1. Docs
  2. Changes and releases

Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • Observability mimir-app v0.18.0

    Added

    • Add fallback section to the ScaledObjects resources templates.
  • Observability grafana-app v2.25.0

    Changed

    • upgrade grafana chart: 9.2.10 => 9.3.1
    • upgrade grafana : 12.0.2 => 12.1.0
  • Fleet Management vertical-pod-autoscaler-app v6.0.0

    Changed

    • Chart: Update Helm release vertical-pod-autoscaler to v11.0.0. (#362)
  • Developer Portal backstage v0.81.0

    In this release:

    Added

    • Flux overview UI has been added.

    Fixed

  • CAPA releases releases aws-30.1.4

    This release backports a fix for reducing IMDS Response Hop Limit to 2 if pod networking is in ENI mode to increase security. For clusters in ENI mode, all nodes are rolled when upgrading to this release.

    Changes compared to v30.1.3

    Components

    • cluster-aws from v3.2.2 to v3.2.3

    cluster-aws v3.2.2…v3.2.3

    Changed

    • Reduce IMDS Response Hop Limit to 2 if pod networking is in ENI mode to increase security.

    Apps

  • CAPA releases releases aws-29.6.4

    This release backports a fix for reducing IMDS Response Hop Limit to 2 if pod networking is in ENI mode to increase security. For clusters in ENI mode, all nodes are rolled when upgrading to this release.

    Changes compared to v29.6.3

    Components

    • cluster-aws from v2.6.3 to v2.6.4

    cluster-aws v2.6.3…v2.6.4

    Changed

    • Reduce IMDS Response Hop Limit to 2 if pod networking is in ENI mode to increase security.

    Apps

  • Fleet Management zot v2.3.1

    Changed

    • Upgrade to upstream Helm chart v0.1.78 (patch release)
  • CAPVCD releases releases cloud-director-31.1.0

    Changes compared to v31.0.0

    Components

    • cluster-cloud-director from v0.67.0 to v0.68.0
    • Kubernetes from v1.31.9 to v1.31.11

    cluster-cloud-director v0.67.0…v0.68.0

    Changed

    • Chart: Update cluster to v2.5.0.

    Apps

    • capi-node-labeler from v1.1.1 to v1.1.2
    • cert-exporter from v2.9.7 to v2.9.8
    • cilium from v1.2.1 to v1.2.2
    • coredns from v1.25.0 to v1.26.0
    • etcd-defrag from v1.0.5 to v1.0.6
    • etcd-k8s-res-count-exporter from v1.10.5 to v1.10.6
    • k8s-audit-metrics from v0.10.4 to v0.10.5
    • k8s-dns-node-cache from v2.8.1 to v2.9.0
    • node-exporter from v1.20.3 to v1.20.4
    • security-bundle from v1.11.0 to v1.12.0
    • teleport-kube-agent from v0.10.5 to v0.10.6

    capi-node-labeler v1.1.1…v1.1.2

    Changed

    • Go: Update dependencies.

    cert-exporter v2.9.7…v2.9.8

    Changed

    • Go: Update dependencies.

    cilium v1.2.1…v1.2.2

    Changed

    • Upgrade Cilium to v1.17.6.
    • Updated E2E tests to use apptest-framework v1.14.0
    • Increase Cilium operator resource limits.

    Removed

    • Remove deprecated “partial” mode from Kube Proxy Replacement options.

    coredns v1.25.0…v1.26.0

    Changed

    • Update coredns image to 1.12.2.

    etcd-defrag v1.0.5…v1.0.6

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.29.0. (#43)

    etcd-k8s-res-count-exporter v1.10.5…v1.10.6

    Changed

    • Go: Update dependencies.

    k8s-audit-metrics v0.10.4…v0.10.5

    Changed

    • Go: Update dependencies.

    k8s-dns-node-cache v2.8.1…v2.9.0

    Changed

    • Upgrade application to version 1.26.4 (includes coredns 1.11.3)
    • Increase ServiceMonitor’s scrapping interval to 1m.
    • Remove obsolete PSPs

    node-exporter v1.20.3…v1.20.4

    Changed

    • Go: Update to v1.24.5.

