Highlights

  • Highlights for the week ending February 4, 2022

    User interfaces

    • kubectl-gs v2.0.0 has been released, removing some old flags that were previously deprecated and replaced by others. Also adding some options to the template app command.

    Apps

    Documentation

    • As our next releases for AWS and Azure will provide cgroups v2, which is known to conflict with some applications (especially older Java runtime environments), we provide documentation on how to activate cgroups v1 in selected node pools.
    • We extended our documentation for the kubectl gs login command to provide more information for accessing workload clusters.
    • We improved the GitOps documentation around Role-Based Access and how it ties in to Management API.
  • Highlights for the week ending January 28, 2022

    Apps

    • external-dns-app v2.9.0 contains changes to mitigate rate limiting on AWS clusters. Please check the changelog for additional notes if you already specify ‘–aws-batch-change-interval’ or ‘–aws-zones-cache-duration’.
    • nginx-ingress-controller-app v2.8.0 contains a potential breaking change, and disables the configuration setting ‘use-forwarded-headers’ by default, to increase security. Please check the changelog for additional notes if you require this configuration.

    Documentation

    • We added documentation for creating an app catalog for deploying apps using Helm charts from the community or publishing your own apps.
  • Highlights for the week ending January 21, 2022

    Apps

    • kong-app v2.5.0 adds startup probes to allow for longer boot times in large clusters.
    • nginx-ingress-controller-app v2.7.0 updates to controller image v1.1.1, among other improvements. Please note, previous versions are not compatible with Kubernetes versions greater than 1.22.

    User interfaces

    • In Organisations, Happa now displays the description for Access Control roles.
    • Kubectl gs:
      • template app command supports installation of MC Apps with the --in-cluster flag.
      • login command now allows deletion of the required CertConfig resource only, instead of all, for a namespace.
  • Highlights for the week ending January 14, 2022

    Apps

    • falco-app v0.2.0 Update to upstream charts: Falco 1.16.2/0.30.0, exporter 0.6.3/0.6.0, sidekick 0.4.4/2.24.0.
    • kong-app v2.4.0 upgrades to upstream v2.6.4. This release includes breaking changes, it is recommended to check the changelog for specific details.
    • Dex monitoring is now available through our Public Grafana ( Docs here )

    User interfaces

    If you haven’t done so yet, please upgrade your kubectl-gs version to 1.58.2, to prevent an issue with the login command when creating workload cluster certificates.

    In the web UI on KVM installations, we fixed a problem that prevented clusters from being deleted. Also the number of apps with a pending upgrade is now calculated correctly.

    Management API

    • rbac-operator v0.19.0 added user-friendly descriptions to created ClusterRole resources, via annotations using the giantswarm.io/notes key and changed the CI build process to use architect-orb.
    • kyverno-policies v0.13.0 added policies-openstack for OpenStack-specific policies and added policy for OpenStack which defaults failureDomain based on MachineDeployment request’s machine-deployment.giantswarm.io/failure-domain label.
  • Highlights for the week ending December 17, 2021

    Apps

    User interfaces

    The new update cluster command in kubectl-gs allows to upgrade a workload cluster, either immediately or at some scheduled point in the future. See the documentation for more details.

  • Highlights for the week ending December 10, 2021

    Apps

    • flux-app v0.8.0 includes helm-controller fix to reduce memory usage by downgrading Helm from 3.7.1 to 3.6.3.
    • dex-app v1.21.0 contains update to the upstream version v2.30.2
  • Highlights for the week ending December 03, 2021

    Apps

    User interfaces

    In kubectl-gs we had to make the --release flag mandatory, which specifies the workload cluster release version in the template cluster and template nodepool subcommands.

  • Highlights for the week ending November 26, 2021

    Apps

    Dex now supports more than one customer connector. If you plan to admit users from different identity providers to workload clusters, please give this a try and contact us in case you have questions.

    User interfaces

    In the web UI, we fixed a problem that prevented users with legacy accounts to use the “Forgot password” form.

    Documentation

    We added an FAQ page on kubectl-gs as well as a page to help with migration from gsctl.

  • Highlights for the week ending November 19, 2021

    Apps

    AWS LB Controller is now available! Find it in the managed apps catalog.

    oauth2-proxy version v7.2.0 is now available, as well as support for configuring extra arguments (per provider, or for all providers).

    User interfaces

    In the Web UI, we now guide users to create a node pool after cluster creation.

    On AWS in the node pool creation UI - spot instances are now disabled by default and can be enabled by toggling “Enable spot instances” in the node pool creation form.

    Added --self-contained flag to kubectl-gs login command for workload clusters to allow the output of standalone kubeconfig file. This file can be passed on to other users without management cluster access.

    You can now specify a Service Account token when logging in, to help automation use cases.

    Documentation

    Added documentation on how to scale down workload clusters and silence alerts for a specified period of time. This can be used, for example, to limit workload clusters costs.

  • Highlights for the week ending November 12, 2021

    Apps

    Flux v0.7.0 provides the Flux Toolkit version 0.21.0 and adds service discovery labels for Prometheus, so that metrics are scraped.

    User interfaces

    In the web UI, we now display if a cluster has upgrades scheduled.

    kubectl gs login has been improved in several ways. Most importantly, the command now also supports using a service account token for authentication via the --token flag. This facilitates creation of workload cluster client certificates especially in automation. (Docs)

    Additionally, when creating a client certificate for a workload cluster, the flag --organization is now optional as long as the workload cluster name is unique.

    kubectl gs will also notify you when using an outdated plugin version. When that happens, the new kubectl gs selfupdate command allows to update the plugin to the latest version, for those not using Krew.

    Management API

    For kubectl get apps.application.giantswarm.io (or just kubectl get apps) we changed the output columns for the App CRD. With that, for apps installed in workload clusters, you can now differentiate the installed version from the desired version.

    In automation, please make sure to use JSON or YAML output of kubectl get commands instead if plain text, so your implementation is not affected by a change like the above.

    Monitoring

    If you are using Flux CD in the management cluster for your own good, you’ll want to check out the two new Grafana dashboards on Flux CD metrics which we added this week. Flux Cluster Stats showcases reconcilers and operator data, while Flux Control Plane will give you an insight into resource usage, number of API requests, and ongoing operation rates.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.