CAPA Releases

• Mar 19, 2025 CAPA releases releases aws-29.6.3

  Changes compared to v29.6.2

  Components

  • cluster-aws from v2.6.2 to v2.6.3

  cluster-aws v2.6.2…v2.6.3

  Added

  • Add ingress rule in nodes Security Group to allow access for monitoring Chart Operator, EBS CSI Controller, Cilium Operator and Node Exporter.
• Mar 18, 2025 CAPA releases releases aws-30.1.0

  Changes compared to v30.0.0

  Components

  • cluster-aws from v3.0.0 to v3.2.1
  • Kubernetes from v1.30.10 to v1.30.11
  • os-tooling from v1.23.1 to v1.24.0

  cluster-aws v3.0.0…v3.2.1

  Added

  • Add ingress rule in nodes Security Group to allow access for monitoring Chart Operator, EBS CSI Controller, Cilium Operator and Node Exporter.
  • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
  • Add option global.providerSpecific.nodeTerminationHandlerEnabled to disable the AWS Node Termination Handler (NTH).

  Changed

  • Chart: Update cluster to v2.2.0.

  os-tooling v1.23.1…v1.24.0

  Added

  • Added nvidia_runtime to allow running of GPU workloads

  Apps

  • aws-ebs-csi-driver from v3.0.3 to v3.0.5
  • aws-pod-identity-webhook from v1.19.0 to v1.19.1
  • capi-node-labeler from v1.0.1 to v1.0.2
  • cert-exporter from v2.9.4 to v2.9.5
  • cilium from v0.31.0 to v0.31.1
  • cloud-provider-aws from v1.30.7-gs3 to v1.30.8-gs1
  • cluster-autoscaler from v1.30.3-gs2 to v1.30.4-gs1
  • etcd-defrag from v1.0.1 to v1.0.2
  • etcd-kubernetes-resources-count-exporter from v1.10.1 to v1.10.3
  • k8s-audit-metrics from v0.10.1 to v0.10.2
  • net-exporter from v1.21.0 to v1.22.0
  • node-exporter from v1.20.1 to v1.20.2
  • observability-bundle from v1.9.0 to v1.11.0
  • security-bundle from v1.9.1 to v1.10.0
  • teleport-kube-agent from v0.10.3 to v0.10.4

  aws-ebs-csi-driver v3.0.3…v3.0.5

  Changed

  • Chart: Update snapshot-controller to v8.2.1. (#283)
  • Chart: Sync to upstream. (#264)

  aws-pod-identity-webhook v1.19.0…v1.19.1

  Changed

  • Go: Update dependencies.

  capi-node-labeler v1.0.1…v1.0.2

  Changed

  • Go: Update dependencies.

  cert-exporter v2.9.4…v2.9.5

  Changed

  • Go: Update dependencies.

  cilium v0.31.0…v0.31.1

  Changed

  • Upgrade Cilium to v1.16.7.

  cloud-provider-aws v1.30.7-gs3…v1.30.8-gs1

  Changed

  • Chart: Update to upstream v1.30.8.

  cluster-autoscaler v1.30.3-gs2…v1.30.4-gs1

  Changed

  • Chart: Update to upstream v1.30.4. (#308)

  etcd-defrag v1.0.1…v1.0.2

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.25.0. (#17)

  etcd-kubernetes-resources-count-exporter v1.10.1…v1.10.3

  Changed

  • Go: Update dependencies.

  k8s-audit-metrics v0.10.1…v0.10.2

  Changed

  • Go: Update dependencies.

  net-exporter v1.21.0…v1.22.0

  Changed

  • Narrow down CiliumNetworkPolicy to allow desired traffic only.

  Removed

  • Remove NetworkPolicy resource and rely on CiliumNetworkPolicy only.

  node-exporter v1.20.1…v1.20.2

  Changed

  • Go: Update dependencies.

  observability-bundle v1.9.0…v1.11.0

  Changed

  • prometheus-operator will not check promql syntax for prometheusRules that are labelled observability.giantswarm.io/rule-type: logs
  • Upgrade alloy to chart 0.9.0.
    • Bumps alloy from to 1.5.1 to 1.7.1
  • Upgrade kube-prometheus-stack from 66.2.1 to 69.5.1
    • Bumps prometheus-operator to 0.80.1
    • Bumps prometheus to 3.0.1

  security-bundle v1.9.1…v1.10.0

  Added

  • Add e2e tests for the security-bundle and all is components

  Changed

  • Update kyverno (app) to v0.19.0.
  • Update kyverno-crds (app) to v1.13.0.
  • Update kyverno-policies (app) to v0.23.0.
  • Update edgedb (app) to v0.1.0.
  • Update falco (app) to v0.10.0.
  • Update trivy (app) to v0.13.2.

  teleport-kube-agent v0.10.3…v0.10.4

  Added

  • Add headless service on diag port 3000.