    security-bundle v1.11.0…v1.12.0

    Changed

    • Update trivy-operator (app) to v0.11.1.
    • Update trivy (app) to v0.14.0.
    • Update falco (app) to v0.10.1.
    • Update cloudnative-pg (app) to v0.0.10.
    • Update starboard-exporter (app) to v0.8.2.
    • Updated E2E tests to use apptest-framework v1.14.0

    teleport-kube-agent v0.10.5…v0.10.6

    Changed

    • AppVersion upgrade to 17.5.4
  • CAPV releases releases vsphere-31.1.0

    Changes compared to v31.0.0

    Components

    • cluster-vsphere from v1.4.0 to v1.5.0
    • Kubernetes from v1.31.9 to v1.31.11

    cluster-vsphere v1.4.0…v1.5.0

    Changed

    • Chart: update cluster to v2.5.0.
    • Chart: Update kube-vip to v0.9.2.

    Apps

    • capi-node-labeler from v1.1.1 to v1.1.2
    • cert-exporter from v2.9.7 to v2.9.8
    • cilium from v1.2.1 to v1.2.2
    • coredns from v1.25.0 to v1.26.0
    • etcd-defrag from v1.0.5 to v1.0.6
    • etcd-k8s-res-count-exporter from v1.10.5 to v1.10.6
    • k8s-audit-metrics from v0.10.4 to v0.10.5
    • k8s-dns-node-cache from v2.8.1 to v2.9.0
    • node-exporter from v1.20.3 to v1.20.4
    • security-bundle from v1.11.0 to v1.12.0
    • teleport-kube-agent from v0.10.5 to v0.10.6

    capi-node-labeler v1.1.1…v1.1.2

    Changed

    • Go: Update dependencies.

    cert-exporter v2.9.7…v2.9.8

    Changed

    • Go: Update dependencies.

    cilium v1.2.1…v1.2.2

    Changed

    • Upgrade Cilium to v1.17.6.
    • Updated E2E tests to use apptest-framework v1.14.0
    • Increase Cilium operator resource limits.

    Removed

    • Remove deprecated “partial” mode from Kube Proxy Replacement options.

    coredns v1.25.0…v1.26.0

    Changed

    • Update coredns image to 1.12.2.

    etcd-defrag v1.0.5…v1.0.6

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.29.0. (#43)

    etcd-k8s-res-count-exporter v1.10.5…v1.10.6

    Changed

    • Go: Update dependencies.

    k8s-audit-metrics v0.10.4…v0.10.5

    Changed

    • Go: Update dependencies.

    k8s-dns-node-cache v2.8.1…v2.9.0

    Changed

    • Upgrade application to version 1.26.4 (includes coredns 1.11.3)
    • Increase ServiceMonitor’s scrapping interval to 1m.
    • Remove obsolete PSPs

    node-exporter v1.20.3…v1.20.4

    Changed

    • Go: Update to v1.24.5.

    security-bundle v1.11.0…v1.12.0

    Changed

    • Update trivy-operator (app) to v0.11.1.
    • Update trivy (app) to v0.14.0.
    • Update falco (app) to v0.10.1.
    • Update cloudnative-pg (app) to v0.0.10.
    • Update starboard-exporter (app) to v0.8.2.
    • Updated E2E tests to use apptest-framework v1.14.0

    teleport-kube-agent v0.10.5…v0.10.6

    Changed

    • AppVersion upgrade to 17.5.4
  • CAPA releases releases aws-31.1.0

    This release updates Kubernetes to the latest patch release v1.31.11.

    During control plane upgrades, short-term warnings are now prevented by setting a fixed instead of dynamic AMI lookup string. This leads to nodes being rolled once when upgrading to this release.

    We added an option to set the IMDSv2 request hop limit for EC2 instances ‒ this is usually not needed, except if security requirements such as AWS SCPs (service control policies) dictate a maximum.

    Karpenter support keeps getting better: node-termination-handler is not installed anymore if only Karpenter node pools are used, as the same function is built into Karpenter (pod draining and EC2 instance termination handling). Nodes in such pools now also use the reduced IAM permission set (can be toggled in exceptional cases).

