Highlights

• May 20, 2022 Highlights

  Highlights for the week ending May 20, 2022

  User interfaces

  Via the web UI, you can now not only inspect your own permissions for the Management API. As an admin, you can also inspect permissions for a specific group or user. If you use the web UI with single sign-on, please try it out! You’ll find the function in the user menu (top right) under Permissions.

  The kubectl gs get apps command output now provides a new column NOTES where you can find useful information in case a deployment of an app failed. Check the documentation for an example.

  kubectl gs login for creating a workload cluster certificate now supports arbitrary context names, in case you don’t want to name them after our convention, starting with a gs-.

• May 13, 2022 Highlights

  Highlights for the week ending May 13, 2022

  User interfaces

  Our web UI, as of v1.42.0, provides a great new feature to all customers with single sign-on (SSO). As a user you can now inspect which permissions you have in the Management API, with regard to certain use cases and individually for each organization.

  The kubectl-gs commands for creating cluster and node pool resources (kubect gs template cluster and kubect gs template nodepool) now produce v1beta1 resources (previously v1alpha2 on AWS and v1alpha3 on Azure).

  Documentation

  In case you wonder how to access the Management API from your pipeline, this is for you: we now have a dedicated page on how to authenticate with the Management API for programmatic access. The article provides step by step instructions and a shell script explaining how to create a kubectl config file that includes service account credentials.

  Apps

  nginx-ingress-controller-app version v2.12.0 drops support for cluster.profile and reduces default resource requests.

  external-dns-app version v2.11.0 adds support for DNSEndpoint custom resources.

  linkerd2-app version v0.7.0 updates to upstream version stable-2.11.2. Before upgrading to this release, please upgrade linkerd2-cni-app to v0.7.0

  linkerd2-cni-app version v0.7.0 updates to upstream version stable-2.11.2. This release should be used together with linkerd2-app v0.7.0

• May 6, 2022 Highlights

  Highlights for the week ending May 06, 2022

  Apps

  • dex-app v1.25.0 contains an update to the upstream version v2.31.1, which includes security patches for dependencies. This version also includes support for OIDC group name prefixing for the LDAP connector, and provides more details in token refresh logs to facilitate debugging.
• Apr 29, 2022 Highlights

  Highlights for the week ending April 29, 2022

  Apps

  • security-pack version v0.2.0 upgrades to Starboard (app) v0.7.1, Trivy (app) v0.3.0, and starboard-exporter v0.4.0, including new security scan types, new available metrics, and various performance and stability improvements.
  • starboard-app version v0.7.1 (including v0.7.0) updates to Starboard version 0.15.3, introducing support for ClusterComplianceReport generation including an in-cluster benchmark for the NSA + CISA Kubernetes Hardening Guide.
  • starboard-exporter version v0.4.1 (including v0.4.0) adds support for collecting ConfigAuditReport metrics, and introduces a configurable load-spreading feature to reduce the spikiness of the exporter’s resource consumption.
  • trivy-app version v0.3.0 updates to Trivy version 0.25.0.

  User interfaces

  The web UI now displays which cgroups version a node pool uses. This requires the web UI to be using the Management API.

• Apr 22, 2022 Highlights

  Highlights for the week ending April 22, 2022

  General

  This week we have provided updates for nginx-ingress-controller-app, external-dns-app and fluent-logshipping-app. Aditionally kubectl-gs is now available for Windows.

  Apps

  • nginx-ingress-controller-app v2.11.0 upgrades the ingress-nginx controller container image to v1.2.0. Among other changes, this release introduces deep inspection on Ingress objects. This may increase CPU usage.
  • external-dns-app v2.10.0 updates the container image of external-dns to v0.11.0
  • fluent-logshipping-app v0.7.1 and v0.7.0 updates fluentbit to v1.9.1 and disables fluentbit if no inputs or outputs are defined. ´log_stream_prefix´ is deprecated for cloudwatch_logs plugin and therefor moved to ´log_stream_name´

  User interfaces

  kubectl-gs is now available for Windows. If you already have kubectl and Krew installed, all it takes is kubectl krew install gs. For more information, please head to the installation docs.

  The web UI now allows to retry creating a cluster or node pool, in case the form submission fails.

