Highlights

  • Highlights for the week ending November 22, 2022

    User interfaces

    kubectl gs v2.29.0 brings an important change in the login command. Previously, the more client certificates you would create to access workload clusters, the more the PKI backend performance would get impaired. We fixed this and recommend all users to upgrade to the latest release.

    Apps

    • kyverno-app version v0.12.0 updates to Kyverno version 1.8.2.
    • trivy-app version 0.7.1 makes it possible to use the Vertical Pod Autoscaler (VPA) to manage Trivy resources (on by default).
  • Highlights for the week ending November 17, 2022

    User interfaces

    • kubectl-gs v2.28.2: The kubectl-gs login command no longer writes to the main kubeconfig file in case there are no changes in access tokens and/or the current context. Also setting the --context flag will no longer affect the current context (current-context in kubeconfig).

    Apps

    • falco-app version v0.4.1 makes it possible to use the Vertical Pod Autoscaler (VPA) to manage Falco resources (off by default).
    • kyverno-policies version v0.18.0 updates to upstream kyverno-policies version 1.7.5.
  • Highlights for the week ending November 10, 2022

    User interfaces

    • kubectl-gs v2.28.1 avoids panic in get nodepools when node pool is lacking the release version label and disables kubectl gs template nodepool command for Cluster API (CAPI) based workload Clusters.
    • happa v1.53.0 adds support for read-only cluster and nodepool management for Cluster API provider AWS (CAPA), Update cluster creation message for GCP (Google Cloud Platform) to better reflect actual cluster creation duration and provides links for installed apps to allow navigating to the app’s catalog page and catalog item details page

    Apps

    • dex v1.30.1 updates dex to v2.35.3
    • falco-app version v0.4.0 updates to Falco v0.33.0, falco-exporter v0.8.0, and falcosidekick v2.26.0.
    • flux-app version v0.18.2. This release fixes VerticalPodAutoscaler issues. VPAs are now correctly configured when enabled with a feature flag in values.yaml.
    • kyverno-app version v0.11.8 fixes an issue where kyverno-app would fail to install on clusters using Cilium CNI.
    • linkerd-multicluster version v0.9.0 Update linkerd to stable-2.12.2. In this release the app has been renamed as linkerd-multicluster following upstream’s naming convention.
    • linkerd-multicluster-link version v0.9.0 Update linkerd to stable-2.12.2. In this release the app has been renamed as linkerd-multicluster-link following upstream’s naming convention. Also, the value target.name has been deprecated and replaced with targetClusterName.
    • prometheus-operator-app version v2.0.2. Update prometheus-operator to v0.54.0. This release include breaking changes and values.yaml need to be adapated, see update-changes. It is highly recommended to update prometheus-operator-app. Please reach out if you have any questions or need support to update.
    • prometheus-operator-crd version v2.0.1. Update CRD for prometheus-operator.
    • security-pack version 0.9.0 includes the Falco, Kyverno, Trivy, and Trivy Operator versions and associated improvements included in this announcement.
    • trivy-app version 0.7.0 renames the chart to help standardize services names when deploying as part of the security pack.
    • trivy-operator-app version 0.2.1 changes the trivy server URL to standardize the service name when deploying as part of the security pack.
  • Highlights for the week ending November 3, 2022

    Management API

    As a cluster admin, you now have the ability to view logs from all pods on the management clusters, enabling an additional degree of self-service towards debugging deployments that may be failing for reasons which are not clear from the resource status field. These logs can be accessed via the kubectl logs command.

    Apps

    • flux-app v0.17.0 updates Flux toolkit to v0.36.0, which includes a fix that reduces kustomize-controller’s memory usage by 90%. It contains no breaking changes.
    • k8s-dns-node-cache-appv1.0.0 is promoted to the Giant Swarm catalog together with the latest updates of app components.

    Documentation

    In our changes and releases section, you will from now on find information on changes to cluster apps, starting with AWS, GCP, and OpenStack.

  • Highlights for the week ending October 27, 2022

    Feedback wanted

    • We are currently designing the kubectl-gs CLI command for deleting workload clusters. The specification is available in a public issue. We’d love to see you add comments, ideas, and expectations.
    • Our survey regarding cluster creation is still open. If your organization’s perspective isn’t included yet, you still have some time.

