Highlights

  • Highlights for the week ending September 23, 2022

    User interfaces

    As of the latest version, our web UI is ready for use on Google Cloud Platform (GCP) installations.

    kubectl-gs v2.23.0 adds the capability to create a client certificate for workload cluster access with a specific CN prefix. This means you can bind the client presenting this certificate to an RBAC role as a user. Check the login command’s new --cn-prefix flag.

    Documentation

    We now have a dedicated page clarifying the concept and value of app bundles and its place in the app platform.

  • Highlights for the week ending September 15, 2022

    User interfaces

    In kubectl-gs we have deprecated some flags in three commands, to avoid name conflicts with global flags (which are usable in all commands). You will see a warning when using the deprecated flags. This affects the following commands:

    • kubectl gs template app: flag --target-namespace replaces --namespace, --cluster-name replaces --cluster.
    • kubectl gs template catalog: flag --target-namespace replaces --namespace.
    • kubectl gs gitops add app: flag --target-namespace replaces --namespace.

    Please move any scripts to the new flags, as the old flags will change their meaning with the next major release of kubectl-gs.

    kubectl-gs now also provides a command get organizations, which is a way for all management API users to list the organizations they have access to. kubectl get organizations in contrast requires admin permissions.

    Apps

    • cert-manager-app version v2.16.0 Before you upgrade to this release, make sure to read the Upgrading from v1.7 to v1.8 document. Upgrade to upstream image v1.8.2
    • gatling-app version v1.1.0 Update Gatling to v3.8.3.
    • gatling-app version v2.0.1 Update Gatling to v3.8.4. This upgrade includes changes released in v2.0.0: Complete rework based on fresh Helm chart. Following app related keys of the values.yaml changed: job.* moved to top-level. simulation.configMap.name -> simulation.configmap. simulation.filename -> simulation.file. simulation.name -> simulation.class.
    • nginx-ingress-controller-app version v2.17.0 Enable configmap.use-proxy-protocol by default for AWS. Before this was achieved by cluster-operator setting configmap.use-proxy-protocol in the cluster values.
    • prometheus-remotewrite version v0.1.0 With this release we are enabling Prometheus to replicate its data into 3rd party systems like Grafana Cloud or even another Prometheus using its remote APIs. More details can be found in the documentation
    • trivy-app version v0.5.0 updates to Trivy version 0.29.2, introducing support for Trivy modules. The spring4shell module is installed by default.

    Documentation

    We added the Documentation on how to package custom dashboards together with apps instead of packaging them into a custom repository.

  • Highlights for the week ending September 8, 2022

    General

    All management-cluster Flux installations (flux-system, flux-giantswarm) have been upgraded to Flux v0.33.0.

    User interfaces

    We have created the first v0.1.0 release of our gitops-template repo. It includes now all examples showing how to use our GitOps offering to achieve functionality such as management of organizations, workload clusters, secrets encryption, preparing and using app and cluster templates, environments propagation. To make it easier to use, we’re also introducing a new set of commands to our kubectl gs plugin that will allow you to easily generate parts of the GitOps configuration instead of just copying and changing it.

    Apps

    • flux-app version v0.15.0 upgrades to support Flux toolkit v0.33.0. From v0.32.0 onward, Flux comes with support for distributing Kubernetes manifests, Kustomize overlays and Terraform code as OCI artifacts.
    • security-pack version v0.7.0 introduces optional support for trivy-operator as the upcoming replacement for starboard. It also includes the latest Kyverno app release (v0.11.1).
    • trivy-operator-app version v0.1.0 is the first public release of trivy-operator containing upstream version 0.1.0. We recommend starboard users use this release to assess their readiness to migrate to trivy-operator.
  • Highlights for the week ending August 19, 2022

    User interfaces

    We fixed a problem in our web UI that has prevented some non-admin users from logging in. In addition, in the list of apps installed in a cluster, it is now easier to spot the ones that are not in the expected “Deployed” state.

