Changes and Releases
Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.
Fixed
- Fix memory usage calculation in
nodes-overviewandcluster-overviewdashboards by usingnode_memory_MemAvailable_bytesinstead ofnode_memory_MemFree_bytes, which incorrectly excluded cached/buffered memory from free memory
Changed
- Update DNS dashboard
- Add new node and pod filters
- Update variables description and query to use coredns_build_info as label source
- Remove cache prefetch panel since the metric is gone
- Fix DNS dashboard log panels
Kube-Builder Operatorsdashboard: add a logs datasource selector
- Fix memory usage calculation in
Changed
- Upgraded chart dependency to kube-prometheus-stack-82.4.3
- prometheus-operator to 0.89.0
- kube-state-metrics from 7.0.0 to 7.2.0
- Upgraded chart dependency to kube-prometheus-stack-82.4.3
Changed
- Upgraded chart dependency to kube-prometheus-stack-82.4.3
- prometheus-operator to 0.89.0
- kube-state-metrics from 7.0.0 to 7.2.0
- Upgraded chart dependency to kube-prometheus-stack-82.4.3
Added
- Add Crossplane support for Azure (CAPZ) blob storage provisioning with the following resources:
- Storage Accounts and Blob Containers for mimir, ruler, and alertmanager components
- ManagementPolicy for automatic blob expiration (configurable per component)
- PrivateEndpoint for private cluster deployments (when
crossplane.private: true)
- Tags from AzureCluster CR are automatically merged with user-provided tags (keys sanitized for Azure compatibility)
- Storage account names are automatically derived and sanitized from container names to meet Azure naming requirements
- Add Crossplane support for Azure (CAPZ) blob storage provisioning with the following resources:
Changed
- Improve CNPG templates.
Fixed
- Fix crossplane azure container tags.
Added
- Create AWS cluster role identity roles and bindings when the operator runs in capa.
Changes compared to v34.0.0
Components
- cluster-aws from v7.2.5 to v7.4.0
- Flatcar from v4459.2.2 to v4459.2.3
- Kubernetes from v1.34.3 to v1.34.5
- os-tooling from v1.26.3 to v1.26.4
cluster-aws v7.2.5…v7.4.0
Added
- Add JSON schema validation patterns for
global.providerSpecific.region. - Add JSON schema validation patterns for
global.providerSpecific.awsAccountId. - Add JSON schema validation patterns for
global.controlPlane.instanceTypeand node poolinstanceType. - Add JSON schema
maxLength: 20constraint forglobal.metadata.name, aligning with the constraint enforced by our kyverno policies.
Changed
- Values: Use container registries from
clusterchart. - Karpenter: Provide proxy configuration.
- AWS EBS CSI Driver & Karpenter: Reduce interval and enable drift detection.\
- Install the
aws-ebs-csi-driver-bundlethat contains theaws-ebs-csi-driverapp, together with the crossplane resources to manage the AWS IAM Roles required by the app. - Install the
karpenter-bundlethat contains thekarpenterapp, together with the crossplane custom resources to manage the AWS resources required bykarpenter. - Use
clusterchart values for Karpenter kubeletsystemReservedandkubeReservedconfiguration instead of hardcoded values. - Set correct
maxPodsvalue for karpenter node pools, based on the configurednodeCidrMaskSize, but capped at 110 pods. - Always install the
karpenter-bundle, regardless of whether karpenter node pools are configured. This is useful when deleting karpenter node pools, because otherwise the karpenter app was being removed and karpenter did not have time to clean up the node pools. - Allow CertManager to use DNS challenges on non-private clusters.
Fixed
- Install node-termination-handler bundle even if falling back to default node pools. No workers could come up without NTH, so
nodePools: {}(= use default node pools) did not create a working cluster.
