Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

• Dec 16, 2024 Web UI backstage v0.45.3

  In this release:

  • GS OIDC auth provider sign-in resolver was changed to correctly handle Azure AD identity provider;
  • user reference used in telemetry signals now contains unique hash for guest users. See ./docs/releases/v0.45.3-changelog.md for more information.
• Dec 12, 2024 Highlights

  Highlights for the week ending 2024-12-12

  Observability

  • Grafana App v2.18.0

    • Improved security by blocking default access to certain endpoints (/swagger, /metrics, and /api/health).
    • Upgraded Grafana for a better user experience and new features (now at version 8.6.0).

  • Prometheus Rules v4.30.0

    • New alert added to help identify issues with KubeadmConfig configurations.
    • Reduced unnecessary alerts during tests by ignoring certain HelmReleases.
    • Added new alerts to quickly detect and resolve karpenter issues.
    • Expanded alert timing for PromtailRequestsErrors to reduce false positives (now 25 minutes).

  • Observability Operator v0.10.0

    • Integrated Mimir, Alertmanager for enhanced alerting.
    • Enhanced multi-tenant support within Grafana organizations.
    • Fixed an issue that prevented Grafana from starting by ensuring config persistence.

  Fleet Management

  • Kube Downscaler App v0.4.0
    • Introduced a new Cilium network policy template for improved network management.

  Security

  • Kyverno Policies v0.21.1

    • Enhanced visibility with the addition of the application.giantswarm.io/team label.

  • Event Exporter App v2.0.0

    • Transitioned to a new, supported image source for better stability and support.
• Dec 12, 2024 Workload cluster releases for CAPA releases aws-25.1.3

  This release introduces aws-node-termination-handler for graceful draining of nodes during an upgrade or other type of replacement of worker nodes.

  Details can be found in the node pools documentation.

  Changes compared to v25.1.2

  Components

  • cluster-aws from v1.1.3 to v1.1.5

  cluster-aws v1.1.3…v1.1.5

  Added

  • Make ASG lifecycle hook heartbeat timeout configurable
  • Add aws-node-termination-handler bundle

  Apps

  • aws-nth-bundle v1.2.0
  • cert-exporter from v2.9.0 to v2.9.3

  aws-nth-bundle v1.2.0

  Added

  • Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them

  cert-exporter v2.9.0…v2.9.3

  Added

  • Chart: Add VPA and resources configuration for deployment and daemonset. (#382)

  Changed

  • Chart: Enable global.podSecurityStandards.enforced. (#420)
  • Chart: Update PolicyExceptions to v2beta1. (#358)
• Dec 12, 2024 Workload cluster releases for CAPA releases aws-25.4.0

  This release introduces aws-node-termination-handler for graceful draining of nodes during an upgrade or other type of replacement of worker nodes.

  Details can be found in the node pools documentation.

  Changes compared to v25.3.0

  Components

  • cluster-aws from v1.3.4 to v1.3.5

  cluster-aws v1.3.4…v1.3.5

  Added

  • Values: Add global.providerSpecific.controlPlaneAmi & global.providerSpecific.nodePoolAmi.
  • Add aws-node-termination-handler bundle
  • Make ASG lifecycle hook heartbeat timeout configurable

  Apps

  • aws-nth-bundle v1.2.0
  • cert-exporter from v2.9.0 to v2.9.3

  aws-nth-bundle v1.2.0

  Added

  • Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them

  cert-exporter v2.9.0…v2.9.3

  Added

  • Chart: Add VPA and resources configuration for deployment and daemonset. (#382)

  Changed

  • Chart: Enable global.podSecurityStandards.enforced. (#420)
  • Chart: Update PolicyExceptions to v2beta1. (#358)
• Dec 12, 2024 Workload cluster releases for CAPA releases aws-26.3.0

  This release introduces aws-node-termination-handler for graceful draining of nodes during an upgrade or other type of replacement of worker nodes.

  Details can be found in the node pools documentation.

