Workload cluster release cloud-director-31.0.0 for CAPVCD

Changes compared to v30.1.3

Components

• cluster-cloud-director from v0.66.1 to v0.67.0
• Flatcar from v4152.2.1 to v4152.2.3
• Kubernetes from v1.30.11 to v1.31.9
• os-tooling from v1.24.0 to v1.26.1

cluster-cloud-director v0.66.1…v0.67.0

Changed

• Chart: Update cluster to v2.3.0.
• Chart: Update cluster to v2.4.0.

Apps

• capi-node-labeler from v1.0.2 to v1.1.1
• cert-exporter from v2.9.5 to v2.9.7
• cert-manager from v3.9.0 to v3.9.1
• cilium from v0.31.5 to v1.2.1
• coredns from v1.24.0 to v1.25.0
• etcd-defrag from v1.0.2 to v1.0.5
• etcd-k8s-res-count-exporter from v1.10.3 to v1.10.5
• k8s-audit-metrics from v0.10.2 to v0.10.4
• net-exporter from v1.22.0 to v1.23.0
• node-exporter from v1.20.2 to v1.20.3
• observability-bundle from v1.11.0 to v2.0.0
• observability-policies from v0.0.1 to v0.0.2
• security-bundle from v1.10.1 to v1.11.0
• teleport-kube-agent from v0.10.4 to v0.10.5
• vertical-pod-autoscaler from v5.4.0 to v5.5.1
• vertical-pod-autoscaler-crd from v3.2.0 to v3.3.1

capi-node-labeler v1.0.2…v1.1.1

Changed

• Go: Update dependencies.
• Improve Control Plane node detection.
• Taint Control Plane nodes if not already tainted.
• Go: Update dependencies.

cert-exporter v2.9.5…v2.9.7

Changed

• Go: Update dependencies.
• Fix linting issues.
• Go: Update dependencies.

cert-manager v3.9.0…v3.9.1

Added

• Added Vertical Pod Autoscaler support for controller pods.
• Added renovate configutarion

Removed

• Removed dependabot configuration

cilium v0.31.5…v1.2.1

Changed

• Enable conntrack accounting in Cilium agent by default.
• Re-enable Cilium agent and operator metrics port.
• Add resource requests and limits to Hubble UI and Relay.
• Add resource requests and limits to Cilium Operator.
• Upgrade Cilium to v1.17.4.
• Cilium v1.17.4 disables kubernetes api connectivity check for liveness probes. (Upstream PR: https://github.com/cilium/cilium/pull/38703)
• Upgrade Cilium to v1.17.3.
• Upgrade Cilium to v1.17.2.
• Remove cleanup kube-proxy patch.
• Identity computation label exclusion list regular expressions. Remove controller-uid, since this is excluded by default now.
• Upgrade Cilium to v1.17.0.
• Use upstream default value for prometheus.metrics.
• Enable Envoy Proxy in standalone DaemonSet.

coredns v1.24.0…v1.25.0

Changed

• Update coredns image to 1.12.1.

etcd-defrag v1.0.2…v1.0.5

Changed

• Chart: Update dependency ahrtr/etcd-defrag to v0.28.0. (#34)
• Chart: Update dependency ahrtr/etcd-defrag to v0.27.0. (#29)
• Chart: Update dependency ahrtr/etcd-defrag to v0.26.0. (#22)

etcd-k8s-res-count-exporter v1.10.3…v1.10.5

Changed

• Go: Update dependencies.

Fixed

• Fix linting issues.
• Go: Update dependencies.

k8s-audit-metrics v0.10.2…v0.10.4

Changed

• Go: Update dependencies.

Fixed

• Fix linting issues.
• Go: Update dependencies.

net-exporter v1.22.0…v1.23.0

Changed

• Check for errors when closing connections.
• Switch from Endpoints to EndpointSlices for neighbors discovery.

node-exporter v1.20.2…v1.20.3

Changed

• Go: Update dependencies.

observability-bundle v1.11.0…v2.0.0

Added

• Add support for enabling pre-configured custom resources in KSM
• Add metrics containing labels for Crossplane resources

Changed

• Upgrade alloy-app from 0.10.0 to 0.11.0
  • This bumps the version of Alloy from 1.8.3 to 1.9.0
• Upgrade alloy-app from 0.9.0 to 0.10.0
  • This bumps the version of Alloy from 1.7.1 to 1.8.3
• Reconfigure Flux-related part of the KSM to use wildcards instead of hardcoded versions.
• Rename Flux-related metrics produced by the KSM.
• Upgrade kube-prometheus-stack to 72.3.0
  • Bumps prometheus-operator to 0.82.0
  • Bumps prometheus-operator CRDs to 0.82.0
• Upgrade kube-prometheus-stack to 72.3.0
  • Bumps prometheus-operator to 0.82.0
• Upgrade kube-prometheus-stack from 69.5.1 to 70.1.1
  • Bumps prometheus-operator to 0.81.0
  • Bumps prometheus to 3.2.1

Fixed

• Fix catalog for alloy apps as it is now pushed to the default catalog.

Removed

• Clean up old and deprecated telemetry collectors:
  • promtail
  • grafana-agent
  • promtheus-agent
• Disable PodSecurityPolicies by default as PodSecurityPolicies are deprecated and removed in Kubernetes v1.25+ clusters

observability-policies v0.0.1…v0.0.2

Changed

• Add Cluster Role to allow latest Kyverno versions to work (https://github.com/giantswarm/giantswarm/issues/33416)
• Switch .Values.disabled to .Values.enabled to follow best practices.

security-bundle v1.10.1…v1.11.0

Added

• Add policy-api-crds app to manage Policy API CRDs.

Changed

• Update trivy (app) to v0.13.4.
• Update cloudnative-pg (app) to v0.0.7.
• Update starboard-exporter (app) to v0.8.1.
• Update kyverno-policy-operator (app) to v0.0.11.
• Update cloudnative-pg (app) to v0.0.9.

Notes

Note: Kyverno PolicyExceptions (API group kyverno.io) versions v2alpha1 and v2beta1 are deprecated and will be removed in the next Kyverno minor release (v1.14). Please update all Kyverno PolicyExceptions to v2. No action is required for Giant Swarm Policy API PolicyExceptions (API group policy.giantswarm.io), which are handled automatically.

teleport-kube-agent v0.10.4…v0.10.5

Added

• Set Home URL in chart metadata.

vertical-pod-autoscaler v5.4.0…v5.5.1

Changed

• Chart: Update Helm release vertical-pod-autoscaler to v10.2.1. (#355)
• Chart: Update Helm release vertical-pod-autoscaler to v10.1.0. (#350)
• Chart: Update Helm release vertical-pod-autoscaler to v10.2.0. (#351)
• Chart: Update Helm release vertical-pod-autoscaler to v10.0.1. (#346)

vertical-pod-autoscaler-crd v3.2.0…v3.3.1

Changed

• Chart: Sync to upstream. (#146)
• Chart: Sync to upstream. (#140)
• Chart: Sync to upstream. (#136)