Apps
- aws-ebs-csi-driver from v3.4.1 to v4.1.1
- aws-ebs-csi-driver-servicemonitors from v0.1.0 to v0.1.2
- aws-pod-identity-webhook from v2.1.0 to v2.2.0
- cert-exporter from v2.9.15 to v2.9.16
- cert-manager from v3.9.4 to v3.11.0
- chart-operator-extensions from v1.1.2 to v1.1.3
- cilium from v1.3.4 to v1.4.1
- cilium-servicemonitors from v0.1.3 to v0.1.4
- cluster-autoscaler from v1.34.1-1 to v1.34.3-1
- coredns-extensions from v0.1.2 to v0.1.3
- etcd-defrag from v1.2.3 to v1.2.4
- etcd-k8s-res-count-exporter from v1.10.12 to v1.10.14
- irsa-servicemonitors from v0.1.0 to v0.1.1
- k8s-audit-metrics from v0.10.11 to v0.10.13
- k8s-dns-node-cache from v2.9.1 to v2.9.2
- karpenter from v1.4.0 to v2.1.0
- karpenter-taint-remover from v1.0.1 to v1.0.2
- metrics-server from v2.7.0 to v2.8.0
- net-exporter from v1.23.0 to v1.23.1
- node-exporter from v1.20.10 to v1.20.11
- observability-bundle from v2.5.0 to v2.6.0
- observability-policies from v0.0.3 to v0.0.4
- priority-classes from v0.3.0 to v0.3.1
- prometheus-blackbox-exporter from v0.5.0 to v0.5.1
- security-bundle from v1.16.1 to v1.17.0
- teleport-kube-agent from v0.10.7 to v0.10.8
- vertical-pod-autoscaler from v6.1.1 to v6.1.2
- vertical-pod-autoscaler-crd from v4.1.1 to v4.1.2
aws-ebs-csi-driver v3.4.1…v4.1.1
Added
- Introduce bundle chart architecture with Crossplane IAM resources.
- Add
aws-ebs-csi-driver-app-bundlechart that includes: - Crossplane IAM Role with EBS CSI driver permissions
- Flux HelmRelease to deploy the workload cluster chart
- ConfigMap for values passthrough
- Bundle chart is installed on the management cluster and deploys the app chart to the workload cluster
- IAM role uses OIDC federation (IRSA) and reads configuration from
<clusterID>-crossplane-configConfigMap - Both charts share the same version and are released together
- Add
Changed
- Refactor crossplane config data retrieval. Fail installation if the ConfigMap can’t be found, otherwise the chart was creating invalid IAM roles.
- Change IAM role name for the ebs-csi-driver-controller, to differentiate it from the old one managed by the iam-operator.
- Remove dependency for the cloud-provider-aws in the aws-ebs-csi-driver HelmRelease. That dependency should be set in the bundle HelmRelease by the provider cluster chart
- Update CircleCI configuration to push both app and bundle charts
- Update README with bundle architecture documentation
Fixed
- Fix boolean type of the expansion
- Allow volume expansion by default on gp3
aws-ebs-csi-driver-servicemonitors v0.1.0…v0.1.2
Changed
- Migrate to App Build Suite (ABS).
Fixed
- Remove duplicate
application.giantswarm.io/teamlabel in PodMonitor that caused install failure. The label is already included via the common labels helper.
aws-pod-identity-webhook v2.1.0…v2.2.0
Changed
- Sanitize
Chart.Versionwhen used in labels due to flux appending the artifact digest to the version.
cert-exporter v2.9.15…v2.9.16
Changed
- Go: Update dependencies.
cert-manager v3.9.4…v3.11.0
Added
- Add Vertical Pod Autoscaler (VPA) support for webhook pods.
- Add
io.giantswarm.application.audienceandio.giantswarm.application.managedchart annotations for Backstage visibility. - Add PodLogs for log collection.
Fixed
- Fix
controllerVertical Pod Autoscaler (VPA) resource syntax.
chart-operator-extensions v1.1.2…v1.1.3
Changed
- Migrate Chart.yaml annotations to new format as per https://docs.giantswarm.io/reference/platform-api/chart-metadata/
cilium v1.3.4…v1.4.1
Changed
- Upgrade Cilium to v1.19.1.
