This release along with k8s and application upgrades also brings several new features for the product. Node Pools have been extended with new Karpenter type, integrating the solution fully with the Giant Swarm cluster lifecycle instead of a Managed Application. Karpenter application will now be deployed as a part of the Giant Swarm clusters out of the box if configured. For further configuration please check our example of the Karpenter Node Pool usage.
Additionally, we have extended the Cluster configuration to support multiple VPC CIDRs under global.connectivity.network.vpcCidr
, please read the schema documentation for more details.
Finally we are slowly introducing changes to IAM roles for service accounts
(IRSA) management on GS side, where the infrastructure required will be fully managed by Crossplane instead of irsa-operator
and capa-iam-operator
. There is no impact for customers, but the change will allow Giant Swarm to pair the IAM permissions for required applications with their actual releases and deployments, moving away from single operators implementing all the roles. The Karpenter application will be the first one to use it.
For any questions regarding new features or their usage, please reach out to Giant Swarm. For customers running Karpenter as a Managed Application from Giant Swarm catalog, it is save to upgrade to this release without any changes. The application will work as expected until migrated to the new node pool type.
Changes compared to v30.1.3
Components
- cluster-aws from v3.2.2 to v3.4.0
- Flatcar from v4152.2.1 to v4152.2.3
- Kubernetes from v1.30.11 to v1.31.9
- os-tooling from v1.24.0 to v1.26.1
Added
- Adopt IRSA infrastructure with Crossplane. It can be disabled to use IRSA Operator.
- Support multiple VPC CIDRs
- Add
karpenter
support- Expose new values to configure karpenter node pools.
- Deploy
karpenter
app when karpenter
node pools are configured.
- Add
cert-manager-crossplane-resources
App in private clusters so DNS01
clusterIssuer
. - Add configuration for
DNS01
clusterIssuer
deployed by cert-manager-app
in private clusters. - Apply startup taint
ebs.csi.aws.com/agent-not-ready
for AWS EBS CSI driver on worker nodes.
Changed
- Reduce IMDS Response Hop Limit to 2 if pod networking is in ENI mode to increase security.
- Configure HelmReleases to retry indefinitely when installation or upgrade fails by setting retries: -1.
- Chart: Update
cluster
to v2.4.0.
Apps
- Added cert-manager-crossplane-resources v0.1.0
- Added karpenter-bundle v2.0.0
- Added karpenter-nodepools v0.1.0
- capi-node-labeler from v1.0.2 to v1.1.1
- cert-exporter from v2.9.5 to v2.9.7
- cert-manager from v3.9.0 to v3.9.1
- cilium from v0.31.5 to v1.2.1
- cilium-crossplane-resources from v0.2.0 to v0.2.1
- cloud-provider-aws from v1.30.8-gs1 to v1.31.5-gs1
- cluster-autoscaler from v1.30.4-gs1 to v1.31.2-gs2
- coredns from v1.24.0 to v1.25.0
- etcd-defrag from v1.0.2 to v1.0.5
- etcd-k8s-res-count-exporter from v1.10.3 to v1.10.5
- k8s-audit-metrics from v0.10.2 to v0.10.4
- net-exporter from v1.22.0 to v1.23.0
- node-exporter from v1.20.2 to v1.20.3
- observability-bundle from v1.11.0 to v2.0.0
- observability-policies from v0.0.1 to v0.0.2
- security-bundle from v1.10.1 to v1.11.0
- teleport-kube-agent from v0.10.4 to v0.10.5
- vertical-pod-autoscaler from v5.4.0 to v5.5.1
- vertical-pod-autoscaler-crd from v3.2.0 to v3.3.1
Changed
- Go: Update dependencies.
- Improve Control Plane node detection.
- Taint Control Plane nodes if not already tainted.
- Go: Update dependencies.
Changed
- Go: Update dependencies.
- Fix linting issues.
- Go: Update dependencies.
Added
- Added Vertical Pod Autoscaler support for
controller
pods. - Added renovate configutarion
Removed
- Removed dependabot configuration
cert-manager-crossplane-resources v0.1.0
Added
- Added support for
Azure
- Included the
giantswarm.io/cluster
label
Changed
- Restructured Chart to support multiple cloud providers
Changed
- Enable conntrack accounting in Cilium agent by default.
- Re-enable Cilium agent and operator metrics port.
- Add resource requests and limits to Hubble UI and Relay.
- Add resource requests and limits to Cilium Operator.
- Upgrade Cilium to v1.17.4.
- Cilium v1.17.4 disables kubernetes api connectivity check for liveness probes. (Upstream PR: https://github.com/cilium/cilium/pull/38703)
- Upgrade Cilium to v1.17.3.