• Apr 12, 2022 Highlights

  Highlights for the week ending April 15, 2022

  Apps

  • aws-load-balancer-kontroller-app version v1.2.0 enables PodDisruptionBudget to prevent unavailability of the admission webhook during cluster maintenance
  • prometheus-meta-operator version v3.2.0 changes Management Cluster with CAPI are reconciled in PMO. Fixes etcd service discovery for CAPI clusters. Removed skip resource.
  • fluent-logshipping-app version v0.6.7 Fixes issue with systemd log format. Updates systemd lib from 241 to 247.
  • kong-app version v2.9.0 aligns with upstream chart version. Updates Kong ingress controller to 2.3.1 and Kong to 2.8.1. This fixes OpenSSL CVE-2022-0778.

  User interfaces

  When installing apps into workload clusters via the web UI, it is now much easier to see what cluster you are installing to. Also we are displaying in the catalog which apps are installed in that cluster already.

  Documentation

  We improved our kubectl-gs installation instructions so they are easier to follow and we added info for ARM binaries for Linux and macOS.

• Apr 8, 2022 Highlights

  Highlights for the week ending April 8, 2022

  Apps

  • dashboards versions v2.1.0 and v2.0.0 adds all dashboards form g8s-grafana, grafana sidecar annotation to all config maps, dashboard for ceph cluster usage in KVM. Splits each dashboards in specific configmaps and makes the mixin dashboard private.
  • efk-stack-app version v0.7.3 adds team annotations in Chart.yaml for alert routing and fixes deprecated api for rbac.
  • kyverno-app version v0.10.0 updates to Kyverno version 1.6.2 including performance and stability improvements.
  • kyverno-policies version v0.17.1 includes policies for enforcing Kubernetes Pod Security Standards (PSS). This is the first release of this app intended for use outside Giant Swarm’s own clusters.
  • nginx-ingress-controller-app versions v2.10.0 and v2.1.4 fix CVE-2022-0778 in OpenSSL and CVE-2022-23308 in libxml2.
  • security-pack version v0.1.0 enables Kyverno installation by default, updates to Falco app version 0.3.2, and includes the kyverno-policies app for PSS policy enforcement.

  Documentation

  The first iteration of our GitOps template repository gitops-template is available. It covers documented examples that show how we envision management of Giant Swarm resources (organizations, workload cluster templates and instances) with GitOps. This template is the pattern we recommend and support. This is still a work in progress: we will continue adding more use cases so major changes and revisions could happen.

• Apr 1, 2022 Highlights

  Highlights for the week ending April 1, 2022

  User interfaces

  In our Web UI we now explain how to upgrade a cluster via the Management API (spoiler: kubectl gs update cluster) if an upgrade is available. On Azure you’ll now also find information regarding the Azure Tenant in which the workload cluster is running.

  In Grafana you have a new dashboard Kubernetes Proxy, which you can use to drill down into the kube-proxy metrics of your workload clusters.

• Mar 25, 2022 Highlights

  Highlights for the week ending March 25, 2022

  Apps

  • falco-app v0.3.2 changes the default driver from the kernel module to ebpf, supporting Linux kernel versions used in CAPI clusters.
  • security-pack v0.0.1 has been released to the playground catalog as convenient way to install multiple security pack components at once.
  • starboard-app v0.6.0 updates to Starboard version 0.14.1 and uses the newer Trivy 0.24.0 backend.
  • trivy-app v0.2.0 updates to Trivy version 0.24.0.

  User interfaces

  The kubectl gs template catalog command provides a new flag --visibility to control whether the catalog should be visible in the web interface.

  Documentation

  For customers using clusters on AWS or Azure, we added more information on how to spread workloads over several availability zones for better availability/resilience. If you haven’t heard of topologySpreadConstraints before, check our example.

• Mar 18, 2022 Highlights

  Highlights for the week ending March 18, 2022

  Apps

  New version release:

  • Dex-app v2.31.0 is available and contains bug fixes, mainly.
  • aws-load-balancer-controller-app v1.1.0 updates to AWS LoadBalancer Controller version v2.4.1. This release uses the new Ingress API version networking.k8s.io/v1 available in kubernetes 1.19 and later releases.
  • flux-app v0.10.0 upgrade to upstream flux toolkit version 0.27.3 that enables cross-namespace reference for image-controller.
  • kyverno-app v0.9.0 have Pod Disruption Budget enabled by default to improve stability during cluster upgrades.

  User interfaces

  In our latest Web UI, the top navigation, organization selection, and user menu have been improved to work in much more narrow viewports. This will simplify the use in a narrow browser window.

• Newer entries
• Older entries