Highlights for the week ending 2025-04-10

Breaking Changes

• Ingress NGINX App version 4.0.0
  • Important breaking changes to note:
    • ConfigMap option allow-cross-namespace-resources is now deactivated
    • Annotations with risk level “Critical” now require explicit configuration Please read carefully the whole release notes.

Fleet Management

• Cluster AWS version 3.2.0

  • Updated cluster chart to v2.2.0
  • Added security rule to allow access to Cilium Relay when using ENI mode
  • Improved node security with proper Nvidia runtime isolation to prevent OOM issues

• Cluster Azure version 2.1.0

  • Updated cluster chart to v2.2.0

• Cluster Cloud Director version 0.66.0

  • Updated cluster chart to v2.2.0
  • Enabled CoreDNS extensions and ETCD defragmentation

• Cluster vSphere version 1.1.0

  • Updated cluster chart to v2.2.0
  • Split cloud provider app into separate HelmReleases
  • Added template suffix option for VM templates

• Image Distribution Operator version 0.2.1

  • Added support for exotic characters in passwords
  • Improved vSphere release handling with ability to set suffix on uploaded VM template names

• AWS EBS CSI Driver App version 3.0.5

  • Updated snapshot-controller to v8.2.1
  • Synchronized with upstream improvements

• AWS Cloud Controller Manager App version 1.30.8-gs1

  • Updated to upstream v1.30.8

• Cluster Autoscaler App version 1.30.4-gs2

  • Updated to upstream v1.30.4
  • Added support for additional labels on PodMonitor resources

• vSphere CSI Driver App version 3.4.2

  • Added upstream chart at v3.3.0
  • Fixed kubectl image tag

Security

• ETCD Backup Operator version 4.12.0

  • Added BackupDestination label to support multiple operator instances
  • Improved cluster exclusion configuration

• ETCD Defrag App version 1.0.3

  • Updated dependency to etcd-defrag v0.26.0

• Kube-vip Cloud Provider App version 0.3.0

  • Enhanced security by running container with a read-only filesystem

• RBAC Operator version 0.42.0

  • Added support for read-all-customer-groups bindings

• Teleport Kube Agent App version 0.10.4

  • Added headless service on diagnostic port 3000
  • Migrated to App Build Suite

• Trivy App version 0.13.4

  • Added API capabilities check for Kyverno PolicyExceptions before switching to v2
  • Made livenessProbe.initialDelaySeconds configurable

Connectivity

• Cilium App version 0.32.0

  • Using upstream default value for prometheus.metrics
  • Enabled Envoy Proxy in standalone DaemonSet

• CoreDNS App version 1.25.0

  • Updated CoreDNS image to 1.12.1

• Ingress NGINX App version 4.0.0

  • Updated controller image to v1.12.1
  • Added multiple controller configuration options
  • Removed Pod Security Policies (incompatible with Kubernetes v1.24 and below)
  • Important breaking changes to note:
    • ConfigMap option allow-cross-namespace-resources is now deactivated
    • Annotations with risk level “Critical” now require explicit configuration

• Kong App version 5.0.0

  • Updated to upstream chart version 2.48.0
  • Updated Kong ingress controller to 3.4.3
  • Changed default installation to OSS version (Enterprise requires explicit configuration)
  • Dropped support for Kubernetes below v1.26
  • Added customizable CRD version selection

• Proxysocks version 0.1.1

  • Fixed service selector in the Helm chart
  • Initial release with support for credentials

Continuous Deployment

• App version 8.0.0

  • Changed app.Validator interface for admission controller identification
  • Streamlined existence checks for referenced resources

• App Admission Controller version 2.0.0

  • Streamlined validation approach by moving resource existence checks to reconciliation

• App Operator version 7.2.0

  • Decreased default reconciliation interval from 5m to 3m
  • Enhanced reporting of missing resources in App CR status
  • Improved namespace checking before creating resources

• Cluster Apps Operator version 3.2.0

  • Updated app-operator to version v7.2.0

• Konfigure Operator version 0.1.2

  • Initial implementation of configuration management
  • Fixed map filtering logic to respect external annotations and labels
  • Added protection for internal configuration annotations

• Kube Downscaler App version 0.6.1

  • Updated chart’s image
  • Fixed Cilium network policy endpoint selector

Developer Portal

• Backstage version 0.62.0
  • Improved error message styles in deployment details
  • Enhanced resource entity page layout
  • Added links from deployments to corresponding catalog entities
  • Improved installation selection functionality

Observability

• Alloy Rules version 4.54.1

  • Added multi-tenancy support with tenant labeling
  • Fixed and improved various alerts:
    • Enhanced alert for missing teleport access logs
    • Fine-tuned MetricForwardingErrors to avoid triggering on sporadic issues
    • Fixed MonitoringAgentDown to not page for non-deleting clusters
    • Added log-based alerts for CIDRNotAvailable events
    • Improved various alert thresholds and timing

• Cluster API Monitoring App version 1.17.0

  • Set default memory resources to 200Mi

• Dashboards version 4.4.0

  • Added Cilium Agent logs dashboard
  • Added Observability Resource Usage dashboard
  • Added Backstage dashboard

• Grafana App version 2.20.0

  • Upgraded Grafana chart from 8.9.0 to 8.11.3

• Logging Operator version 0.26.1

  • Fine-tuned Alloy logs and events resource usage to avoid impacting customer workloads
  • Fixed schema violations in Alloy logs configuration

• Node Exporter App version 1.20.2

  • Updated dependencies for improved security and stability

• Observability Bundle version 1.12.0

  • Upgraded kube-prometheus-stack from 69.5.1 to 70.1.1
  • Updated Prometheus to 3.2.1
  • Updated Prometheus Operator to 0.81.0

• Observability Operator version 0.23.2

  • Added multi-tenancy support for alerting, recording rules, and remote write
  • Enhanced configuration validation with amtool
  • Improved sharding for metrics across all tenants
  • Configured OpsGenie integration for severity:page alerts
  • Optimized resource usage settings

• Prometheus Meta Operator version 4.88.0

  • Improved resource usage by not loading log-based alerts in Prometheus

• Sloth App version 1.7.0

  • Upgraded to sloth 0.12.0

• Starboard Exporter version 0.8.1

  • Updated Go version and dependencies
  • Addressed code linter findings

Others

• NOS App version 0.1.0

  • Updated container images to 0.1.2
  • Added Cilium network policies for API communication
  • Adapted webhook certificate for platform compatibility

• Zot version 2.1.0

  • Updated to project-zot/helm-charts version 0.1.67
  • Bumped default zot image tag to v2.1.2

• N8n App version 1.5.1

  • Upgraded the upstream helm chart to 1.1.0

Docs

• You can find the new content for the developer portal in this new section.