Highlights

  • Highlights for the week ending March 9, 2023

    Apps

    • nginx-ingress-controller-app v2.26.0 We are in the process in aligning our nginx-ingress-controller-app in the direction of upstream nginx-ingress controller. In this first step we implemented 16 new service properties. Please be aware of controller.service.clusterIP as the cluster IP of existing services can not be changed. The app deployment might fail when defining this for already installed app instances. Also please be aware of controller.service.healthCheckNodePort as the health check node port of existing services can not be changed. The app deployment might fail when defining this for already installed app instances. All other implemented service properties are mentioned here. Additionally to the new implementations 11 service properties got changed and all values got aligned to upstream NGINX, please also view the changes here. To complete the first step of our alignment we also removed controller.service.internal.labels in favor of controller.service.labels, controller.service.internal.type in favor of controller.service.type, controller.service.internal.ports.httpin favor of controller.service.ports.http and controller.service.internal.ports.https in favor controller.service.ports.https. These changes come straight from nginx-ingress-controller upstream and can also be viewed here.
  • Highlights for the week ending March 2, 2023

    Apps

    • flux-app v0.22 upgrades to support Flux toolkit v0.39.0. It also adds PriorityClass and CiliumNetworkPolicy to improve Flux resilience.
    • kyverno-app version v0.14.0 updates to Kyverno version 1.9.0 and policy-reporter version 2.12.0, introducing new PolicyException and cleanup features.
  • Highlights for the week ending February 23, 2023

    General

    • Prometheus stability: we have adjusted the VPA settings in prometheus-meta-operator@v4.21.0 release in order to improve the management cluster resources usage and the general Prometheus stability.

    User interfaces

    Documentation

    • Prometheus Agent documentation is out, to explain why you might find this component in your clusters.
    • Audit logs documentation is out, to explain what are audit logs and how to collect them.
  • Highlights for the week ending February 16, 2023

    Apps

    • coredns-app v1.14.2 brings an improvement in scaling. It changes the Pod Disruption Budget from maxUnavailable: 1 to maxUnavailable: 25%. Based on our learnings, we have dropped the static replicas value, and let the Horizontal Pod Autoscaler manage the deployment scaling. At the same time, we have configured, via Config Map, the CoreDNS health checks to 5 seconds minimising DNS resolution failures during a CoreDNS pod restart.
    • k8s-dns-node-cache-app v2.0.0 has been released. It introduces a new major version in order to support Cilium CNI in EBPf mode. The new major version should be only used from AWS v19 release and so on.
    • kong-app v3.0.0 This release upgrades Kong to release 3.1.1 which contains breaking changes. Please consider reading the upstream Breaking changes documentation before upgrading. Users of Kong enterprise should read the Kong Gateway changelogs of releases 3.0.0.0 onwards up to 3.1.1.3. The release aligns with the upstream chart version, updates kong/kong to 3.1.1 and updates the Kong ingress controller to 2.8.1. Also the custom resource definitions to those used by the Kong ingress controller [2.8.1] got updated. Conclusion: Changes: Increase default requests/limits to 1 CPU and 2G memory and removes startupProbe from the Kong ingress controller. More information. Breaking Changes: The minReadySeconds value previously found at deployment.kong.minReadySeconds is now configured at path deployment.minReadySeconds.
    • kong-app v3.0.1 Caution: If you are upgrading from chart version lower than 3.0.0, it is necessary to perform an intermediate upgrade to chart version 3.0.0 as this version contains a required migration process for enabling the use of seccompProfiles. At the same time, it changes the default Pod Disruption Budget to move from maxUnavailable: 1 to maxUnavailable: 25% for better scaling. Also, it includes a fix in Horizontal Pod Autoscaler’s API version which detects and prevents the template issue with the custom `dblessconfigom being mounted.
    • nginx-ingress-controller-app v2.24.0 release aligns to latest upstream version and enables the configuration of a default backend. On the other hand, it adds a fix to stop targeting default backend pods with the controller service. Lastly, the release contains a change in the Pod Disruption Budget to move from maxUnavailable: 1 to maxUnavailable: 25% for better scaling.
    • linkerd-bundle v0.1.0 With this release we have bundled all relevant linkerd components to one installation. This bundle contains linkerd-multicluster-app, linkerd-multicluster-link-app, linkerd-viz-app, linkerd-control-plane-app and linkerd2-cni-app. As well as examples, templates and helpers.
  • Highlights for the week ending January 26, 2023

    Apps

    • (Community contribution) starboard-exporter version v0.7.1 allows configuring imagePullSecrets for pulling the exporter from private registries.
    • trivy-operator-app version 0.3.3 improves the operator’s network policy and fixes a bug in the PriorityLevelConfiguration when running small numbers of concurrent scan jobs.
    • flux-app version 0.21.1 upgrades to support Flux toolkit version 0.38.3, major changes introduced in v0.38.0 are detailed here.
  • Highlights for the week ending January 19, 2023

    General

    With kubectl-gs release version v2.31.0 and happa release version v1.57.0 support for multiple identity provider got added. This means that you can reduce the risk of failure or admit users from different identity providers by connecting multiple identity providers at the same time. Please reach out to us if you need support to implement this feature.

