docs/release_notes/v1.4.3.md
Important: If upgrading to this version using Helm instead of the Dapr CLI, you will need to update the Subscription CRD prior to performing the Helm upgrade.
kubectl replace -f https://raw.githubusercontent.com/dapr/dapr/v1.4.3/charts/dapr/crds/subscription.yaml
The Pub/Sub routing feature implemented in 1.4 introduced schema changes and therefore required a new version (v2alpha1) in the Subscriptions CRD. This was the first time a multi-version CRD was implemented in Dapr. When adding additional versions to a CRD, one version (typically the latest) must be marked as the storage version. In many cases, versions are added without schema changes to graduate features from alpha to beta or stable. However, the schema changes for Pub/Sub routing also required additional steps we were not fully aware of.
The assumed behavior of the Kubernetes API was that each version would return confirming to its own schema. Instead, Kubernetes converts the payload to match the schema of the storage version. For subscriptions, this created an issue. v1alpha1 subscriptions were being returned as v2alpha1 with the route property being stripped out.
The Pub/Sub routing feature included conversion logic that intended to handle this, but it was not exposed through a required conversion webhook. Without the webhook configured in the CRD, Kubernetes was unaware that a translation was required. This resulted in Dapr using an empty string as the route instead of the user's configured value.
There are e2e tests that cover declarative/CRD subscriptions; however, the issue was not caught because the CRD topics were also subscribed to programmatically by the test apps. Even though Pub/Sub routing is a preview feature, the behavior of the Kubernetes API could not be protected by the feature flag. This ultimately allowed the regression to surface to users of 1.4. Users could work around this issue by temporarily adjusting their subscription CRDs to conform to the v2valpha1 structure.
This hotfix addresses the declarative subscription tests and configures the subscription CRD to use a conversion webhook to properly convert v1alpha1 subscriptions to v2alpha1. The Helm chart was extended to create a CA and TLS certificate for future webhooks. Webhooks are served by the dapr operator. On startup, the operator patches the subscription CRD to set the namespace and caBundle fields of the webhook client configuration.