  Changed

  • Migrated to ABS
• Mar 7, 2025 CAPA releases releases aws-26.4.2

  Changes compared to v26.4.1

  Components

  • cluster-aws from v1.3.8 to v1.3.9

  cluster-aws v1.3.8…v1.3.9

  Added

  • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
• Mar 7, 2025 CAPA releases releases aws-27.5.2

  Changes compared to v27.5.1

  Components

  • cluster-aws from v1.3.8 to v1.3.9

  cluster-aws v1.3.8…v1.3.9

  Added

  • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
• Mar 7, 2025 CAPA releases releases aws-28.5.3

  Changes compared to v28.5.2

  Components

  • cluster-aws from v1.3.8 to v1.3.9

  cluster-aws v1.3.8…v1.3.9

  Added

  • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
• Mar 7, 2025 CAPA releases releases aws-29.6.2

  Changes compared to v29.6.1

  Components

  • cluster-aws from v2.6.1 to v2.6.2

  cluster-aws v2.6.1…v2.6.2

  Added

  • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
• Feb 26, 2025 CAPA releases releases aws-25.5.2

  Changes compared to v25.5.1

  Components

  • cluster-aws from v1.3.8 to v1.3.9

  cluster-aws v1.3.8…v1.3.9

  Added

  • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
• Feb 20, 2025 CAPA releases releases aws-30.0.0

  Changes compared to v29.6.1

  Components

  • cluster-aws from v2.6.1 to v3.0.0
  • Flatcar from v4081.2.1 to v4152.2.1
  • Kubernetes from v1.29.13 to v1.30.10

  cluster-aws v2.6.1…v3.0.0

  Added

  • Values: Add schema for cilium-crossplane-resources.

  Changed

  • Scale down cilium-operator before deleting a cluster (only in eni mode)
  • Chart: Update cluster to v2.0.1.
  • Chart: Enable coredns-extensions and etcd-defrag.

  Apps

  • aws-ebs-csi-driver from v2.30.1 to v3.0.3
  • aws-pod-identity-webhook from v1.18.0 to v1.19.0
  • capi-node-labeler from v0.5.0 to v1.0.1
  • cert-exporter from v2.9.3 to v2.9.4
  • cert-manager from v3.8.2 to v3.9.0
  • cilium from v0.25.2 to v0.31.0
  • cloud-provider-aws from v1.29.3-gs1 to v1.30.7-gs3
  • cluster-autoscaler from v1.29.3-gs1 to v1.30.3-gs2
  • coredns from v1.23.0 to v1.24.0
  • coredns-extensions v0.1.2
  • etcd-defrag v1.0.1
  • etcd-k8s-res-count-exporter from v1.10.0 to v1.10.1
  • external-dns from v3.1.0 to v3.2.0
  • k8s-audit-metrics from v0.10.0 to v0.10.1
  • metrics-server from v2.4.2 to v2.6.0
  • node-exporter from v1.20.0 to v1.20.1
  • vertical-pod-autoscaler from v5.3.1 to v5.4.0
  • vertical-pod-autoscaler-crd from v3.1.2 to v3.2.0

  aws-ebs-csi-driver v2.30.1…v3.0.3

  Added

  • Chart: Sync to upstream. (#253)
    • Chart: Add FIPS endpoint support.
    • Chart: Add SELinux support.
  • Repository: Some chores. (#235)
    • Repository: Add Makefile.custom.mk.
  • Chart: Add snapshot-controller NetworkPolicy. (#246)
    • Kustomization: Add snapshot-controller NetworkPolicy.

  Changed

  • Chart: Sync to upstream. (#255)
    • Chart: Fix proxy settings.
  • Chart: Sync to upstream. (#253)
    • Chart: Consume global.image.registry.
    • Chart: Fix IRSA annotation rendering.
    • Chart: Bump images.
  • Harden security context for controller and node.
  • Repository: Some chores. (#235)
    • ABS: Rework main.yaml.
    • CircleCI: Rework config.yml.
    • Repository: Rework README.md.
    • Repository: Move .gitignore & kustomization-snapshotter.yaml to vendor/external-snapshotter/.
    • Chart: Rework .kube-linter.yaml.
    • Vendir: Rework vendir.yml.
    • Chart: Rework Chart.yaml.
    • Chart: Revert image to v1.37.0.
    • Renovate: Ignore values.yaml.
  • Chart: Sync to upstream. (#243)
    • Chart: Reorder labels.
    • Chart: Fix network policies.
  • Chart: Add snapshot-controller NetworkPolicy. (#246)
    • Vendir: Sync to vendor/external-snapshotter/upstream.
    • Kustomization: Set namespace.
    • Kustomization: Extend common labels.
    • Kustomization: Extract CRD patches.
    • Kustomization: Extract service account patches.
    • Kustomization: Extract deployment patches.
  • Change to use ImagePullPolicy as specified via values.
  • Upgrade to release v1.37.0
  • Enable Volume Snapshotter by default
  • Switch to Helm managed CRDs

