1. Docs
  2. Changes and releases
  3. CAPA releases

CAPA Releases

  • CAPA releases releases aws-25.5.2

    Changes compared to v25.5.1

    Components

    • cluster-aws from v1.3.8 to v1.3.9

    cluster-aws v1.3.8…v1.3.9

    Added

    • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
  • CAPA releases releases aws-30.0.0

    Changes compared to v29.6.1

    Components

    • cluster-aws from v2.6.1 to v3.0.0
    • Flatcar from v4081.2.1 to v4152.2.1
    • Kubernetes from v1.29.13 to v1.30.10

    cluster-aws v2.6.1…v3.0.0

    Added

    • Values: Add schema for cilium-crossplane-resources.

    Changed

    • Scale down cilium-operator before deleting a cluster (only in eni mode)
    • Chart: Update cluster to v2.0.1.
    • Chart: Enable coredns-extensions and etcd-defrag.

    Apps

    • aws-ebs-csi-driver from v2.30.1 to v3.0.3
    • aws-pod-identity-webhook from v1.18.0 to v1.19.0
    • capi-node-labeler from v0.5.0 to v1.0.1
    • cert-exporter from v2.9.3 to v2.9.4
    • cert-manager from v3.8.2 to v3.9.0
    • cilium from v0.25.2 to v0.31.0
    • cloud-provider-aws from v1.29.3-gs1 to v1.30.7-gs3
    • cluster-autoscaler from v1.29.3-gs1 to v1.30.3-gs2
    • coredns from v1.23.0 to v1.24.0
    • coredns-extensions v0.1.2
    • etcd-defrag v1.0.1
    • etcd-k8s-res-count-exporter from v1.10.0 to v1.10.1
    • external-dns from v3.1.0 to v3.2.0
    • k8s-audit-metrics from v0.10.0 to v0.10.1
    • metrics-server from v2.4.2 to v2.6.0
    • node-exporter from v1.20.0 to v1.20.1
    • vertical-pod-autoscaler from v5.3.1 to v5.4.0
    • vertical-pod-autoscaler-crd from v3.1.2 to v3.2.0

    aws-ebs-csi-driver v2.30.1…v3.0.3

    Added

    • Chart: Sync to upstream. (#253)
      • Chart: Add FIPS endpoint support.
      • Chart: Add SELinux support.
    • Repository: Some chores. (#235)
      • Repository: Add Makefile.custom.mk.
    • Chart: Add snapshot-controller NetworkPolicy. (#246)
      • Kustomization: Add snapshot-controller NetworkPolicy.

    Changed

    • Chart: Sync to upstream. (#255)
      • Chart: Fix proxy settings.
    • Chart: Sync to upstream. (#253)
      • Chart: Consume global.image.registry.
      • Chart: Fix IRSA annotation rendering.
      • Chart: Bump images.
    • Harden security context for controller and node.
    • Repository: Some chores. (#235)
      • ABS: Rework main.yaml.
      • CircleCI: Rework config.yml.
      • Repository: Rework README.md.
      • Repository: Move .gitignore & kustomization-snapshotter.yaml to vendor/external-snapshotter/.
      • Chart: Rework .kube-linter.yaml.
      • Vendir: Rework vendir.yml.
      • Chart: Rework Chart.yaml.
      • Chart: Revert image to v1.37.0.
      • Renovate: Ignore values.yaml.
    • Chart: Sync to upstream. (#243)
      • Chart: Reorder labels.
      • Chart: Fix network policies.
    • Chart: Add snapshot-controller NetworkPolicy. (#246)
      • Vendir: Sync to vendor/external-snapshotter/upstream.
      • Kustomization: Set namespace.
      • Kustomization: Extend common labels.
      • Kustomization: Extract CRD patches.
      • Kustomization: Extract service account patches.
      • Kustomization: Extract deployment patches.
    • Change to use ImagePullPolicy as specified via values.
    • Upgrade to release v1.37.0
    • Enable Volume Snapshotter by default
    • Switch to Helm managed CRDs

    Removed

    • Repository: Some chores. (#235)
      • Repository: Remove .nancy-ignore.
      • Chart: Remove pod securityContext from external-snapshotter.
      • Chart: Remove .helmignore.
      • Chart: Remove CHANGELOG.md.

    aws-pod-identity-webhook v1.18.0…v1.19.0

    Changed

    • Add support for rolling Deployments owned by unknown CRs, like the case of Crossplane providers.

