Highlights

• Apr 20, 2023 Highlights

  Highlights for the week ending April 20, 2023

  Apps

  Security Pack –> Bundle

  • The App formerly known as security-pack has been renamed to security-bundle to align its naming with our other bundles and keep our terminology consistent.
  • security-bundle version 0.13.0 is a major update containing multiple breaking changes since the last release of the security-pack. Please review the instructions in the README prior to attempting to upgrade. This release includes the following noteworthy changes, as well as the App updates described in this announcement.
    • The security-pack App has been renamed to security-bundle.
    • security-bundle must be installed from the giantswarm catalog. It will no longer be published to playground.
    • The default installation namespace has been changed from security-pack to security-bundle. Custom installation namespaces are unaffected by this change.
    • The key kyverno-policies has been renamed to kyvernoPolicies. App value overrides for the kyverno-policies App must now be made under the kyvernoPolicies key.
    • starboard-app has been removed and is no longer installable from the security-bundle. Trivy Operator is installed by default and is a full replacement of Starboard. (starboard-exporter is still actively supported).

  Security Bundle Apps

  • falco-app version v0.5.1 includes a new Kyverno PolicyException permitting Falco to run in clusters enforcing restricted Pod Security Standards.
  • kyverno-app version v0.14.3 updates to Kyverno version 1.9.2 and policy-reporter version 2.18.0. This version includes new Vertical Pod Autoscaler options and performance improvements to increase the AdmissionReport processing speed and reduce the number of reports stored in the cluster.
  • kyverno-policies version v0.18.1 updates to upstream policy version v1.7.5.
  • starboard-exporter version v0.7.3 includes several minor bug fixes and improvements to the Helm chart.
  • trivy-app version 0.8.0 updates to Trivy v0.37.2, supporting newer scanning options and Trivy database formats.
  • trivy-operator-app version 0.3.7 updates to Trivy Operator v0.12.0, enables VPA for the deployment, and includes several additional bug fixes and Helm chart improvements.

  Documentation

  • linkerd-bundle is now generally available from the giantswarm catalog.
  • aws-load-balancer-controller version 1.3.0 automatically sets the annotations needed for AWS authentication with IRSA.
  • external-dns-app version 2.35.1 adds the possibility of injecting any type of credential using values. This is particularly important for installations that rely on the AWS specific values as they will be deprecated in the future. Please read our documentation on this topic for more details.
• Apr 6, 2023 Highlights

  Highlights for the week ending April 06, 2023

  Managed Apps

  • External Secrets Operator We now offer External Secrets Operator both on management clusters, and as a managed app for you to deploy to your workload clusters. This supports the security of your secrets by allowing them to be injected from an external secrets store. For details about this, please see the documentation at https://docs.giantswarm.io/advanced/external-secrets-operator/.

  Documentation

  • GitOps tooling To support you in your GitOps driven delivery, we have added a new page to our documentation that lists some of the more common tools available to help validate manifests before deployment and track resources inside the cluster. This includes an update to our fake flux script to make it more versatile in testing manifests either locally or as part of a pre-deployment pipeline. You can find details on this in our documentation at https://docs.giantswarm.io/advanced/gitops/tools/.
• Mar 30, 2023 Highlights

  Highlights for the week ending March 30, 2023

  Apps

  • Dex-app: We are migrating github single-sign-on for giant swarm engineers. During migration you may see two github connectors for giant swarm engineers configured in dex.
• Mar 23, 2023 Highlights

  Highlights for the week ending March 23, 2023

  Observability

  • Prometheus-agent: New cluster releases contain a new component which enables us to monitor your cluster and provides the best quality of service. Some cluster upgrades might require manual intervention from our side, especially if you are using Prometheus Operator. Feel free to ask our team for any questions or help needed (@support-atlas). In case you want to know more details about why we introduced such a change please read our documentation.
  • Grafana Explore: It is a new feature enabled in your Grafana installation. This allows you to execute PromQL (and LogQL later) queries against metrics we collect from your clusters. See our docs for more information
  • Vertical-Pod-Autoscaler (VPA): New version v.3.3.0 is our with new improvements. Highlight that now VPA auto-scales itself. This version requires updating the existing config. Read the migration docs and feel free to ask our team in case of any doubt (@support-atlas).

