager
    version: v1.19.1
  creationTime: "2026-01-06T09:05:59Z"
  name: github.com/platform-mesh/platform-mesh
  provider: The Platform Mesh Team
  repositoryContexts:
  - baseUrl: ghcr.io
    componentNameMapping: urlPath
    subPath: platform-mesh
    type: OCIRegistry
  resources: []
  sources: []
  version: 0.1.1
meta:
  schemaVersion: v2

Installation

For installation instructions, see the Getting Started Guide.

To fetch the component using OCM CLI:

ocm get component github.com/platform-mesh/platform-mesh:0.1.1 --repo ghcr.io/platform-mesh

0.1.0

Platform Mesh 0.1.0

This release of the Platform Mesh OCM component includes updates to multiple components.

Summary

This release includes 17 component update(s).

Component Changes

Platform Mesh Components

account-operator: → 0.10.13

Resource	Version	Links
📦 Helm Chart	0.10.13	Package • Source
🐳 Container Image	v0.5.32	Package • Release

OCM Component Descriptor (click to expand)

---
component:
  componentReferences: []
  creationTime: "2025-12-02T14:16:39Z"
  name: github.com/platform-mesh/account-operator
  provider: The Open Micro Frontend Platform Team
  repositoryContexts:
  - baseUrl: ghcr.io
    componentNameMapping: urlPath
    subPath: platform-mesh
    type: OCIRegistry
  resources:
  - access:
      imageReference: ghcr.io/platform-mesh/helm-charts/account-operator:0.10.13
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: 397ab11624af4e28a9edba9ef0e5ee52770d5fb2d35e7a4f23cec0cffce747db
    name: chart
    relation: external
    type: helmChart
    version: 0.10.13
  - access:
      imageReference: ghcr.io/platform-mesh/account-operator:v0.5.32
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: 6a3f166f52328b70b54f680e1cd6c32ab79e0ab8423174304a9f1f15359c3402
    name: image
    relation: external
    type: ociImage
    version: v0.5.32
  sources:
  - access:
      commit: 9a9192e51f41da220adb5182b5d04bf904d1cb58
      repoUrl: ghcr.io/platform-mesh/account-operator
      type: gitHub
    name: source
    type: git
    version: v0.5.32
  - access:
      commit: 7f4dd94e8809a4616070ea224509fff1f38fad5d
      repoUrl: https://github.com/platform-mesh/helm-charts
      type: gitHub
    name: chart
    type: git
    version: 0.10.13
  version: 0.10.13
meta:
  schemaVersion: v2

example-httpbin-operator: → 0.5.1

Resource	Version	Links
📦 Helm Chart	0.5.1	Package • Source
🐳 Container Image	v0.4.0	Package • Release

OCM Component Descriptor (click to expand)

---
component:
  componentReferences:
  - componentName: github.com/kcp-dev/api-syncagent
    name: api-syncagent
    version: 0.4.4
  - componentName: github.com/kubernetes/ingress-nginx
    name: ingress-nginx
    version: 4.11.3
  creationTime: "2025-12-01T17:36:33Z"
  name: github.com/platform-mesh/example-httpbin-operator
  provider: The Open Micro Frontend Platform Team
  repositoryContexts:
  - baseUrl: ghcr.io
    componentNameMapping: urlPath
    subPath: platform-mesh
    type: OCIRegistry
  resources:
  - access:
      imageReference: ghcr.io/platform-mesh/helm-charts/example-httpbin-operator:0.5.1
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: e2aebb406619ebd79dc687ede9b424dbcbd7ce8a79b1601467631c552657bb58
    name: chart
    relation: external
    type: helmChart
    version: 0.5.1
  - access:
      imageReference: ghcr.io/platform-mesh/example-httpbin-operator:v0.4.0
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: 1b15388347e760432aeaae9ac56b61d0527f4ad96d6340e781085392c7f45bea
    name: image
    relation: external
    type: ociImage
    version: v0.4.0
  sources:
  - access:
      commit: c95b19fbe750bf1d86754d6ec6efa5d55cfd08a9
      repoUrl: ghcr.io/platform-mesh/example-httpbin-operator
      type: gitHub
    name: source
    type: git
    version: v0.4.0
  - access:
      commit: 567fdfa32478d2d6e679dc8fbb277277a15b779d
      repoUrl: https://github.com/platform-mesh/helm-charts
      type: gitHub
    name: chart
    type: git
    version: 0.5.1
  version: 0.5.1
meta:
  schemaVersion: v2

extension-manager-operator: → 0.31.137

Resource	Version	Links
📦 Helm Chart	0.31.137	Package • Source
🐳 Container Image	v0.2.151	Package • Release