    Apps

    • falco-app version v0.4.3 uses Falco’s much slimmer no-driver image, reducing the size and dependencies contained in the image.
    • kyverno-app version v0.13.1 updates to Kyverno version 1.8.4 and policy-reporter version 2.11.0, bringing considerable resource utilization improvements. This version also excludes the kube-system namespace from Kyverno webhooks by default. kube-system reports can be re-enabled in the app values.
    • security-pack version 0.11.0 includes new versions of all pack components and makes several adjustments to installed apps and configuration. Please refer to the changelog for details.
    • starboard-exporter version v0.7.0 introduces horizontal autoscaling based on Prometheus scrape times.
    • trivy-operator-app version 0.3.2 updates to Trivy operator 0.7.1, aligns some app configuration with new official charts, and disables the secret scanner by default. Exposed secret reports can be re-enabled in the app values.
  • Highlights for the week ending January 12, 2023

    Apps

    Released flux-app version v0.20.2 that contains Flux upgraded to v.37.0 (was v0.36.0) as part of v0.20.0. The major highlights of Flux v0.37.0 are:

    • The interpretation of the gitImplementation field of GitRepository by source-controller and image-automation-controller has been deprecated, and will effectively always use go-git (+ see next item on how to disable forcing this behavior).
    • ImageUpdateAutomation objects with a .spec.PushBranch specified will have the push branch refreshed automatically via force push.
      • In flux-app version v0.20.2 we added a new Helm value: imageAutomationController.featureGatesToDisable - with restricted values of GitForcePushBranch and ForceGoGitImplementation - that can be used to disable this force push behavior by adding GitForcePushBranch to the list. By default no feature gates are disabled
    • ImagePolicy CRD dropped version v1alpha1
    • ImageRepository CRD dropped version v1alpha1
    • ImageUpdateAutomation CRD dropped version v1alpha1

    Additionally flux-app contains the following updates as well:

    • Added capability to attach custom annotations and labels to kustomize-contoller pod via setting the kustomizeController.podTemplate.annotations and kustomizeController.podTemplate.labels fields
    • Added capability to attach custom annotations to the kustomize-controller service account via kustomizeServiceAccount.annotations field
    • Increased memory limits for CRD install job as it was observed to frequently get OOM killed

    User interfaces

    In kubectl-gs v2.29.3 we fixed logging in to clusters running on custom domains.

    Documentation

    There is an entire new platform overview section in our docs.

  • Highlights for the week ending December 15, 2022

    General

    Apps

    Released flux-app version v0.20.2 that contains Flux upgraded to v.37.0 (was v0.36.0) as part of v0.20.0. The major highlights of Flux v0.37.0 are:

    • The interpretation of the gitImplementation field of GitRepository by source-controller and image-automation-controller has been deprecated, and will effectively always use go-git (+ see next item on how to disable forcing this behaviour).
    • ImageUpdateAutomation objects with a .spec.PushBranch specified will have the push branch refreshed automatically via force push.
      • In flux-app version v0.20.2 we added a new Helm value: imageAutomationController.featureGatesToDisable - with restricted values of GitForcePushBranch and ForceGoGitImplementation - that can be used to disable this force push behaviour by adding GitForcePushBranch to the list. By default no feature gates are disabled
    • ImagePolicy CRD dropped version v1alpha1
    • ImageRepository CRD dropped version v1alpha1
    • ImageUpdateAutomation CRD dropped version v1alpha1

    Additionally flux-app contains the following updates as well:

    • Added capability to attach custom annotations and labels to kustomize-contoller pod via setting the kustomizeController.podTemplate.annotations and kustomizeController.podTemplate.labels fields
    • Added capability to attach custom annotations to the kustomize-controller service account via kustomizeServiceAccount.annotations field
    • Increased memory limits for CRD install job as it was observed to frequently get OOM killed

    User interfaces

    In kubectl-gs v2.29.3 we fixed logging in to clusters running on custom domains.

    Documentation

    There is an entire new platform overview section in our docs.

  • Highlights for the week ending December 8, 2022

    General

    In your configuration for Dex (dex-app) in workload clusters, you may notice a new connector named giantswarm-ad. We are adding this one to enable Giant Swarm staff access, authorized via OIDC, using Azure AD as an identity provider. We are currently rolling that out to all installations.

    User interfaces

    The web UI as of v1.54.0 allows installing an app bundle from the app catalog, like the Security Pack, into workload clusters.

  • Highlights for the week ending December 1, 2022

    User interfaces

    Monitoring: Prometheus Volume Size allow to adjust volume size used for cluster monitoring. Monitoring: How to disable it explains how monitoring can be turned off for specific workload clusters.

    Apps

    loki v0.5.3 was released into our public catalog and provided an improved upgrade path from v0.4.x grafana v2.1.0 was released, which upgrade Grafana from 9.1.1 to 9.2.5 but also introduce breaking changes regarding values.yaml structure see v2.0.0. prometheus-operator v2.1.1 was released which fixes an issue related to PodSecurityPolicy.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.