  Apps

  • External-dns-app version 2.34.1 adds node-role.kubernetes.io/control-plane to the toleration of CRD install jobs. This update also contains the addition of ServiceMonitor and the addition of default values that were released in version 2.34.0
  • Kyverno-app version v0.14.1 updates to Kyverno version 1.9.2 and policy-reporter version 2.17.0. This version includes performance improvements to increase the AdmissionReports processing speed and reduce the number of reports stored in the cluster.
  • Nginx-ingress-controller-app version 2.27.0 is the second part of our upstream alignment epic. We have added seven helper properties, forty-three deployment properties and adapted our CI to be compliant. Before upgrading, please take care and read the changelog as there are some changes that should be done carefully. In the process of alignment, we have adapted other templates. Additionally, the chart.yaml has been aligned with upstream too. Last but not least, we removed some helpers and deployment properties not needed after the restructuring work. So, please be aware that some of these changes, additions or removals can require modifications from you. We encourage you to read the changelog for not to miss any information.
  • Trivy-app version 0.8.0 updates the Trivy scanner version to v0.37.2, containing various bug fixes and additional support for future scanning features.
• Mar 16, 2023 Highlights

  Highlights for the week ending March 16, 2023

  General

  To satisfy requirements that expand beyond Kubernetes, we now offer Crossplane as a managed solution. This is currently experimental and is known to cause potentially critical performance issues with the cluster it’s running on. With this in mind, whilst we encourage you to experiment with it, we advise you to discuss this with your account engineer prior to installation.

  Apps

  • trivy-operator-app version 0.3.5 updates to Trivy Operator v0.12.0 which brings some features and fixes with it. At the same time, we have tweaked the PriorityLevelConfiguration for the operator so it can handle concurrency edge cases better.
  • Linkerd version 2.12.4 fixes a memory leak in the destination controller, and also includes other bug fixes for the Linkerd control plane, CLI, and extensions. More information here. All dependent components have been upgraded too:
    • linkerd2-cni-app version 0.10.0.
    • linkerd-control-plane-app version 0.11.0.
    • linkerd-multicluster-app version 0.10.0.
    • linkerd-multicluster-link-app version 0.10.0.
    • linkerd-viz-app version 0.09.0.
  • The linkerd-bundle version 0.3.0 updates to the latest Linkerd components.
• Mar 9, 2023 Highlights

  Highlights for the week ending March 9, 2023

  Apps

  • nginx-ingress-controller-app v2.26.0 We are in the process in aligning our nginx-ingress-controller-app in the direction of upstream nginx-ingress controller. In this first step we implemented 16 new service properties. Please be aware of controller.service.clusterIP as the cluster IP of existing services can not be changed. The app deployment might fail when defining this for already installed app instances. Also please be aware of controller.service.healthCheckNodePort as the health check node port of existing services can not be changed. The app deployment might fail when defining this for already installed app instances. All other implemented service properties are mentioned here. Additionally to the new implementations 11 service properties got changed and all values got aligned to upstream NGINX, please also view the changes here. To complete the first step of our alignment we also removed controller.service.internal.labels in favor of controller.service.labels, controller.service.internal.type in favor of controller.service.type, controller.service.internal.ports.httpin favor of controller.service.ports.http and controller.service.internal.ports.https in favor controller.service.ports.https. These changes come straight from nginx-ingress-controller upstream and can also be viewed here.
• Mar 2, 2023 Highlights

  Highlights for the week ending March 2, 2023

  Apps

  • flux-app v0.22 upgrades to support Flux toolkit v0.39.0. It also adds PriorityClass and CiliumNetworkPolicy to improve Flux resilience.
  • kyverno-app version v0.14.0 updates to Kyverno version 1.9.0 and policy-reporter version 2.12.0, introducing new PolicyException and cleanup features.
• Feb 23, 2023 Highlights

  Highlights for the week ending February 23, 2023

  General

  • Prometheus stability: we have adjusted the VPA settings in prometheus-meta-operator@v4.21.0 release in order to improve the management cluster resources usage and the general Prometheus stability.