  Removed

  • Repository: Some chores. (#235)
    • Repository: Remove .nancy-ignore.
    • Chart: Remove pod securityContext from external-snapshotter.
    • Chart: Remove .helmignore.
    • Chart: Remove CHANGELOG.md.

  aws-pod-identity-webhook v1.18.0…v1.19.0

  Changed

  • Add support for rolling Deployments owned by unknown CRs, like the case of Crossplane providers.

  capi-node-labeler v0.5.0…v1.0.1

  Changed

  • Main: Improve sleep. (#125)
  • Go: Update go.mod and .nancy-ignore. (#123)

  cert-exporter v2.9.3…v2.9.4

  Changed

  • Repository: Some chores. (#418)
  • Go: Update go.mod and .nancy-ignore. (#437)

  cert-manager v3.8.2…v3.9.0

  Added

  • Adds new sync method based on Vendir to sync from upstream

  Changed

  • Updates Cert-manager Chart to Upstream 1.16.2

  cilium v0.25.2…v0.31.0

  Changed

  • Upgrade Cilium to v1.16.6.
  • Move provider specific custom CNI configuration to subchart.
  • Improve security defaults for:
    • Hubble UI
    • Hubble Relay
    • Cilium Operator

  Removed

  • Delete defaultPolicies and extraPolicies templates.

  cloud-provider-aws v1.29.3-gs1…v1.30.7-gs3

  Added

  • Add security context to the container for PSS.

  Changed

  • Values: Fix proxy schema. (#89)
  • Chart: Remove duplicate service account. (#87)
  • Chart: Update to upstream v1.30.7.

  Remove

  • Remove PSP manifest.

  cluster-autoscaler v1.29.3-gs1…v1.30.3-gs2

  Changed

  • Values: Enable Pod Security Standards. (#296)
  • Chart: Update to upstream v1.30.3. (#298)
  • Update PolicyExceptions apiVersion to v2beta1. (#282)

  coredns v1.23.0…v1.24.0

  Changed

  • Update coredns image to 1.12.0.
  • Disable HPA Memory target.
  • Increase threshold for HPA CPU target to 80%.

  coredns-extensions v0.1.2

  Added

  • Add VPA for CoreDNS deployments.
  • Add value to enable or disable VPA resources.

  Changed

  • Push App to the default-catalog.
  • Publish App in giantswarm-catalog.

  etcd-defrag v1.0.1

  Added

  • Chart: Add moveLeader. (#11)

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.24.0. (#16)
  • Values: Rename cluster into useClusterEndpoints. (#8)

  etcd-k8s-res-count-exporter v1.10.0…v1.10.1

  Changed

  • Set readOnlyRootFilesystem to true in the container security context.
  • Update Kyverno PolicyExceptions to v2beta1.
  • Go: Update go.mod and .nancy-ignore. (#242)

  external-dns v3.1.0…v3.2.0

  Changed

  • Update architect-orb and ATS.
  • Add DNSEndpoints as a source for DNS records.

  k8s-audit-metrics v0.10.0…v0.10.1

  Changed

  • Update Kyverno PolicyExceptions to v2beta1.
  • Go: Update go.mod and .nancy-ignore. (#248)

  metrics-server v2.4.2…v2.6.0

  Added

  • Add VPA setting for metrics-server.

  Changed

  • Upgrade metrics-server to v0.7.2.
  • Chart: Update PolicyExceptions to v2beta1. (#226)

  node-exporter v1.20.0…v1.20.1

  Changed

  • Update Kyverno PolicyExceptions to v2beta1.
  • Go: Update go.mod. (#322)

  vertical-pod-autoscaler v5.3.1…v5.4.0

  Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v10.0.0 (#335)

  vertical-pod-autoscaler-crd v3.1.2…v3.2.0

  Changed

  • Chart: Sync to upstream. (#126)
• Feb 6, 2025 CAPA releases releases aws-25.5.1

  Changes compared to v25.5.0

  Components

  • cluster-aws from v1.3.7 to v1.3.8

  cluster-aws v1.3.7…v1.3.8

  Changed

  • Cilium: Replace no longer supported tunnel option by routingMode.
• Feb 6, 2025 CAPA releases releases aws-26.4.1

  Changes compared to v26.4.0

  Components

  • cluster-aws from v1.3.7 to v1.3.8

  cluster-aws v1.3.7…v1.3.8

  Changed

  • Cilium: Replace no longer supported tunnel option by routingMode.

• Newer entries
• Older entries