Highlights for the week ending October 20, 2022
User interfaces
- kubectl-gs v2.25.0 fixes a problem in
kubectl gs loginwith--self-contained, where modifications to an existing file failed.
Apps
- dex-app v1.30.0 provides Dex v2.35.3.
Highlights
Highlights for the week ending October 13, 2022
User interfaces
kubectl-gs v2.24.2 fixes several problems with
kubectl gs login:- For some Linux users the program would wait for the browser application, which it launched for the authentication flow, to close again. In case you would not close the browser window, the process could never finish.
- Previous versions used to write to the kubeconfig file even if no changes were made. This could cause issues when using kubectl gs in parallel. We made changes to ensure that the kubeconfig is only touched if there are changes.
Apps
- kyverno-app version v0.11.3 updates to Kyverno version 1.7.4 and policy-reporter version 2.10.0.
Highlights for the week ending October 06, 2022
User interfaces
The customer cluster admin group and
default:automationservice account have now access to Flux logs for debugging issues with the Flux system.Apps
flux-app version v0.16.0 upgrades to support Flux toolkit v0.35.0. Breaking changes: from Flux v0.34.0 onward, Flux controller logs have been aligned with the Kubernetes structured logging, further details here. From Flux v0.35.0, strict validation rules have been put in place for API fields which define a time duration, so values without a time unit (e.g.
ms,s,m,h) will now be rejected by the API server.Highlights for the week ending September 30, 2022
User interfaces
The
kubectl gs logincommand as of v2.23.0 provides a flag--cn-prefix. This allows to specify the CN of a client certificate issued for workload cluster access, so that the client using the certificate can be mapped to RBAC rules which are bound to a user.Apps
- dex-app now provides Dex v2.34.0.
- fluent-logshipping-app version v2.0.0: this update supports CRI instead of the docker Format and changes the storage path to not use a tmpfs to not overload the nodes.
- kyverno-app version v0.11.2 updates to upstream version 1.7.3.
- security-pack version 0.8.0 includes new versions of all pack components (listed in this announcement), and finishes the switch to Trivy Operator as the default vulnerability scan manager. It is also the first release to be included in the
giantswarmcatalog. It will be removed from theplaygroundcatalog in a future release. - security-pack-helper version v0.0.2 initial release supports watching and deleting Kyverno
ReportChangeRequestresources when they exceed a configured threshold. - starboard-exporter version v0.6.0 disables reconciliation of
CISKubeBenchReportsby default in support of the switch to Trivy Operator. - trivy-app version v0.6.0 updates to Trivy version
0.30.4. - trivy-operator-app version v0.2.0 updates to Trivy Operator version
0.2.1, adding support for calling custom webhooks and exposing more configuration options for scan jobs.
Documentation
You’ll now find information about our Cluster API architecture in our docs.
Highlights for the week ending September 23, 2022
User interfaces
As of the latest version, our web UI is ready for use on Google Cloud Platform (GCP) installations.
kubectl-gs v2.23.0 adds the capability to create a client certificate for workload cluster access with a specific CN prefix. This means you can bind the client presenting this certificate to an RBAC role as a user. Check the
logincommand’s new--cn-prefixflag.Documentation
We now have a dedicated page clarifying the concept and value of app bundles and its place in the app platform.
Highlights for the week ending September 15, 2022
User interfaces
In kubectl-gs we have deprecated some flags in three commands, to avoid name conflicts with global flags (which are usable in all commands). You will see a warning when using the deprecated flags. This affects the following commands:
kubectl gs template app: flag--target-namespacereplaces--namespace,--cluster-namereplaces--cluster.kubectl gs template catalog: flag--target-namespacereplaces--namespace.kubectl gs gitops add app: flag--target-namespacereplaces--namespace.
Please move any scripts to the new flags, as the old flags will change their meaning with the next major release of kubectl-gs.
kubectl-gs now also provides a command
get organizations, which is a way for all management API users to list the organizations they have access to.kubectl get organizationsin contrast requires admin permissions.Apps
- cert-manager-app version v2.16.0 Before you upgrade to this release, make sure to read the Upgrading from v1.7 to v1.8 document. Upgrade to upstream image v1.8.2
- gatling-app version v1.1.0 Update Gatling to v3.8.3.