    Apps

    • kong-app version v2.13.0 Update kong/kubernetes-ingress-controller to 2.7.0 and require at least Kubernetes 1.22.
    • linkerd2-cni version v0.8.0 Update linkerd2-cni to stable-2.12.2. In this release the app has been renamed as linkerd2-cni, dropping the -app suffix.
    • linkerd-control-plane version v0.8.0 Update linkerd to stable-2.12.2. In this release the app has been renamed as linkerd-control-plane following upstream’s naming convention.
    • kyverno-app version v0.11.6 updates policy-reporter version 2.10.1.
    • security-pack version 0.8.1 includes the new versions of Kyverno and starboard-exporter described in this announcement.
    • starboard-exporter version v0.6.2 makes the exporter’s ServiceMonitor relabelings user-configurable, enabling custom metric collection and aggregation use cases.
  • Highlights for the week ending October 20, 2022

    User interfaces

    • kubectl-gs v2.25.0 fixes a problem in kubectl gs login with --self-contained, where modifications to an existing file failed.

    Apps

  • Highlights for the week ending October 13, 2022

    User interfaces

    kubectl-gs v2.24.2 fixes several problems with kubectl gs login:

    • For some Linux users the program would wait for the browser application, which it launched for the authentication flow, to close again. In case you would not close the browser window, the process could never finish.
    • Previous versions used to write to the kubeconfig file even if no changes were made. This could cause issues when using kubectl gs in parallel. We made changes to ensure that the kubeconfig is only touched if there are changes.

    Apps

    • kyverno-app version v0.11.3 updates to Kyverno version 1.7.4 and policy-reporter version 2.10.0.
  • Highlights for the week ending October 06, 2022

    User interfaces

    The customer cluster admin group and default:automation service account have now access to Flux logs for debugging issues with the Flux system.

    Apps

    flux-app version v0.16.0 upgrades to support Flux toolkit v0.35.0. Breaking changes: from Flux v0.34.0 onward, Flux controller logs have been aligned with the Kubernetes structured logging, further details here. From Flux v0.35.0, strict validation rules have been put in place for API fields which define a time duration, so values without a time unit (e.g. ms, s, m, h) will now be rejected by the API server.

  • Highlights for the week ending September 30, 2022

    User interfaces

    The kubectl gs login command as of v2.23.0 provides a flag --cn-prefix. This allows to specify the CN of a client certificate issued for workload cluster access, so that the client using the certificate can be mapped to RBAC rules which are bound to a user.

    Apps

    • dex-app now provides Dex v2.34.0.
    • fluent-logshipping-app version v2.0.0: this update supports CRI instead of the docker Format and changes the storage path to not use a tmpfs to not overload the nodes.
    • kyverno-app version v0.11.2 updates to upstream version 1.7.3.
    • security-pack version 0.8.0 includes new versions of all pack components (listed in this announcement), and finishes the switch to Trivy Operator as the default vulnerability scan manager. It is also the first release to be included in the giantswarm catalog. It will be removed from the playground catalog in a future release.
    • security-pack-helper version v0.0.2 initial release supports watching and deleting Kyverno ReportChangeRequest resources when they exceed a configured threshold.
    • starboard-exporter version v0.6.0 disables reconciliation of CISKubeBenchReports by default in support of the switch to Trivy Operator.
    • trivy-app version v0.6.0 updates to Trivy version 0.30.4.
    • trivy-operator-app version v0.2.0 updates to Trivy Operator version 0.2.1, adding support for calling custom webhooks and exposing more configuration options for scan jobs.

    Documentation

    You’ll now find information about our Cluster API architecture in our docs.

  • Highlights for the week ending September 23, 2022

    User interfaces

    As of the latest version, our web UI is ready for use on Google Cloud Platform (GCP) installations.

    kubectl-gs v2.23.0 adds the capability to create a client certificate for workload cluster access with a specific CN prefix. This means you can bind the client presenting this certificate to an RBAC role as a user. Check the login command’s new --cn-prefix flag.

    Documentation

    We now have a dedicated page clarifying the concept and value of app bundles and its place in the app platform.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.