    Changes compared to v31.0.0

    Components

    • cluster-aws from v3.4.0 to v3.6.0
    • Kubernetes from v1.31.9 to v1.31.11

    cluster-aws v3.4.0…v3.6.0

    Added

    • Add giantswarm.io/role: nodes by default to private subnets used for nodes. Can be overwritten.
    • Make IMDSv2 hop limit configurable

    Changed

    • Chart: Update cluster to v2.5.0.
    • Only deploy node-termination-handler when there are non-karpenter node pools because karpenter takes care of node draining
    • Change imageLookupFormat to use a static string rather than CAPI replacing the OS and Kubernetes versions. This rolls control plane nodes.

    Fixed

    • Use reduced IAM permissions on karpenter worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.

    Apps

    • aws-nth-bundle from v1.2.1 to v1.2.2
    • capi-node-labeler from v1.1.1 to v1.1.2
    • cert-exporter from v2.9.7 to v2.9.8
    • cilium from v1.2.1 to v1.2.2
    • cluster-autoscaler from v1.31.2-gs2 to v1.31.3-gs1
    • coredns from v1.25.0 to v1.26.0
    • etcd-defrag from v1.0.5 to v1.0.6
    • etcd-k8s-res-count-exporter from v1.10.5 to v1.10.6
    • k8s-audit-metrics from v0.10.4 to v0.10.5
    • k8s-dns-node-cache from v2.8.1 to v2.9.0
    • karpenter-bundle from v2.0.0 to v2.1.0
    • karpenter-nodepools from v0.1.0 to v0.2.0
    • node-exporter from v1.20.3 to v1.20.4
    • security-bundle from v1.11.0 to v1.12.0
    • teleport-kube-agent from v0.10.5 to v0.10.6

    aws-nth-bundle v1.2.1…v1.2.2

    Changed

    • Upgrade Node Termination Handler to 1.21.0.

    capi-node-labeler v1.1.1…v1.1.2

    Changed

    • Go: Update dependencies.

    cert-exporter v2.9.7…v2.9.8

    Changed

    • Go: Update dependencies.

    cilium v1.2.1…v1.2.2

    Changed

    • Upgrade Cilium to v1.17.6.
    • Updated E2E tests to use apptest-framework v1.14.0
    • Increase Cilium operator resource limits.

    Removed

    • Remove deprecated “partial” mode from Kube Proxy Replacement options.

    cluster-autoscaler v1.31.2-gs2…v1.31.3-gs1

    Changed

    • Chart: Update to upstream v1.31.3.

    coredns v1.25.0…v1.26.0

    Changed

    • Update coredns image to 1.12.2.

    etcd-defrag v1.0.5…v1.0.6

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.29.0. (#43)

    etcd-k8s-res-count-exporter v1.10.5…v1.10.6

    Changed

    • Go: Update dependencies.

    k8s-audit-metrics v0.10.4…v0.10.5

    Changed

    • Go: Update dependencies.

    k8s-dns-node-cache v2.8.1…v2.9.0

    Changed

    • Upgrade application to version 1.26.4 (includes coredns 1.11.3)
    • Increase ServiceMonitor’s scrapping interval to 1m.
    • Remove obsolete PSPs

    karpenter-bundle v2.0.0…v2.1.0

    Removed

    • Remove capa-karpenter-taint-remover because nodes are now in the MachinePool CR, so the taint will be removed by CAPI.

    karpenter-nodepools v0.1.0…v0.2.0

    Changed

    • Improve json schema.
    • Change subnet selector to avoid CNI subnets.

    node-exporter v1.20.3…v1.20.4

    Changed

    • Go: Update to v1.24.5.

    security-bundle v1.11.0…v1.12.0

    Changed

    • Update trivy-operator (app) to v0.11.1.
    • Update trivy (app) to v0.14.0.
    • Update falco (app) to v0.10.1.
    • Update cloudnative-pg (app) to v0.0.10.
    • Update starboard-exporter (app) to v0.8.2.
    • Updated E2E tests to use apptest-framework v1.14.0

    teleport-kube-agent v0.10.5…v0.10.6

    Changed

    • AppVersion upgrade to 17.5.4