Workload cluster release aws-30.0.0 for CAPA

Changes compared to v29.6.1

Components

  • cluster-aws from v2.6.1 to v3.0.0
  • Flatcar from v4081.2.1 to v4152.2.1
  • Kubernetes from v1.29.13 to v1.30.10

cluster-aws v2.6.1…v3.0.0

Added

  • Values: Add schema for cilium-crossplane-resources.

Changed

  • Scale down cilium-operator before deleting a cluster (only in eni mode)
  • Chart: Update cluster to v2.0.1.
  • Chart: Enable coredns-extensions and etcd-defrag.

Apps

  • aws-ebs-csi-driver from v2.30.1 to v3.0.3
  • aws-pod-identity-webhook from v1.18.0 to v1.19.0
  • capi-node-labeler from v0.5.0 to v1.0.1
  • cert-exporter from v2.9.3 to v2.9.4
  • cert-manager from v3.8.2 to v3.9.0
  • cilium from v0.25.2 to v0.31.0
  • cloud-provider-aws from v1.29.3-gs1 to v1.30.7-gs3
  • cluster-autoscaler from v1.29.3-gs1 to v1.30.3-gs2
  • coredns from v1.23.0 to v1.24.0
  • coredns-extensions v0.1.2
  • etcd-defrag v1.0.1
  • etcd-k8s-res-count-exporter from v1.10.0 to v1.10.1
  • external-dns from v3.1.0 to v3.2.0
  • k8s-audit-metrics from v0.10.0 to v0.10.1
  • metrics-server from v2.4.2 to v2.6.0
  • node-exporter from v1.20.0 to v1.20.1
  • vertical-pod-autoscaler from v5.3.1 to v5.4.0
  • vertical-pod-autoscaler-crd from v3.1.2 to v3.2.0

aws-ebs-csi-driver v2.30.1…v3.0.3

Added

  • Chart: Sync to upstream. (#253)
    • Chart: Add FIPS endpoint support.
    • Chart: Add SELinux support.
  • Repository: Some chores. (#235)
    • Repository: Add Makefile.custom.mk.
  • Chart: Add snapshot-controller NetworkPolicy. (#246)
    • Kustomization: Add snapshot-controller NetworkPolicy.

Changed

  • Chart: Sync to upstream. (#255)
    • Chart: Fix proxy settings.
  • Chart: Sync to upstream. (#253)
    • Chart: Consume global.image.registry.
    • Chart: Fix IRSA annotation rendering.
    • Chart: Bump images.
  • Harden security context for controller and node.
  • Repository: Some chores. (#235)
    • ABS: Rework main.yaml.
    • CircleCI: Rework config.yml.
    • Repository: Rework README.md.
    • Repository: Move .gitignore & kustomization-snapshotter.yaml to vendor/external-snapshotter/.
    • Chart: Rework .kube-linter.yaml.
    • Vendir: Rework vendir.yml.
    • Chart: Rework Chart.yaml.
    • Chart: Revert image to v1.37.0.
    • Renovate: Ignore values.yaml.
  • Chart: Sync to upstream. (#243)
    • Chart: Reorder labels.
    • Chart: Fix network policies.
  • Chart: Add snapshot-controller NetworkPolicy. (#246)
    • Vendir: Sync to vendor/external-snapshotter/upstream.
    • Kustomization: Set namespace.
    • Kustomization: Extend common labels.
    • Kustomization: Extract CRD patches.
    • Kustomization: Extract service account patches.
    • Kustomization: Extract deployment patches.
  • Change to use ImagePullPolicy as specified via values.
  • Upgrade to release v1.37.0
  • Enable Volume Snapshotter by default
  • Switch to Helm managed CRDs

Removed

  • Repository: Some chores. (#235)
    • Repository: Remove .nancy-ignore.
    • Chart: Remove pod securityContext from external-snapshotter.
    • Chart: Remove .helmignore.
    • Chart: Remove CHANGELOG.md.

aws-pod-identity-webhook v1.18.0…v1.19.0

Changed

  • Add support for rolling Deployments owned by unknown CRs, like the case of Crossplane providers.

capi-node-labeler v0.5.0…v1.0.1

Changed

  • Main: Improve sleep. (#125)
  • Go: Update go.mod and .nancy-ignore. (#123)

cert-exporter v2.9.3…v2.9.4

Changed

  • Repository: Some chores. (#418)
  • Go: Update go.mod and .nancy-ignore. (#437)

cert-manager v3.8.2…v3.9.0

Added

  • Adds new sync method based on Vendir to sync from upstream

Changed

  • Updates Cert-manager Chart to Upstream 1.16.2

cilium v0.25.2…v0.31.0

Changed

  • Upgrade Cilium to v1.16.6.
  • Move provider specific custom CNI configuration to subchart.
  • Improve security defaults for:
    • Hubble UI
    • Hubble Relay
    • Cilium Operator

Removed

  • Delete defaultPolicies and extraPolicies templates.

cloud-provider-aws v1.29.3-gs1…v1.30.7-gs3

Added

  • Add security context to the container for PSS.

Changed

  • Values: Fix proxy schema. (#89)
  • Chart: Remove duplicate service account. (#87)
  • Chart: Update to upstream v1.30.7.

Remove

  • Remove PSP manifest.

cluster-autoscaler v1.29.3-gs1…v1.30.3-gs2

Changed

  • Values: Enable Pod Security Standards. (#296)
  • Chart: Update to upstream v1.30.3. (#298)
  • Update PolicyExceptions apiVersion to v2beta1. (#282)

coredns v1.23.0…v1.24.0

Changed

  • Update coredns image to 1.12.0.
  • Disable HPA Memory target.
  • Increase threshold for HPA CPU target to 80%.

coredns-extensions v0.1.2

Added

  • Add VPA for CoreDNS deployments.
  • Add value to enable or disable VPA resources.

Changed

  • Push App to the default-catalog.
  • Publish App in giantswarm-catalog.

etcd-defrag v1.0.1

Added

  • Chart: Add moveLeader. (#11)

Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.24.0. (#16)
  • Values: Rename cluster into useClusterEndpoints. (#8)

etcd-k8s-res-count-exporter v1.10.0…v1.10.1

Changed

  • Set readOnlyRootFilesystem to true in the container security context.
  • Update Kyverno PolicyExceptions to v2beta1.
  • Go: Update go.mod and .nancy-ignore. (#242)

external-dns v3.1.0…v3.2.0

Changed

  • Update architect-orb and ATS.
  • Add DNSEndpoints as a source for DNS records.

k8s-audit-metrics v0.10.0…v0.10.1

Changed

  • Update Kyverno PolicyExceptions to v2beta1.
  • Go: Update go.mod and .nancy-ignore. (#248)

metrics-server v2.4.2…v2.6.0

Added

  • Add VPA setting for metrics-server.

Changed

  • Upgrade metrics-server to v0.7.2.
  • Chart: Update PolicyExceptions to v2beta1. (#226)

node-exporter v1.20.0…v1.20.1

Changed

  • Update Kyverno PolicyExceptions to v2beta1.
  • Go: Update go.mod. (#322)

vertical-pod-autoscaler v5.3.1…v5.4.0

Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v10.0.0 (#335)

vertical-pod-autoscaler-crd v3.1.2…v3.2.0

Changed

  • Chart: Sync to upstream. (#126)