  Changes compared to v26.2.0

  Components

  • cluster-aws from v1.3.4 to v1.3.5

  cluster-aws v1.3.4…v1.3.5

  Added

  • Values: Add global.providerSpecific.controlPlaneAmi & global.providerSpecific.nodePoolAmi.
  • Add aws-node-termination-handler bundle
  • Make ASG lifecycle hook heartbeat timeout configurable

  Apps

  • aws-nth-bundle v1.2.0
  • cert-exporter from v2.9.0 to v2.9.3

  aws-nth-bundle v1.2.0

  Added

  • Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them

  cert-exporter v2.9.0…v2.9.3

  Added

  • Chart: Add VPA and resources configuration for deployment and daemonset. (#382)

  Changed

  • Chart: Enable global.podSecurityStandards.enforced. (#420)
  • Chart: Update PolicyExceptions to v2beta1. (#358)
• Dec 12, 2024 Workload cluster releases for CAPA releases aws-27.4.0

  This release introduces aws-node-termination-handler for graceful draining of nodes during an upgrade or other type of replacement of worker nodes.

  Details can be found in the node pools documentation.

  Changes compared to v27.3.0

  Components

  • cluster-aws from v1.3.4 to v1.3.5

  cluster-aws v1.3.4…v1.3.5

  Added

  • Values: Add global.providerSpecific.controlPlaneAmi & global.providerSpecific.nodePoolAmi.
  • Add aws-node-termination-handler bundle
  • Make ASG lifecycle hook heartbeat timeout configurable

  Apps

  • aws-nth-bundle v1.2.0
  • cert-exporter from v2.9.0 to v2.9.3

  aws-nth-bundle v1.2.0

  Added

  • Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them

  cert-exporter v2.9.0…v2.9.3

  Added

  • Chart: Add VPA and resources configuration for deployment and daemonset. (#382)

  Changed

  • Chart: Enable global.podSecurityStandards.enforced. (#420)
  • Chart: Update PolicyExceptions to v2beta1. (#358)
• Dec 12, 2024 Workload cluster releases for CAPA releases aws-28.4.0

  This release introduces aws-node-termination-handler for graceful draining of nodes during an upgrade or other type of replacement of worker nodes.

  Details can be found in the node pools documentation.

  Changes compared to v28.3.0

  Components

  • cluster-aws from v1.3.4 to v1.3.5

  cluster-aws v1.3.4…v1.3.5

  Added

  • Values: Add global.providerSpecific.controlPlaneAmi & global.providerSpecific.nodePoolAmi.
  • Add aws-node-termination-handler bundle
  • Make ASG lifecycle hook heartbeat timeout configurable

  Apps

  • aws-nth-bundle v1.2.0
  • cert-exporter from v2.9.0 to v2.9.3

  aws-nth-bundle v1.2.0

  Added

  • Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them

  cert-exporter v2.9.0…v2.9.3

  Added

  • Chart: Add VPA and resources configuration for deployment and daemonset. (#382)

  Changed

  • Chart: Enable global.podSecurityStandards.enforced. (#420)
  • Chart: Update PolicyExceptions to v2beta1. (#358)
• Dec 12, 2024 Workload cluster releases for CAPA releases aws-29.5.0

  Changes compared to v29.4.0

  Components

  • cluster-aws from v2.4.0 to v2.5.0
  • Kubernetes from v1.29.10 to v1.29.12

  cluster-aws v2.4.0…v2.5.0

  Added

  • Add aws-node-termination-handler bundle
  • Values: Add global.providerSpecific.controlPlaneAmi & global.providerSpecific.nodePoolAmi.
  • Make ASG lifecycle hook heartbeat timeout configurable

  Changed

  • Chart: Update cluster to v1.7.0.
    • Add teleport-init systemd unit to handle initial token setup before teleport service starts
    • Improve teleport service reliability by adding proper file and service dependencies and pre-start checks

  Apps

  • aws-nth-bundle v1.2.0
  • cert-manager from v3.8.1 to v3.8.2
  • coredns from v1.22.0 to v1.23.0
  • observability-bundle from v1.8.0 to v1.9.0

  aws-nth-bundle v1.2.0

  Added

  • Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them

  cert-manager v3.8.1…v3.8.2

  Changed

  • Changed ownership to team Shield

  Removed

  • Get rid of label giantswarm.io/monitoring_basic_sli as this slo generation label is not used anymore.

  coredns v1.22.0…v1.23.0

  Changed

  • Update coredns image to 1.11.4.
  • Explicitly expose liveness and readiness probe ports in deployments.

  Removed

  • Remove PodSecurityPolicy and associated Resources and values.

  observability-bundle v1.8.0…v1.9.0

  Added

  • Add alloy v0.7.0 as alloyEvents.

