Highlights

• Jun 1, 2023 Highlights

  Highlights for the week ending June 01 2023

  General

  Nothing to be announced

• May 25, 2023 Highlights

  Highlights for the week ending May 25 2023

  General

  Nothing to be announced

• May 18, 2023 Highlights

  Highlights for the week ending May 18 2023

  General

  • All management-cluster Flux installations (flux-system, flux-giantswarm) have been upgraded to Flux v0.41.2.
  • All management-cluster External Secret installations have been upgraded to External Secrets [0.8.1](https://github.com/external-secretsNew /external-secrets/releases/tag/v0.8.1)
  • Crossplane has been upgraded to version v2.2.0 for management clusters which support it.

  Apps

  • crossplane version v2.2.0 upgrades crossplane to version v1.11.3 This is a scoped patch release to better support composition functions
  • external-secrets version v0.5.0 upgrades External Secrets operator to version v0.8.1 introduces a new generator for Vault dynamic secrets and allows for the inclusion of metadataPolicy Fetch for supported backend providers
  • flux-app version v0.23.1 upgrades to support Flux toolkit v0.41.2 introduces flux events command to display events for flux resources, improves memory consumption for Helm controller with up to 50% observed reduction and now includes an opt-in OOM watcher allowing for more graceful termination within helm controller.
  • kyverno-app version v0.14.5 introduces a new Job for ensuring Kyverno webhooks are properly deleted when uninstalling the App and replaces a deprecated label.
  • security-bundle version 0.14.3 (and 0.14.2) includes the Kyverno release from this announcement as well as an update to the Trivy app which makes its VPA behavior configurable.
• May 5, 2023 Highlights

  Highlights for the week ending May 5, 2023

  Apps

  • falco-app version v0.5.2 adds a new Kyverno PolicyException allowing falco to run in clusters enforcing restricted Pod Security Standards, and replaces a deprecated toleration label.
  • kyverno-app version v0.14.4 introduces a new policy limiting the namespaces where Kyverno PolicyExceptions may be created. By default, customer exceptions may be created only in the policy-exceptions namespace.
  • security-bundle version 0.14.1 (and 0.14.0) includes new the versions of Falco, Kyverno, and Trivy Operator mentioned in this announcement. To make App configuration and diffs easier to work with in GitOps workflows, it also changes the way config values are passed to the bundled Apps: rather than passing a single multi-line string containing each App’s configuration, all keys under the App’s top-level key will be copied into the App’s values. This is a breaking configuration change. Users must change all places where they override default values of a security-bundle App. This is typically a one character change, an example of which is available in our PR changing our sample.
  • trivy-operator-app version 0.4.0 updates to upstream Trivy Operator v0.13.2 and introduces Cilium NetworkPolicies to support scanning in Clilium-based clusters.

  Documentation

  • There is a new guide about achieving compliance with Pod Security Standards (PSS). Future releases will require all workloads to be compliant with these new standards, which differ slightly from the now-deprecated Pod Security Policies (PSP). Depending on your organization’s current security policy, this may require some migration effort, so we have provided this guide to encourage early planning and adoption.
• Apr 27, 2023 Highlights

  Highlights for the week ending April 27, 2023

  General

  Apps

  • datadog v2.5.3: the agent has been upgraded to 7.43.0. The App is promoted to the default Giant Swarm catalog. Take into account in version v2.5.1 there is a migration step required.
  • kong-app v3.1.0: kong ingress controller is upgraded to 2.9.3, kong to 3.2.2. The kong upstream chart 2.19.0 brings these changes inside.

  Documentation

  User interfaces

• Apr 20, 2023 Highlights

  Highlights for the week ending April 20, 2023

  Apps

  Security Pack –> Bundle

  • The App formerly known as security-pack has been renamed to security-bundle to align its naming with our other bundles and keep our terminology consistent.
  • security-bundle version 0.13.0 is a major update containing multiple breaking changes since the last release of the security-pack. Please review the instructions in the README prior to attempting to upgrade. This release includes the following noteworthy changes, as well as the App updates described in this announcement.
    • The security-pack App has been renamed to security-bundle.
    • security-bundle must be installed from the giantswarm catalog. It will no longer be published to playground.
    • The default installation namespace has been changed from security-pack to security-bundle. Custom installation namespaces are unaffected by this change.
    • The key kyverno-policies has been renamed to kyvernoPolicies. App value overrides for the kyverno-policies App must now be made under the kyvernoPolicies key.
    • starboard-app has been removed and is no longer installable from the security-bundle. Trivy Operator is installed by default and is a full replacement of Starboard. (starboard-exporter is still actively supported).