- Upgrade Cilium to v1.19.0.
- Update chart icon to use Giant Swarm-hosted Cilium icon.
- Upgrade Cilium to v1.18.7.
cilium-servicemonitors v0.1.3…v0.1.4
Changed
- Migrate chart metadata annotations
cluster-autoscaler v1.34.1-1…v1.34.3-1
Changed
- Chart: Update to upstream v1.34.3.
- Chart: Update to upstream v1.34.2.
etcd-defrag v1.2.3…v1.2.4
Changed
- Chart: Update dependency ahrtr/etcd-defrag to v0.37.0. (#78)
etcd-k8s-res-count-exporter v1.10.12…v1.10.14
Changed
- Migrate to App Build Suite (ABS) for Helm chart building.
- Go: Update dependencies.
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value. - Removed
resource.psphelm value.
irsa-servicemonitors v0.1.0…v0.1.1
Changed
- Migrate to App Build Suite (ABS) for building and publishing Helm charts.
k8s-audit-metrics v0.10.11…v0.10.13
Changed
- Migrate to App Build Suite (ABS) for Helm chart building.
- Go: Update dependencies.
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value. - Removed
resource.psphelm value.
k8s-dns-node-cache v2.9.1…v2.9.2
Changed
- Upgrade application to version 1.26.7 (includes coredns 1.13.1)
karpenter v1.4.0…v2.1.0
Added
- Add
PodLogsandPodMonitorcustom resources for observability data ingestion. - Deployment: Add HTTP proxy support.
- Add e2e tests for this app.
- Add
karpenter-bundlechart that consolidateskarpenter-appandkarpenter-crossplane-resourcesinto a single deployable bundle. The bundle includes:- HelmRelease and OCIRepository for deploying karpenter to workload clusters
- IAM roles for karpenter and nodeclassgenerator via Crossplane
- SQS queue and CloudWatch event rules for interruption handling
Fixed
- Use only
clustertestv3 instead of v2 and v3. We also upgraded toapptest-frameworkv3 due to this.
karpenter-taint-remover v1.0.1…v1.0.2
Changed
- Migrate to App Build Suite (ABS) for building and publishing Helm charts.
metrics-server v2.7.0…v2.8.0
Changed
- Upgrade metrics-server to v0.8.1.
- Change team annotation in
Chart.yamlto OpenContainers format (io.giantswarm.application.team).
net-exporter v1.23.0…v1.23.1
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value.
node-exporter v1.20.10…v1.20.11
Changed
- Migrate to App Build Suite (ABS) for building and publishing Helm charts.
Fixed
- Removed duplicated
applabel which is already added by the selector helper.
observability-bundle v2.5.0…v2.6.0
Added
- Add KSM metrics for Gateway API resources
observability-policies v0.0.3…v0.0.4
Changed
- Rename app to
observability-policies - Change team annotation in
Chart.yamlto OpenContainers format (io.giantswarm.application.team).
priority-classes v0.3.0…v0.3.1
Fixed
- Sanitize
Chart.Versionused in labels. This is needed because flux apapends the digest to the version using the+character which is not allowed in labels.
prometheus-blackbox-exporter v0.5.0…v0.5.1
Changed
- Migrate to App Build Suite (ABS) for Helm chart building.
security-bundle v1.16.1…v1.17.0
Changed
- Update
kyverno(app) to v0.23.0. - Update
kyverno-crds(app) to v1.16.0. - Update
reports-server(app) to v0.1.0. - Update
cloudnative-pg(app) to v0.0.13. - Update
kubescape(app) to v0.0.5. - Update
starboard-exporter(app) to v1.0.2.
teleport-kube-agent v0.10.7…v0.10.8
Added
- Add
io.giantswarm.application.audienceandio.giantswarm.application.managedchart annotations for Backstage visibility.
