1. Docs
  2. Changes and releases
  3. CAPA releases

CAPA Releases

  • CAPA releases releases aws-27.5.1

    Changes compared to v27.5.0

    Components

    • cluster-aws from v1.3.7 to v1.3.8

    cluster-aws v1.3.7…v1.3.8

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.
  • CAPA releases releases aws-28.5.2

    Changes compared to v28.5.1

    Components

    • cluster-aws from v1.3.7 to v1.3.8

    cluster-aws v1.3.7…v1.3.8

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.
  • CAPA releases releases aws-25.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v25.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-26.4.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v26.3.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-27.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v27.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-28.5.1

    This release introduces improvements for ENI mode targetting the CAPA migration process.

    Changes compared to v28.5.0

    Components

    • cluster-aws from v1.3.6 to v1.3.7

    cluster-aws v1.3.6…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Apps

    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-29.6.1

    This release introduces improvements for ENI mode targetting the CAPA migration process.

    Changes compared to v29.6.0

    Components

    • cluster-aws from v2.6.0 to v2.6.1

    cluster-aws v2.6.0…v2.6.1

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.

    Apps

    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • CAPA releases releases aws-28.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, as well as improvements for the node-termination-handler application for smoother upgrades and operations.

    Changes compared to v28.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.6

    cluster-aws v1.3.5…v1.3.6

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.

    Fixed

    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables
  • CAPA releases releases aws-29.6.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, as well as improvements for the node-termination-handler application for smoother upgrades and operations. Several components such as Flatcar or Kubernetes have also been updated to the latest available versions.

    Changes compared to v29.5.0

    Components

    • cluster-aws from v2.5.0 to v2.6.0
    • Flatcar from v3975.2.2 to v4081.2.1
    • Kubernetes from v1.29.12 to v1.29.13

    cluster-aws v2.5.0…v2.6.0

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.

    Fixed

    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • aws-pod-identity-webhook from v1.17.0 to v1.18.0
    • cilium from v0.25.1 to v0.25.2
    • prometheus-blackbox-exporter from v0.4.2 to v0.5.0
    • security-bundle from v1.8.2 to v1.9.1
    • vertical-pod-autoscaler from v5.3.0 to v5.3.1
    • vertical-pod-autoscaler-crd from v3.1.1 to v3.1.2

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    aws-pod-identity-webhook v1.17.0…v1.18.0

    Changed

    • Update securityContext to be compliant.

    cilium v0.25.1…v0.25.2

    Changed

    prometheus-blackbox-exporter v0.4.2…v0.5.0

    Changed

    • Harden security context to pass PSS compliance.

    Removed

    • Remove PSP resources.

    security-bundle v1.8.2…v1.9.1

    Breaking changes

    Note: When upgrading to this security-bundle version with Falco enabled, the Falco App will fail to upgrade due to a breaking change in the upstream chart. To finish the upgrade, disable, then re-enable the Falco App by setting apps.falco.enabled=[false|true] in the security-bundle user values Config Map.

    Changed

    • Update trivy-operator (app) to v0.10.3.
    • Update trivy (app) to v0.13.1.
    • Update kyverno (app) to v0.18.1.
    • Update kyverno-crds (app) to v1.12.0.
    • Update kyverno-policies (app) to v0.21.0.
    • Update starboard-exporter (app) to v0.8.0.
    • Update falco (app) to v0.9.1.

    vertical-pod-autoscaler v5.3.0…v5.3.1

    Changed

    • Chart: Update Helm release vertical-pod-autoscaler to v9.9.1. (#333)

    vertical-pod-autoscaler-crd v3.1.1…v3.1.2

    Changed

    • Chart: Sync to upstream. (#124)
  • CAPA releases releases aws-25.1.3

    This release introduces aws-node-termination-handler for graceful draining of nodes during an upgrade or other type of replacement of worker nodes.

    Details can be found in the node pools documentation.

    Changes compared to v25.1.2

    Components

    • cluster-aws from v1.1.3 to v1.1.5

    cluster-aws v1.1.3…v1.1.5

    Added

    • Make ASG lifecycle hook heartbeat timeout configurable
    • Add aws-node-termination-handler bundle

    Apps

    • aws-nth-bundle v1.2.0
    • cert-exporter from v2.9.0 to v2.9.3

    aws-nth-bundle v1.2.0

    Added

    • Send spot instance interruption and instance state change events to SQS queue so that aws-node-termination-handler can react to them

    cert-exporter v2.9.0…v2.9.3

    Added

    • Chart: Add VPA and resources configuration for deployment and daemonset. (#382)

    Changed

    • Chart: Enable global.podSecurityStandards.enforced. (#420)
    • Chart: Update PolicyExceptions to v2beta1. (#358)