  Changed

  • Upgrade alloy-logs and alloy-metrics to chart 0.7.0.
    • Bumps alloy from 1.4.2 to 1.5.0
  • upgrade kube-prometheus-stack from 65.1.1 to 66.2.1
    • prometheus-operator CRDs from 0.75.0 to 0.78.1
    • prometheus-operator from 0.77.1 to 0.78.1
    • prometheus from 2.54.1 to 2.55.1
    • kube-state-metrics from 2.13.0 to 2.14.0
    • grafana from 8.5.0 to 8.6.0
• Dec 12, 2024 Workload cluster releases for Azure releases azure-29.4.0

  Changes compared to v29.3.0

  Components

  • cluster-azure from v1.4.0 to v1.5.0
  • Kubernetes from v1.29.10 to v1.29.12

  cluster-azure v1.4.0…v1.5.0

  Changed

  • Chart: Update cluster to v1.7.0.
    • Add teleport-init systemd unit to handle initial token setup before teleport service starts
    • Improve teleport service reliability by adding proper file and service dependencies and pre-start checks

  Apps

  • cert-manager from v3.8.1 to v3.8.2
  • coredns from v1.22.0 to v1.23.0
  • observability-bundle from v1.8.0 to v1.9.0

  cert-manager v3.8.1…v3.8.2

  Changed

  • Changed ownership to team Shield

  Removed

  • Get rid of label giantswarm.io/monitoring_basic_sli as this slo generation label is not used anymore.

  coredns v1.22.0…v1.23.0

  Changed

  • Update coredns image to 1.11.4.
  • Explicitly expose liveness and readiness probe ports in deployments.

  Removed

  • Remove PodSecurityPolicy and associated Resources and values.

  observability-bundle v1.8.0…v1.9.0

  Added

  • Add alloy v0.7.0 as alloyEvents.

  Changed

  • Upgrade alloy-logs and alloy-metrics to chart 0.7.0.
    • Bumps alloy from 1.4.2 to 1.5.0
  • upgrade kube-prometheus-stack from 65.1.1 to 66.2.1
    • prometheus-operator CRDs from 0.75.0 to 0.78.1
    • prometheus-operator from 0.77.1 to 0.78.1
    • prometheus from 2.54.1 to 2.55.1
    • kube-state-metrics from 2.13.0 to 2.14.0
    • grafana from 8.5.0 to 8.6.0
• Dec 12, 2024 Workload cluster releases for CLOUD-DIRECTOR releases cloud-director-29.2.0

  Changes compared to v29.1.0

  Components

  • cluster-cloud-director from v0.63.1 to v0.64.0
  • Kubernetes from v1.29.10 to v1.29.12

  cluster-cloud-director v0.63.1…v0.64.0

  Changed

  • Chart: Update cluster to v1.7.0.
    • Add teleport-init systemd unit to handle initial token setup before teleport service starts
    • Improve teleport service reliability by adding proper file and service dependencies and pre-start checks

  Apps

  • cert-manager from v3.8.1 to v3.8.2
  • coredns from v1.22.0 to v1.23.0
  • observability-bundle from v1.8.0 to v1.9.0

  cert-manager v3.8.1…v3.8.2

  Changed

  • Changed ownership to team Shield

  Removed

  • Get rid of label giantswarm.io/monitoring_basic_sli as this slo generation label is not used anymore.

  coredns v1.22.0…v1.23.0

  Changed

  • Update coredns image to 1.11.4.
  • Explicitly expose liveness and readiness probe ports in deployments.

  Removed

  • Remove PodSecurityPolicy and associated Resources and values.

  observability-bundle v1.8.0…v1.9.0

  Added

  • Add alloy v0.7.0 as alloyEvents.

  Changed

  • Upgrade alloy-logs and alloy-metrics to chart 0.7.0.
    • Bumps alloy from 1.4.2 to 1.5.0
  • upgrade kube-prometheus-stack from 65.1.1 to 66.2.1
    • prometheus-operator CRDs from 0.75.0 to 0.78.1
    • prometheus-operator from 0.77.1 to 0.78.1
    • prometheus from 2.54.1 to 2.55.1
    • kube-state-metrics from 2.13.0 to 2.14.0
    • grafana from 8.5.0 to 8.6.0

• Older entries