OCM Component Descriptor (click to expand)

---
component:
  componentReferences: []
  creationTime: "2025-11-26T09:58:02Z"
  name: github.com/platform-mesh/extension-manager-operator
  provider: The Open Micro Frontend Platform Team
  repositoryContexts:
  - baseUrl: ghcr.io
    componentNameMapping: urlPath
    subPath: platform-mesh
    type: OCIRegistry
  resources:
  - access:
      imageReference: ghcr.io/platform-mesh/helm-charts/extension-manager-operator:0.31.137
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: f696cba6f3c913f55e447ea6e228141c2247f5b0d82bdace2fde7dd7ed0f81ec
    name: chart
    relation: external
    type: helmChart
    version: 0.31.137
  - access:
      imageReference: ghcr.io/platform-mesh/extension-manager-operator:v0.2.151
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: 87c19cb29e2e7fe51ef37215ba977ef1c9e6d19fde5529c0380629cffc5f48db
    name: image
    relation: external
    type: ociImage
    version: v0.2.151
  sources:
  - access:
      commit: c7557a1fbaf9e435d308eef4f32500633e0bf838
      repoUrl: ghcr.io/platform-mesh/extension-manager-operator
      type: gitHub
    name: source
    type: git
    version: v0.2.151
  - access:
      commit: 76191ec7b013d1d34960293c632d04c8d1f940c1
      repoUrl: https://github.com/platform-mesh/helm-charts
      type: gitHub
    name: chart
    type: git
    version: 0.31.137
  version: 0.31.137
meta:
  schemaVersion: v2

iam-service: → 0.11.15

Resource	Version	Links
📦 Helm Chart	0.11.15	Package
🐳 Container Image	v0.11.5	Package

OCM Component Descriptor (click to expand)

---
component:
  componentReferences: []
  creationTime: "2025-12-02T18:34:57Z"
  name: github.com/platform-mesh/iam-service
  provider: The Open Micro Frontend Platform Team
  repositoryContexts:
  - baseUrl: ghcr.io
    componentNameMapping: urlPath
    subPath: platform-mesh
    type: OCIRegistry
  resources:
  - access:
      imageReference: ghcr.io/platform-mesh/helm-charts-priv/iam-service:0.11.15
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: 7798b7bd2aa21c88c17726fd89d959c9283761a8193eb9978545278ada362cc8
    name: chart
    relation: external
    type: helmChart
    version: 0.11.15
  - access:
      imageReference: ghcr.io/platform-mesh/iam-service:v0.11.5
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: 91d8af5876c9b2793777abffcaa9efdf464646d40c8681c6a5291a5d21443fe0
    name: image
    relation: external
    type: ociImage
    version: v0.11.5
  sources:
  - access:
      commit: a1b30279a06e8e057862258921325e93e5101430
      repoUrl: ghcr.io/platform-mesh/iam-service
      type: gitHub
    name: source
    type: git
    version: v0.11.5
  - access:
      commit: 05fb2322ecedcc854542b024d9ee8f1f39ed98db
      repoUrl: https://github.com/platform-mesh/helm-charts-priv
      type: gitHub
    name: chart
    type: git
    version: 0.11.15
  version: 0.11.15
meta:
  schemaVersion: v2

iam-ui: → 0.2.2

Resource	Version	Links
📦 Helm Chart	0.2.2	Package
🐳 Container Image	v0.8.1	Package

OCM Component Descriptor (click to expand)

---
component:
  componentReferences: []
  creationTime: "2025-11-25T10:42:43Z"
  name: github.com/platform-mesh/iam-ui
  provider: The Open Micro Frontend Platform Team
  repositoryContexts:
  - baseUrl: ghcr.io
    componentNameMapping: urlPath
    subPath: platform-mesh
    type: OCIRegistry
  resources:
  - access:
      imageReference: ghcr.io/platform-mesh/helm-charts-priv/iam-ui:0.2.2
      type: ociArtifact
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: ociArtifactDigest/v1
      value: f2a6a315662ab85b9ad752e0bb7aba08477d20f1faa9c70111...