Changed
- Migrate chart metadata annotations to OCI-compatible format.
vertical-pod-autoscaler v6.1.1…v6.1.2
Fixed
- Pushed helm chart to OCI repository.
vertical-pod-autoscaler-crd v4.1.1…v4.1.2
Fixed
- Pushed helm chart to OCI repository.
Changes compared to v34.0.0
Components
- cluster-cloud-director from v3.1.2 to v3.1.3
- Flatcar from v4459.2.2 to v4459.2.3
- Kubernetes from v1.34.3 to v1.34.5
- os-tooling from v1.26.3 to v1.26.4
cluster-cloud-director v3.1.2…v3.1.3
Changed
- Values: Enable management cluster registry cache for
gsoci.azurecr.io.
Apps
- cert-exporter from v2.9.15 to v2.9.16
- cert-manager from v3.9.4 to v3.11.0
- chart-operator-extensions from v1.1.2 to v1.1.3
- cilium from v1.3.4 to v1.4.1
- cilium-servicemonitors from v0.1.3 to v0.1.4
- coredns-extensions from v0.1.2 to v0.1.3
- etcd-defrag from v1.2.3 to v1.2.4
- etcd-k8s-res-count-exporter from v1.10.12 to v1.10.14
- k8s-dns-node-cache from v2.9.1 to v2.9.2
- metrics-server from v2.7.0 to v2.8.0
- net-exporter from v1.23.0 to v1.23.1
- node-exporter from v1.20.10 to v1.20.11
- observability-bundle from v2.5.0 to v2.6.0
- observability-policies from v0.0.3 to v0.0.4
- priority-classes from v0.3.0 to v0.3.1
- security-bundle from v1.16.1 to v1.17.0
- teleport-kube-agent from v0.10.7 to v0.10.8
- vertical-pod-autoscaler from v6.1.1 to v6.1.2
- vertical-pod-autoscaler-crd from v4.1.1 to v4.1.2
cert-exporter v2.9.15…v2.9.16
Changed
- Go: Update dependencies.
cert-manager v3.9.4…v3.11.0
Added
- Add Vertical Pod Autoscaler (VPA) support for webhook pods.
- Add
io.giantswarm.application.audienceandio.giantswarm.application.managedchart annotations for Backstage visibility. - Add PodLogs for log collection.
Fixed
- Fix
controllerVertical Pod Autoscaler (VPA) resource syntax.
chart-operator-extensions v1.1.2…v1.1.3
Changed
- Migrate Chart.yaml annotations to new format as per https://docs.giantswarm.io/reference/platform-api/chart-metadata/
cilium v1.3.4…v1.4.1
Changed
- Upgrade Cilium to v1.19.1.
- Upgrade Cilium to v1.19.0.
- Update chart icon to use Giant Swarm-hosted Cilium icon.
- Upgrade Cilium to v1.18.7.
cilium-servicemonitors v0.1.3…v0.1.4
Changed
- Migrate chart metadata annotations
etcd-defrag v1.2.3…v1.2.4
Changed
- Chart: Update dependency ahrtr/etcd-defrag to v0.37.0. (#78)
etcd-k8s-res-count-exporter v1.10.12…v1.10.14
Changed
- Migrate to App Build Suite (ABS) for Helm chart building.
- Go: Update dependencies.
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value. - Removed
resource.psphelm value.
k8s-dns-node-cache v2.9.1…v2.9.2
Changed
- Upgrade application to version 1.26.7 (includes coredns 1.13.1)
metrics-server v2.7.0…v2.8.0
Changed
- Upgrade metrics-server to v0.8.1.
- Change team annotation in
Chart.yamlto OpenContainers format (io.giantswarm.application.team).
net-exporter v1.23.0…v1.23.1
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value.
node-exporter v1.20.10…v1.20.11
Changed
- Migrate to App Build Suite (ABS) for building and publishing Helm charts.