    capi-node-labeler v0.5.0…v1.0.1

    Changed

    • Main: Improve sleep. (#125)
    • Go: Update go.mod and .nancy-ignore. (#123)

    cert-exporter v2.9.3…v2.9.4

    Changed

    • Repository: Some chores. (#418)
    • Go: Update go.mod and .nancy-ignore. (#437)

    cert-manager v3.8.2…v3.9.0

    Added

    • Adds new sync method based on Vendir to sync from upstream

    Changed

    • Updates Cert-manager Chart to Upstream 1.16.2

    cilium v0.25.2…v0.31.0

    Changed

    • Upgrade Cilium to v1.16.6.
    • Move provider specific custom CNI configuration to subchart.
    • Improve security defaults for:
      • Hubble UI
      • Hubble Relay
      • Cilium Operator

    Removed

    • Delete defaultPolicies and extraPolicies templates.

    cloud-provider-aws v1.29.3-gs1…v1.30.7-gs3

    Added

    • Add security context to the container for PSS.

    Changed

    • Values: Fix proxy schema. (#89)
    • Chart: Remove duplicate service account. (#87)
    • Chart: Update to upstream v1.30.7.

    Remove

    • Remove PSP manifest.

    cluster-autoscaler v1.29.3-gs1…v1.30.3-gs2

    Changed

    • Values: Enable Pod Security Standards. (#296)
    • Chart: Update to upstream v1.30.3. (#298)
    • Update PolicyExceptions apiVersion to v2beta1. (#282)

    coredns v1.23.0…v1.24.0

    Changed

    • Update coredns image to 1.12.0.
    • Disable HPA Memory target.
    • Increase threshold for HPA CPU target to 80%.

    coredns-extensions v0.1.2

    Added

    • Add VPA for CoreDNS deployments.
    • Add value to enable or disable VPA resources.

    Changed

    • Push App to the default-catalog.
    • Publish App in giantswarm-catalog.

    etcd-defrag v1.0.1

    Added

    • Chart: Add moveLeader. (#11)

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.24.0. (#16)
    • Values: Rename cluster into useClusterEndpoints. (#8)

    etcd-k8s-res-count-exporter v1.10.0…v1.10.1

    Changed

    • Set readOnlyRootFilesystem to true in the container security context.
    • Update Kyverno PolicyExceptions to v2beta1.
    • Go: Update go.mod and .nancy-ignore. (#242)

    external-dns v3.1.0…v3.2.0

    Changed

    • Update architect-orb and ATS.
    • Add DNSEndpoints as a source for DNS records.

    k8s-audit-metrics v0.10.0…v0.10.1

    Changed

    • Update Kyverno PolicyExceptions to v2beta1.
    • Go: Update go.mod and .nancy-ignore. (#248)

    metrics-server v2.4.2…v2.6.0

    Added

    • Add VPA setting for metrics-server.

    Changed

    • Upgrade metrics-server to v0.7.2.
    • Chart: Update PolicyExceptions to v2beta1. (#226)

    node-exporter v1.20.0…v1.20.1

    Changed

    • Update Kyverno PolicyExceptions to v2beta1.
    • Go: Update go.mod. (#322)

    vertical-pod-autoscaler v5.3.1…v5.4.0

    Changed

    • Chart: Update Helm release vertical-pod-autoscaler to v10.0.0 (#335)

    vertical-pod-autoscaler-crd v3.1.2…v3.2.0

    Changed

    • Chart: Sync to upstream. (#126)
  • CAPA releases releases aws-25.5.1

    Changes compared to v25.5.0

    Components

    • cluster-aws from v1.3.7 to v1.3.8

    cluster-aws v1.3.7…v1.3.8

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.
  • CAPA releases releases aws-26.4.1

    Changes compared to v26.4.0

    Components

    • cluster-aws from v1.3.7 to v1.3.8

    cluster-aws v1.3.7…v1.3.8

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.
  • CAPA releases releases aws-27.5.1

    Changes compared to v27.5.0

    Components

    • cluster-aws from v1.3.7 to v1.3.8

    cluster-aws v1.3.7…v1.3.8

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.
  • CAPA releases releases aws-28.5.2

    Changes compared to v28.5.1

    Components

    • cluster-aws from v1.3.7 to v1.3.8

    cluster-aws v1.3.7…v1.3.8

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.
  • CAPA releases releases aws-25.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v25.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-26.4.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v26.3.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-27.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v27.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-28.5.1

    This release introduces improvements for ENI mode targetting the CAPA migration process.

    Changes compared to v28.5.0

    Components

    • cluster-aws from v1.3.6 to v1.3.7

    cluster-aws v1.3.6…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Apps

    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication