Highlights

  • Highlights for the week ending June 24, 2022

    General

    Apps

    • Loki v0.4.0 updates to Loki Upstream Chart v0.48.5 and updates Loki to v.2.5.0. This release has some breaking changes - please see the Changelog for instructions.
    • Loki v0.4.1 sets loki config.auth_enabled to false by default.
    • Promtail v.0.3.2 updates the upstream chart to v6.0.0 and Promtail to v.2.5.0. This update contains some breaking changes, please see the Changelog for instructions.
    • Cert-Manager v2.14.0 We fixed the broken relative URLs in the Readme. Updates to Upstream Image v1.7.2 which completely removes cert-manager API versions v1alpha2, v1alpha3, and v1beta1. If you need to upgrade your resources, this document explains the process.
    • Grafana-app v1.0.0 Upgrade upstream chart from version 6.24.1 to 6.31.0, and grafana from 8.4.2 to 9.0.1. This release includes a small set of breaking changes that you can check here. This release also allows some existing values to be templetized (tpl function) and adds a bit more configurability options (e.g. network policies).
  • Highlights for the week ending June 17, 2022

    General

    With nginx-ingress-controller-app release v2.12.1 we updated the controller image to fix the upstream issue which fixes CVE-2021-25748. It is highly recommended to update all nginx-ingress-controller-app installations.

    Apps

    • kyverno-app version v0.10.1 updates the CRDs installed by Kyverno to match the upstream version 1.6.2 CRDs.
    • security-pack version v0.3.1 updates kyverno-app to v0.10.1.
    • trivy-operator-app version v0.0.1 is the first release for testing trivy-operator, which is intended to eventually replace starboard. App version 0.0.1 contains upstream version 0.0.5.

    User interfaces

    With kubectl gs release v2.14.0, the service priority cluster label can be set when using the template cluster command with the --service-priority flag.

    You can also set the service priority label during cluster creation via the web UI, and inspect cluster labels in their raw format from the cluster details page.

  • Highlights for the week ending June 10, 2022

    General

    We are introducing a service priority classification for workload clusters. You will see this being rolled out in various parts of our user interfaces, in documentation, and in monitoring. Please check our documentation to learn more.

    User interfaces

    kubectl gs will print the cluster’s service priority when using get clusters. The template cluster command now includes the service priority cluster label by default, setting the priority to the highest value.

    Apps

    nginx-ingress-controller-app version v2.12.1: Update controller container image to v1.2.1 which removes the root and alias directives from the internal NGINX. (#311).

    Documentation

    There is a new documentation article explaining the permission inspection function in our web UI.

  • Highlights for the week ending June 03, 2022

    General

    With nginx-ingress-controller-app release v2.11.0 we added fixes for CVE-2021-25745 and CVE-2021-25746. Please also see the upstream issue for CVE-2021-25745 and the upstream issue for CVE-2021-25746. It is highly recommended to update all nginx-ingress-controller-app installations.

    User interfaces

    You can now inspect permissions for service accounts via the web UI, in addition to users and groups.

    Apps

    • kong-app version v2.10.0 updates to upstream version 2.8.2 and changes default values to more evenly schedule of pods.

    Documentation

    We completely updated our article on labelling workload clusters and added information on a new recommended label for indicating a cluster’s importance.

  • Highlights for the week ending May 27, 2022

    Apps

    flux-app version v0.11.0 updates to upstream version v0.30.2.

    vertical-pod-autoscaler-app version v2.4.0 Use patched docker image tagged 0.10.0-oomfix for recommender and updater and fixes the issue that VPA can not detect out of memory. Please also see VPA not detecting OOM

    User interfaces

    In our web UI’s new function to inspect permission, we now also show kubectl commands to gather similar information from the Management API using a CLI.

    We fixed the end of life date shown for Kubernetes 1.21 to June 28 in accordance with upstream. Our apologies for falsely showing the EOL label previously!

  • Highlights for the week ending May 20, 2022

    User interfaces

    Via the web UI, you can now not only inspect your own permissions for the Management API. As an admin, you can also inspect permissions for a specific group or user. If you use the web UI with single sign-on, please try it out! You’ll find the function in the user menu (top right) under Permissions.

    The kubectl gs get apps command output now provides a new column NOTES where you can find useful information in case a deployment of an app failed. Check the documentation for an example.

    kubectl gs login for creating a workload cluster certificate now supports arbitrary context names, in case you don’t want to name them after our convention, starting with a gs-.

  • Highlights for the week ending May 13, 2022

    User interfaces

    Our web UI, as of v1.42.0, provides a great new feature to all customers with single sign-on (SSO). As a user you can now inspect which permissions you have in the Management API, with regard to certain use cases and individually for each organization.

    The kubectl-gs commands for creating cluster and node pool resources (kubect gs template cluster and kubect gs template nodepool) now produce v1beta1 resources (previously v1alpha2 on AWS and v1alpha3 on Azure).

    Documentation

    In case you wonder how to access the Management API from your pipeline, this is for you: we now have a dedicated page on how to authenticate with the Management API for programmatic access. The article provides step by step instructions and a shell script explaining how to create a kubectl config file that includes service account credentials.

    Apps

    nginx-ingress-controller-app version v2.12.0 drops support for cluster.profile and reduces default resource requests.

    external-dns-app version v2.11.0 adds support for DNSEndpoint custom resources.

    linkerd2-app version v0.7.0 updates to upstream version stable-2.11.2. Before upgrading to this release, please upgrade linkerd2-cni-app to v0.7.0

    linkerd2-cni-app version v0.7.0 updates to upstream version stable-2.11.2. This release should be used together with linkerd2-app v0.7.0

  • Highlights for the week ending May 06, 2022

    Apps

    • dex-app v1.25.0 contains an update to the upstream version v2.31.1, which includes security patches for dependencies. This version also includes support for OIDC group name prefixing for the LDAP connector, and provides more details in token refresh logs to facilitate debugging.
  • Highlights for the week ending April 29, 2022

    Apps

    • security-pack version v0.2.0 upgrades to Starboard (app) v0.7.1, Trivy (app) v0.3.0, and starboard-exporter v0.4.0, including new security scan types, new available metrics, and various performance and stability improvements.
    • starboard-app version v0.7.1 (including v0.7.0) updates to Starboard version 0.15.3, introducing support for ClusterComplianceReport generation including an in-cluster benchmark for the NSA + CISA Kubernetes Hardening Guide.
    • starboard-exporter version v0.4.1 (including v0.4.0) adds support for collecting ConfigAuditReport metrics, and introduces a configurable load-spreading feature to reduce the spikiness of the exporter’s resource consumption.
    • trivy-app version v0.3.0 updates to Trivy version 0.25.0.

    User interfaces

    The web UI now displays which cgroups version a node pool uses. This requires the web UI to be using the Management API.

  • Highlights for the week ending April 22, 2022

    General

    This week we have provided updates for nginx-ingress-controller-app, external-dns-app and fluent-logshipping-app. Aditionally kubectl-gs is now available for Windows.

    Apps

    • nginx-ingress-controller-app v2.11.0 upgrades the ingress-nginx controller container image to v1.2.0. Among other changes, this release introduces deep inspection on Ingress objects. This may increase CPU usage.
    • external-dns-app v2.10.0 updates the container image of external-dns to v0.11.0
    • fluent-logshipping-app v0.7.1 and v0.7.0 updates fluentbit to v1.9.1 and disables fluentbit if no inputs or outputs are defined. ´log_stream_prefix´ is deprecated for cloudwatch_logs plugin and therefor moved to ´log_stream_name´

    User interfaces

    kubectl-gs is now available for Windows. If you already have kubectl and Krew installed, all it takes is kubectl krew install gs. For more information, please head to the installation docs.

    The web UI now allows to retry creating a cluster or node pool, in case the form submission fails.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.