    Apps

    • kyverno-app version v0.11.0 updates to upstream version 1.7.2, containing several resilience and performance improvements.
    • security-pack version v0.6.0 includes the latest Kyverno app release (v0.11.0) as well as minor updates to Starboard exporter (v0.5.1) and Trivy (v0.28.1).
    • nginx-ingress-controller-app version v2.15.2 adds support for labels on the metrics service.
    • linkerd2-multicluster-link-app version 0.7.2 adds support for pre-created service accounts.
    • flux-app version v0.14.0 moves back to manage Flux CRDs via Jobs instead of native Helm 3 support added in v0.13.0. We added important installation notes to the project’s README.md to clarify the benefits and limitations of this approach. We recommend skipping v0.13.0 and use v0.14.0 instead.
  • Highlights for the week ending August 25, 2022

    General

    Starting today, our weekly product highlights will reach you on Thursday already. That, of course, does not mean that our work week is already over.

    Apps

    • dex-app version 1.26.0 provides Dex version 2.33.0.

    • kyverno-app version v0.11.1 updates policy-reporter and included UIs to version 2.11.1 and sets additional configuration for improving Kyverno’s resilience against rate limiting.

    • nginx-ingress-controller-app version v2.16.0 updates to upstream controller version v1.3.0, removes support for kubernetes v1.19.0 and increases default replica number to 2.

  • Highlights for the week ending August 12, 2022

    User interfaces

    For apps installed in a workload cluster, the web UI now shows the name of the App resource (in case it’s not identical with the app’s name in the catalog). This makes it easier to distinguish several apps of the same type, e. g. if you have NGINX Ingress controller installed multiple times.

    We also improved the display of an App resources’ deployment status.

    kubectl-gs since version 2.19.0 consistently supports flags related to the kubectl config in all commands, including --kubeconfig for the path to a config file, --context for selecting a context, --cluster, --user etc.

    Documentation

    We added documentation on how to use cert-manager to automatically obtain TLS certificates for ingresses.

  • Highlights for the week ending August 5, 2022

    Apps

    • kong-app version v2.11.0 Align with upstream chart version 2.11.0 (Changes in upstream repository) Update kong/kubernetes-ingress-controller to 2.5.0.
    • nginx-ingress-controller-app version v2.15.0 added Support for annotations, labels and suffix on the internal controller service. NOTE: Adding, changing or removing the suffix results in a different name of the controller service resource. Since Helm does not keep track of the old resource, we recommend to uninstall and reinstall the app when changing the suffix. Changed: Omit service.beta.kubernetes.io/aws-load-balancer-proxy-protocol for use-proxy-protocol: “false”
    • linkerd2-app version v0.7.2 Add Giant Swarm team label to resources and init container to destination and injector services to avoid the known issue of missing IP in post hook action. Update pytest-helm-charts from beta to v0.7.0 (#84)
    • linkerd2-cni-app version v0.7.2 Add Giant Swarm team label to resources and Update pytest-helm-charts from beta to v0.7.0 (#68)
  • Highlights for the week ending July 22, 2022

    General

    • We split Flux related alerts to Giant Swarm and Customer alerts based on which Flux reconciles the resources. Giant Swarm alerts remain in alert mode for Team Honey Badger while Customer alerts were moved to notify mode. Eventually Customer notifications will be routed to customers via chosen Flux native channels.

    Apps

  • Highlights for the week ending July 15, 2022

    Apps

    • jiralert-app v0.0.3 updates to Jiralert version 1.2, supporting automatic resolution of Jira issues when an alert closes.
    • starboard-exporter version v0.5.1 allows users to control which resource types are watched by the exporter, so that it can be deployed with either trivy-operator or starboard.
    • flux-app v0.12 upgrades to Flux v0.31.3. Breaking changes: from v0.31 on, Flux is no longer compatible with kubeconfigs using client.authentication.k8s.io/v1alpha1, this version was deprecated and removed in Kubernetes 1.24. Full details in Flux v0.31.0 release notes.
  • Highlights for the week ending July 8, 2022

    General

    This week we have updated cert-manager and added OIDC support on workload clusters via dex and athena.

    Apps

    • cert-manager version v2.15.1 Upgrades to upstream image v1.7.3 which increases some hard-coded timeouts for certain ACME issuers (ZeroSSL and Sectigo) (#243) and updates kubectl container version to 1.24.2 (#243)

    User interfaces

    kubectl gs login now supports OIDC on workload clusters via dex and athena. Please check the documentation on workload cluster OIDC configuration as well as the login command reference to find out more.