  Security Bundle Apps

  • falco-app version v0.5.1 includes a new Kyverno PolicyException permitting Falco to run in clusters enforcing restricted Pod Security Standards.
  • kyverno-app version v0.14.3 updates to Kyverno version 1.9.2 and policy-reporter version 2.18.0. This version includes new Vertical Pod Autoscaler options and performance improvements to increase the AdmissionReport processing speed and reduce the number of reports stored in the cluster.
  • kyverno-policies version v0.18.1 updates to upstream policy version v1.7.5.
  • starboard-exporter version v0.7.3 includes several minor bug fixes and improvements to the Helm chart.
  • trivy-app version 0.8.0 updates to Trivy v0.37.2, supporting newer scanning options and Trivy database formats.
  • trivy-operator-app version 0.3.7 updates to Trivy Operator v0.12.0, enables VPA for the deployment, and includes several additional bug fixes and Helm chart improvements.

  Documentation

  • linkerd-bundle is now generally available from the giantswarm catalog.
  • aws-load-balancer-controller version 1.3.0 automatically sets the annotations needed for AWS authentication with IRSA.
  • external-dns-app version 2.35.1 adds the possibility of injecting any type of credential using values. This is particularly important for installations that rely on the AWS specific values as they will be deprecated in the future. Please read our documentation on this topic for more details.
• Apr 6, 2023 Highlights

  Highlights for the week ending April 06, 2023

  Managed Apps

  • External Secrets Operator We now offer External Secrets Operator both on management clusters, and as a managed app for you to deploy to your workload clusters. This supports the security of your secrets by allowing them to be injected from an external secrets store. For details about this, please see the documentation at https://docs.giantswarm.io/advanced/external-secrets-operator/.

  Documentation

  • GitOps tooling To support you in your GitOps driven delivery, we have added a new page to our documentation that lists some of the more common tools available to help validate manifests before deployment and track resources inside the cluster. This includes an update to our fake flux script to make it more versatile in testing manifests either locally or as part of a pre-deployment pipeline. You can find details on this in our documentation at https://docs.giantswarm.io/advanced/gitops/tools/.
• Mar 30, 2023 Highlights

  Highlights for the week ending March 30, 2023

  Apps

  • Dex-app: We are migrating github single-sign-on for giant swarm engineers. During migration you may see two github connectors for giant swarm engineers configured in dex.
• Mar 23, 2023 Highlights

  Highlights for the week ending March 23, 2023

  Observability

  • Prometheus-agent: New cluster releases contain a new component which enables us to monitor your cluster and provides the best quality of service. Some cluster upgrades might require manual intervention from our side, especially if you are using Prometheus Operator. Feel free to ask our team for any questions or help needed (@support-atlas). In case you want to know more details about why we introduced such a change please read our documentation.
  • Grafana Explore: It is a new feature enabled in your Grafana installation. This allows you to execute PromQL (and LogQL later) queries against metrics we collect from your clusters. See our docs for more information
  • Vertical-Pod-Autoscaler (VPA): New version v.3.3.0 is our with new improvements. Highlight that now VPA auto-scales itself. This version requires updating the existing config. Read the migration docs and feel free to ask our team in case of any doubt (@support-atlas).

  Apps

  • External-dns-app version 2.34.1 adds node-role.kubernetes.io/control-plane to the toleration of CRD install jobs. This update also contains the addition of ServiceMonitor and the addition of default values that were released in version 2.34.0
  • Kyverno-app version v0.14.1 updates to Kyverno version 1.9.2 and policy-reporter version 2.17.0. This version includes performance improvements to increase the AdmissionReports processing speed and reduce the number of reports stored in the cluster.
  • Nginx-ingress-controller-app version 2.27.0 is the second part of our upstream alignment epic. We have added seven helper properties, forty-three deployment properties and adapted our CI to be compliant. Before upgrading, please take care and read the changelog as there are some changes that should be done carefully. In the process of alignment, we have adapted other templates. Additionally, the chart.yaml has been aligned with upstream too. Last but not least, we removed some helpers and deployment properties not needed after the restructuring work. So, please be aware that some of these changes, additions or removals can require modifications from you. We encourage you to read the changelog for not to miss any information.
  • Trivy-app version 0.8.0 updates the Trivy scanner version to v0.37.2, containing various bug fixes and additional support for future scanning features.
• Mar 16, 2023 Highlights

  Highlights for the week ending March 16, 2023

  General

  To satisfy requirements that expand beyond Kubernetes, we now offer Crossplane as a managed solution. This is currently experimental and is known to cause potentially critical performance issues with the cluster it’s running on. With this in mind, whilst we encourage you to experiment with it, we advise you to discuss this with your account engineer prior to installation.

  Apps

  • trivy-operator-app version 0.3.5 updates to Trivy Operator v0.12.0 which brings some features and fixes with it. At the same time, we have tweaked the PriorityLevelConfiguration for the operator so it can handle concurrency edge cases better.
  • Linkerd version 2.12.4 fixes a memory leak in the destination controller, and also includes other bug fixes for the Linkerd control plane, CLI, and extensions. More information here. All dependent components have been upgraded too:
    • linkerd2-cni-app version 0.10.0.
    • linkerd-control-plane-app version 0.11.0.
    • linkerd-multicluster-app version 0.10.0.
    • linkerd-multicluster-link-app version 0.10.0.
    • linkerd-viz-app version 0.09.0.
  • The linkerd-bundle version 0.3.0 updates to the latest Linkerd components.

• Newer entries
• Older entries