This release updates the cluster-aws chart to fix an issue around Helm values schema validation when using certain node pool fields.
cluster chart nodepool fields to the schema.This release updates the cluster-aws chart and the underlying cluster chart to address an issue around Helm values schema validation uncovered by newer Helm versions.
cluster to v2.5.1.This release updates the cluster-aws chart and the underlying cluster chart to address an issue around Helm values schema validation uncovered by newer Helm versions.
cluster to v2.2.2.This release backports a fix for reducing IMDS Response Hop Limit to 2 if pod networking is in ENI mode to increase security. For clusters in ENI mode, all nodes are rolled when upgrading to this release.
This release backports a fix for reducing IMDS Response Hop Limit to 2 if pod networking is in ENI mode to increase security. For clusters in ENI mode, all nodes are rolled when upgrading to this release.
This release updates Kubernetes to the latest patch release v1.31.11.
During control plane upgrades, short-term warnings are now prevented by setting a fixed instead of dynamic AMI lookup string. This leads to nodes being rolled once when upgrading to this release.
We added an option to set the IMDSv2 request hop limit for EC2 instances ‒ this is usually not needed, except if security requirements such as AWS SCPs (service control policies) dictate a maximum.
Karpenter support keeps getting better: node-termination-handler is not installed anymore if only Karpenter node pools are used, as the same function is built into Karpenter (pod draining and EC2 instance termination handling). Nodes in such pools now also use the reduced IAM permission set (can be toggled in exceptional cases).
giantswarm.io/role: nodes by default to private subnets used for nodes. Can be overwritten.cluster to v2.5.0.node-termination-handler when there are non-karpenter node pools because karpenter takes care of node drainingimageLookupFormat to use a static string rather than CAPI replacing the OS and Kubernetes versions. This rolls control plane nodes.karpenter worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.coredns image to 1.12.2.MachinePool CR, so the taint will be removed by CAPI.trivy-operator (app) to v0.11.1.trivy (app) to v0.14.0.falco (app) to v0.10.1.cloudnative-pg (app) to v0.0.10.starboard-exporter (app) to v0.8.2.Upgrade cluster-aws to handle IMDS Hop Limit and patch kubernetes version.
Upgrade cluster-aws to handle IMDS Hop Limit.
Upgrade cluster-aws to handle IMDS Hop Limit.
This release along with k8s and application upgrades also brings several new features for the product. Node Pools have been extended with new Karpenter type, integrating the solution fully with the Giant Swarm cluster lifecycle instead of a Managed Application. Karpenter application will now be deployed as a part of the Giant Swarm clusters out of the box if configured. For further configuration please check our example of the Karpenter Node Pool usage.
Additionally, we have extended the Cluster configuration to support multiple VPC CIDRs under global.connectivity.network.vpcCidr, please read the schema documentation for more details.
Finally we are slowly introducing changes to IAM roles for service accounts (IRSA) management on GS side, where the infrastructure required will be fully managed by Crossplane instead of irsa-operator and capa-iam-operator. There is no impact for customers, but the change will allow Giant Swarm to pair the IAM permissions for required applications with their actual releases and deployments, moving away from single operators implementing all the roles. The Karpenter application will be the first one to use it.
For any questions regarding new features or their usage, please reach out to Giant Swarm. For customers running Karpenter as a Managed Application from Giant Swarm catalog, it is save to upgrade to this release without any changes. The application will work as expected until migrated to the new node pool type.
karpenter supportkarpenter app when karpenter node pools are configured.cert-manager-crossplane-resources App in private clusters so DNS01 clusterIssuer.DNS01 clusterIssuer deployed by cert-manager-app in private clusters.ebs.csi.aws.com/agent-not-ready for AWS EBS CSI driver on worker nodes.cluster to v2.4.0.controller pods.Azuregiantswarm.io/cluster labelcontroller-uid, since this is excluded by default now.prometheus.metrics.giantswarm.io/cluster labelPodMonitor resource via the podMonitor.additionalLabels value.coredns image to 1.12.1.v1.5.0.v0.14.0.karpenter-capa-taint-remover to allow scheduling on all taints.karpenter-crossplane-resources app version to add support for vintage OIDC issuer on migrated clustersapp.giantswarm.io label group was changed to application.giantswarm.ioalloy-app from 0.10.0 to 0.11.0Alloy from 1.8.3 to 1.9.0alloy-app from 0.9.0 to 0.10.0Alloy from 1.7.1 to 1.8.3kube-prometheus-stack to 72.3.0kube-prometheus-stack to 72.3.0kube-prometheus-stack from 69.5.1 to 70.1.1promtailgrafana-agentpromtheus-agent.Values.disabled to .Values.enabled to follow best practices.policy-api-crds app to manage Policy API CRDs.trivy (app) to v0.13.4.cloudnative-pg (app) to v0.0.7.starboard-exporter (app) to v0.8.1.kyverno-policy-operator (app) to v0.0.11.cloudnative-pg (app) to v0.0.9.Note: Kyverno PolicyExceptions (API group kyverno.io) versions v2alpha1 and v2beta1 are deprecated and will be removed in the next Kyverno minor release (v1.14). Please update all Kyverno PolicyExceptions to v2. No action is required for Giant Swarm Policy API PolicyExceptions (API group policy.giantswarm.io), which are handled automatically.