- Upgrade Cilium to v1.17.2.
- Remove cleanup kube-proxy patch.
- Identity computation label exclusion list regular expressions. Remove
controller-uid
, since this is excluded by default now. - Upgrade Cilium to v1.17.0.
- Use upstream default value for
prometheus.metrics
. - Enable Envoy Proxy in standalone DaemonSet.
Added
- Included the
giantswarm.io/cluster
label
Changed
- Chart: Update to upstream v1.31.5.
Added
- Add additional labels to ignore during ASG balancing check
- Support adding additional labels to the
PodMonitor
resource via the podMonitor.additionalLabels
value.
Changed
- Chart: Use v1.31.2.
- Chart: Update to upstream v1.31.2. (#325)
Changed
- Update
coredns
image to 1.12.1.
Changed
- Chart: Update dependency ahrtr/etcd-defrag to v0.28.0. (#34)
- Chart: Update dependency ahrtr/etcd-defrag to v0.27.0. (#29)
- Chart: Update dependency ahrtr/etcd-defrag to v0.26.0. (#22)
Changed
Fixed
- Fix linting issues.
- Go: Update dependencies.
Changed
Fixed
- Fix linting issues.
- Go: Update dependencies.
karpenter-bundle v2.0.0
Added
Changed
- Add karpenter-app dependency on karpenter-crossplane-resources app.
- Bump karpenter to
v1.5.0
. - Bump karpenter-app to
v0.14.0
. - Update
karpenter-capa-taint-remover
to allow scheduling on all taints. - Update
karpenter-crossplane-resources
app version to add support for vintage OIDC issuer on migrated clusters - Update karpenter to update flowschema API
- Update interruption queue settings
- Update SQS Policy URL
karpenter-nodepools v0.1.0
Changed
- changed:
app.giantswarm.io
label group was changed to application.giantswarm.io
Changed
- Check for errors when closing connections.
- Switch from Endpoints to EndpointSlices for neighbors discovery.
Changed
Added
- Add support for enabling pre-configured custom resources in KSM
- Add metrics containing labels for Crossplane resources
Changed
- Upgrade
alloy-app
from 0.10.0 to 0.11.0- This bumps the version of
Alloy
from 1.8.3 to 1.9.0
- Upgrade
alloy-app
from 0.9.0 to 0.10.0- This bumps the version of
Alloy
from 1.7.1 to 1.8.3
- Reconfigure Flux-related part of the KSM to use wildcards instead of hardcoded versions.
- Rename Flux-related metrics produced by the KSM.
- Upgrade
kube-prometheus-stack
to 72.3.0- Bumps prometheus-operator to 0.82.0
- Bumps prometheus-operator CRDs to 0.82.0
- Upgrade
kube-prometheus-stack
to 72.3.0- Bumps prometheus-operator to 0.82.0
- Upgrade
kube-prometheus-stack
from 69.5.1 to 70.1.1- Bumps prometheus-operator to 0.81.0
- Bumps prometheus to 3.2.1
Fixed
- Fix catalog for alloy apps as it is now pushed to the default catalog.
Removed
- Clean up old and deprecated telemetry collectors:
promtail
grafana-agent
promtheus-agent
- Disable PodSecurityPolicies by default as PodSecurityPolicies are deprecated and removed in Kubernetes v1.25+ clusters
Changed
Added
- Add
policy-api-crds
app to manage Policy API CRDs.
Changed
- Update
trivy
(app) to v0.13.4. - Update
cloudnative-pg
(app) to v0.0.7. - Update
starboard-exporter
(app) to v0.8.1. - Update
kyverno-policy-operator
(app) to v0.0.11. - Update
cloudnative-pg
(app) to v0.0.9.
Notes
Note: Kyverno PolicyExceptions
(API group kyverno.io
) versions v2alpha1
and v2beta1
are deprecated and will be removed in the next Kyverno minor release (v1.14). Please update all Kyverno PolicyExceptions to v2
. No action is required for Giant Swarm Policy API PolicyExceptions
(API group policy.giantswarm.io
), which are handled automatically.
Added
- Set Home URL in chart metadata.
Changed
- Chart: Update Helm release vertical-pod-autoscaler to v10.2.1. (#355)
- Chart: Update Helm release vertical-pod-autoscaler to v10.1.0. (#350)
- Chart: Update Helm release vertical-pod-autoscaler to v10.2.0. (#351)
- Chart: Update Helm release vertical-pod-autoscaler to v10.0.1. (#346)
Changed
- Chart: Sync to upstream. (#146)
- Chart: Sync to upstream. (#140)
- Chart: Sync to upstream. (#136)