  User interfaces

  • We have added a new Prometheus / Remote Write dashboard into Grafana dashboards@v2.22.0

  Documentation

  • Prometheus Agent documentation is out, to explain why you might find this component in your clusters.
  • Audit logs documentation is out, to explain what are audit logs and how to collect them.
• Feb 16, 2023 Highlights

  Highlights for the week ending February 16, 2023

  Apps

  • coredns-app v1.14.2 brings an improvement in scaling. It changes the Pod Disruption Budget from maxUnavailable: 1 to maxUnavailable: 25%. Based on our learnings, we have dropped the static replicas value, and let the Horizontal Pod Autoscaler manage the deployment scaling. At the same time, we have configured, via Config Map, the CoreDNS health checks to 5 seconds minimising DNS resolution failures during a CoreDNS pod restart.
  • k8s-dns-node-cache-app v2.0.0 has been released. It introduces a new major version in order to support Cilium CNI in EBPf mode. The new major version should be only used from AWS v19 release and so on.
  • kong-app v3.0.0 This release upgrades Kong to release 3.1.1 which contains breaking changes. Please consider reading the upstream Breaking changes documentation before upgrading. Users of Kong enterprise should read the Kong Gateway changelogs of releases 3.0.0.0 onwards up to 3.1.1.3. The release aligns with the upstream chart version, updates kong/kong to 3.1.1 and updates the Kong ingress controller to 2.8.1. Also the custom resource definitions to those used by the Kong ingress controller [2.8.1] got updated. Conclusion: Changes: Increase default requests/limits to 1 CPU and 2G memory and removes startupProbe from the Kong ingress controller. More information. Breaking Changes: The minReadySeconds value previously found at deployment.kong.minReadySeconds is now configured at path deployment.minReadySeconds.
  • kong-app v3.0.1 Caution: If you are upgrading from chart version lower than 3.0.0, it is necessary to perform an intermediate upgrade to chart version 3.0.0 as this version contains a required migration process for enabling the use of seccompProfiles. At the same time, it changes the default Pod Disruption Budget to move from maxUnavailable: 1 to maxUnavailable: 25% for better scaling. Also, it includes a fix in Horizontal Pod Autoscaler’s API version which detects and prevents the template issue with the custom `dblessconfigom being mounted.
  • nginx-ingress-controller-app v2.24.0 release aligns to latest upstream version and enables the configuration of a default backend. On the other hand, it adds a fix to stop targeting default backend pods with the controller service. Lastly, the release contains a change in the Pod Disruption Budget to move from maxUnavailable: 1 to maxUnavailable: 25% for better scaling.
  • linkerd-bundle v0.1.0 With this release we have bundled all relevant linkerd components to one installation. This bundle contains linkerd-multicluster-app, linkerd-multicluster-link-app, linkerd-viz-app, linkerd-control-plane-app and linkerd2-cni-app. As well as examples, templates and helpers.
• Jan 26, 2023 Highlights

  Highlights for the week ending January 26, 2023

  Apps

  • (Community contribution) starboard-exporter version v0.7.1 allows configuring imagePullSecrets for pulling the exporter from private registries.
  • trivy-operator-app version 0.3.3 improves the operator’s network policy and fixes a bug in the PriorityLevelConfiguration when running small numbers of concurrent scan jobs.
  • flux-app version 0.21.1 upgrades to support Flux toolkit version 0.38.3, major changes introduced in v0.38.0 are detailed here.

• Newer entries
• Older entries