Highlights

• Nov 23, 2023 Highlights

  Highlights for the week ending Nov 23 2023

  Linkerd

  • linkerd2-cni version v1.4.0
  • linkerd-control-plane version v1.3.0
  • linkerd-viz version v1.4.0

  These three releases have been upgraded to Linkerd v2.14.3. For more Information about the Linkerd v2.14.3 changes, please take a look at the official release notes

• Nov 16, 2023 Highlights

  Highlights for the week ending Nov 16 2023

  General

  • Logging infrastructure is now available on AWS and CAPA management clusters.
    • Loki and Promtail are deployed on AWS and CAPA management clusters
    • You can query for following Logs:
      • Kubernetes Pods
      • Audit logs from Kubernetes API server
      • Systemd units
    • Logs retention is set to 1 month
    • Only Management cluster Logs are available (for now)
    • Access Logs using Grafana, see usage doc

  Falco

  • Falco 0.7.0 is released. It means the underlying component version is higher than 0.36.0. The update contains falcoctl tool which helps to administrate Falco configuration and audit the state of the system. From now on Falco images will not be longer shipped with rules inside the image. Instead, they will use an init container to download the rules from an official repository and will check frequently for updates. As a consequence, the amount of rules Falco installs has drastically been lowered, and the previous ruleset has been divided into several categories, Standard, Incubating, and Sandbox. This reduces the noise in general but in case the previous ruleset is required, it is possible to enable this using the command line tool. For more information about the new situation, check Falco’s new rules repository.
• Oct 12, 2023 Highlights

  Highlights for the week ending October 10 2023

  Apps

  security-bundle versions 1.1.0 and 0.18.0 With these two releases we include two new tools supporting migration away from Pod Security Policies, exception-recommender and kyverno-policy-operator. With exception-recommender analyzes the current policy reports in a cluster get analyzed and based on the results a Giant Swarm PolicyExceptionDrafts gets generated. Once the drafts have been reviewed and accepted, kyverno-policy-operator takes the resulting Giant Swarm PolicyExceptions and generates the necessary Kyverno resources to allow workloads to continue running.

  Documentation

  We have started the migration away from Pod Security Policies! Therefore we have added a cluster administrator migration guide containing all information about the new Policy API and all the assistive tooling available to help you securely migrate workloads off of PSPs. Reach out for any questions regarding the Pod Security Policies to Pod Security Standards migration

• Sep 14, 2023 Highlights

  Highlights for the week ending September 14 2023

  Management API

  • We introduced the new custom resource RoleBindingTemplate to all management clusters. It allows dynamic creation and deletion of RoleBindings across organizations. Read the docs for more information.

  App

  • kyverno-policies-ux version v0.6.0 introduces a new mechanism that prevents the accidental deletion of resources with the giantswarm.io/prevent-deletion label. Read the docs for more information.
• Aug 31, 2023 Highlights

  Highlights for the week ending August 31 2023

  aws-load-balancer

  • aws-load-balancer-controller-app version v1.3.4, migrates from monitoring labels to ServiceMonitor and introduces a new Pod Security Policy for Cluster API support (versions behind Kubernetes 1.25).

  external-dns

  • external-dns version v2.39.0 replaces monitoring labels with ServiceMonitor CR, adds minAllowed in VPA to avoid OOMs and increases memory limits.

  kyverno

  • kyverno-app version v0.15.1(and v0.15.0) updates to the highly anticipated Kyverno version 1.10.2. This release brings major architectural changes to the Kyverno controllers as well as breaking changes to the upstream Helm chart. During the upgrade to 0.15.0 or 0.15.1, existing Kyverno deployments will be briefly scaled to 0 and replaced with the new version. Important: The Helm schema has changed to reflect the new deployment structure, so if you are overriding Helm values, review the release notes and upgrade guide to ensure any relevant configuration will still apply to the new controllers. These changes include significant stability and performance improvements and VPA support for more Kyverno components.

  linkerd

  • linkerd2-cni version v1.1.0 upgrades to Linkerd v2.13.6.
  • linkerd-control-plane version v1.1.0 upgrades to Linkerd v2.13.6.
  • linkerd-viz version v1.3.0, upgrades to Linkerd v2.13.6 and brings better defaults for production environments and pod distribution budgets.