- gatling-app version v2.0.1 Update Gatling to v3.8.4. This upgrade includes changes released in v2.0.0: Complete rework based on fresh Helm chart. Following app related keys of the values.yaml changed: job.* moved to top-level. simulation.configMap.name -> simulation.configmap. simulation.filename -> simulation.file. simulation.name -> simulation.class.
- nginx-ingress-controller-app version v2.17.0 Enable
configmap.use-proxy-protocolby default for AWS. Before this was achieved bycluster-operatorsettingconfigmap.use-proxy-protocolin the cluster values. - prometheus-remotewrite version v0.1.0 With this release we are enabling Prometheus to replicate its data into 3rd party systems like Grafana Cloud or even another Prometheus using its remote APIs. More details can be found in the documentation
- trivy-app version v0.5.0 updates to Trivy version
0.29.2, introducing support for Trivy modules. Thespring4shellmodule is installed by default.
Documentation
We added the Documentation on how to package custom dashboards together with apps instead of packaging them into a custom repository.
Highlights for the week ending September 8, 2022
General
All management-cluster Flux installations (
flux-system,flux-giantswarm) have been upgraded to Flux v0.33.0.User interfaces
We have created the first v0.1.0 release of our gitops-template repo. It includes now all examples showing how to use our GitOps offering to achieve functionality such as management of organizations, workload clusters, secrets encryption, preparing and using app and cluster templates, environments propagation. To make it easier to use, we’re also introducing a new set of commands to our
kubectl gsplugin that will allow you to easily generate parts of the GitOps configuration instead of just copying and changing it.Apps
- flux-app version v0.15.0 upgrades to support Flux toolkit v0.33.0. From v0.32.0 onward, Flux comes with support for distributing Kubernetes manifests, Kustomize overlays and Terraform code as OCI artifacts.
- security-pack version v0.7.0 introduces optional support for
trivy-operatoras the upcoming replacement forstarboard. It also includes the latest Kyverno app release (v0.11.1). - trivy-operator-app version v0.1.0 is the first public release of
trivy-operatorcontaining upstream version 0.1.0. We recommendstarboardusers use this release to assess their readiness to migrate totrivy-operator.
Highlights for the week ending August 19, 2022
User interfaces
We fixed a problem in our web UI that has prevented some non-admin users from logging in. In addition, in the list of apps installed in a cluster, it is now easier to spot the ones that are not in the expected “Deployed” state.
Apps
- kyverno-app version v0.11.0 updates to upstream version 1.7.2, containing several resilience and performance improvements.
- security-pack version v0.6.0 includes the latest Kyverno app release (v0.11.0) as well as minor updates to Starboard exporter (v0.5.1) and Trivy (v0.28.1).
- nginx-ingress-controller-app version v2.15.2 adds support for labels on the metrics service.
- linkerd2-multicluster-link-app version 0.7.2 adds support for pre-created service accounts.
- flux-app version v0.14.0 moves back to manage Flux CRDs via Jobs instead of native Helm 3 support added in
v0.13.0. We added important installation notes to the project’s README.md to clarify the benefits and limitations of this approach. We recommend skippingv0.13.0and usev0.14.0instead.
Highlights for the week ending August 25, 2022
General
Starting today, our weekly product highlights will reach you on Thursday already. That, of course, does not mean that our work week is already over.
Apps
kyverno-app version v0.11.1 updates
policy-reporterand included UIs to version 2.11.1 and sets additional configuration for improving Kyverno’s resilience against rate limiting.nginx-ingress-controller-app version v2.16.0 updates to upstream controller version v1.3.0, removes support for kubernetes v1.19.0 and increases default replica number to 2.
Highlights for the week ending August 12, 2022
User interfaces
For apps installed in a workload cluster, the web UI now shows the name of the App resource (in case it’s not identical with the app’s name in the catalog). This makes it easier to distinguish several apps of the same type, e. g. if you have NGINX Ingress controller installed multiple times.
We also improved the display of an App resources’ deployment status.
kubectl-gs since version 2.19.0 consistently supports flags related to the kubectl config in all commands, including
--kubeconfigfor the path to a config file,--contextfor selecting a context,--cluster,--useretc.Documentation
We added documentation on how to use cert-manager to automatically obtain TLS certificates for ingresses.