  For more Information about the Linkerd v2.13.6 changes, please take a look at the official release notes

  ingress-nginx

  • We spent the last months reworking our ingress-nginx-app by aligning it to the upstream ingress-nginx project. This is necessary to be future-proof, feature compliant, and offer the best ingress experience possible. Therefore we want to announce the first public stable release of our new ingress-nginx chart. This release includes breaking changes if you are currently using v2.x.x. We set up a migration guide to make the upgrade as smooth as possible. Notable changes requiring your attention and/or manual intervention, like renaming, deprecating or removing values, have been highlighted below. Even though we highly recommend upgrading to this and future releases, v2.x.x will continue receiving bug fixes as long as possible.

  All feedback regarding this release, its changes, or our migration guide is very welcome!

• Jul 27, 2023 Highlights

  Highlights for the week ending July 27 2023

  Nginx Ingress Controller

  We have spent the last months reworking our nginx-ingress-controller-app by aligning it to the upstream ingress-nginx project. This is necessary to be future-proof, feature compliant, and offer the best ingress experience possible. Therefore we want to announce the first public beta release of our new ingress-nginx chart.

  The stable release v3.0.0 will be cut as soon as all possible bugs have been fixed and improvements have been implemented. For our beta release we added all changes mentioned in our alpha1 release.

  To have a flawless experience we wrote a migration guide. This guide contains a step-by-step guide which replaces your old app deployment to upgrade the chart without any major outages.

  All feedback and questions regarding the beta release, its changes and our migration guide are very welcome. Reach us in the support channel if necessary.

  Warning: Do not install the beta release in production environments.

  Apps

  • flux version v0.24.0. We have improved the security by updating the default securityContext values to comply with our Pod Security Standard policies.
  • crossplane version v2.3.0 We updated Crossplane to v1.12.2 Please check the Crossplane Changelog for all changes announced.
  • external-secrets version v0.6.4. In preparation to have cilium CNI running we have split the original and cilium network policies instead of excluding each other by condition.
• Jun 29, 2023 Highlights

  Highlights for the week ending June 29 2023

  General

  Apps

  • kyverno-app version v0.14.9 adds two new parameters in the configuration of the policy-reporter. Now the policy-reporter scrapeTimeout and interval are configurable. This allows more collection time in clusters with many policies.
  • security-bundle version 1.0.1 is the first release intended to be installed by default on Kubernetes 1.25 and later. It disables PSPs in favor of enforced Kyverno PSS restricted policies. New platform releases are shipped with this new version by default. We will inform you in the platform release notes about the change and steps you need to take to upgrade, as it may require removing or modifying Kyverno or Security Bundle apps prior to upgrade More info about the change can be read here.

  Note: For the clusters running Kubernetes v1.24 or earlier you should continue running security-bundle with pre-1.0.0 bundle versions.

• Jun 22, 2023 Highlights

  Highlights for the week ending June 22 2023

  General

  • Nothing to be announced
• Jun 15, 2023 Highlights

  Highlights for the week ending June 15 2023

  Apps

  This week we would like to announce our first stable app release for following apps:

  • linkerd2-cni version v1.0.0
  • linkerd-control-plane version v1.0.0
  • linkerd-viz version v1.0.0

  These three releases are upgraded to Linkerd v2.13.4. For more Information about the Linkerd v2.13.4 changes, please take a look at the official release notes

• Jun 8, 2023 Highlights

  Highlights for the week ending June 08 2023

  General

  Nothing to be announced

• Newer entries
• Older entries