Fixed
- Removed duplicated
applabel which is already added by the selector helper.
observability-bundle v2.5.0…v2.6.0
Added
- Add KSM metrics for Gateway API resources
observability-policies v0.0.3…v0.0.4
Changed
- Rename app to
observability-policies - Change team annotation in
Chart.yamlto OpenContainers format (io.giantswarm.application.team).
priority-classes v0.3.0…v0.3.1
Fixed
- Sanitize
Chart.Versionused in labels. This is needed because flux apapends the digest to the version using the+character which is not allowed in labels.
security-bundle v1.16.1…v1.17.0
Changed
- Update
kyverno(app) to v0.23.0. - Update
kyverno-crds(app) to v1.16.0. - Update
reports-server(app) to v0.1.0. - Update
cloudnative-pg(app) to v0.0.13. - Update
kubescape(app) to v0.0.5. - Update
starboard-exporter(app) to v1.0.2.
teleport-kube-agent v0.10.7…v0.10.8
Added
- Add
io.giantswarm.application.audienceandio.giantswarm.application.managedchart annotations for Backstage visibility.
Changed
- Migrate chart metadata annotations to OCI-compatible format.
vertical-pod-autoscaler v6.1.1…v6.1.2
Fixed
- Pushed helm chart to OCI repository.
vertical-pod-autoscaler-crd v4.1.1…v4.1.2
Fixed
- Pushed helm chart to OCI repository.
Changes compared to v34.0.0
Components
- cluster-azure from v5.1.2 to v5.3.0
- Flatcar from v4459.2.2 to v4459.2.3
- Kubernetes from v1.34.3 to v1.34.5
- os-tooling from v1.26.3 to v1.26.4
cluster-azure v5.1.2…v5.3.0
Changed
- Values: Update default instance size to
D4as_v5. - Values: Use container registries from
clusterchart. - Allow CertManager to use DNS challenges on non-private clusters.
Apps
- cert-exporter from v2.9.15 to v2.9.16
- cert-manager from v3.9.4 to v3.11.0
- chart-operator-extensions from v1.1.2 to v1.1.3
- cilium from v1.3.4 to v1.4.1
- cilium-servicemonitors from v0.1.3 to v0.1.4
- coredns-extensions from v0.1.2 to v0.1.3
- etcd-defrag from v1.2.3 to v1.2.4
- etcd-k8s-res-count-exporter from v1.10.12 to v1.10.14
- k8s-audit-metrics from v0.10.11 to v0.10.13
- k8s-dns-node-cache from v2.9.1 to v2.9.2
- metrics-server from v2.7.0 to v2.8.0
- net-exporter from v1.23.0 to v1.23.1
- node-exporter from v1.20.10 to v1.20.11
- observability-bundle from v2.5.0 to v2.6.0
- observability-policies from v0.0.3 to v0.0.4
- priority-classes from v0.3.0 to v0.3.1
- prometheus-blackbox-exporter from v0.5.0 to v0.5.1
- security-bundle from v1.16.1 to v1.17.0
- teleport-kube-agent from v0.10.7 to v0.10.8
- vertical-pod-autoscaler from v6.1.1 to v6.1.2
- vertical-pod-autoscaler-crd from v4.1.1 to v4.1.2
cert-exporter v2.9.15…v2.9.16
Changed
- Go: Update dependencies.
cert-manager v3.9.4…v3.11.0
Added
- Add Vertical Pod Autoscaler (VPA) support for webhook pods.
- Add
io.giantswarm.application.audienceandio.giantswarm.application.managedchart annotations for Backstage visibility. - Add PodLogs for log collection.
Fixed
- Fix
controllerVertical Pod Autoscaler (VPA) resource syntax.
chart-operator-extensions v1.1.2…v1.1.3
Changed
- Migrate Chart.yaml annotations to new format as per https://docs.giantswarm.io/reference/platform-api/chart-metadata/
cilium v1.3.4…v1.4.1
Changed
- Upgrade Cilium to v1.19.1.
- Upgrade Cilium to v1.19.0.
- Update chart icon to use Giant Swarm-hosted Cilium icon.
- Upgrade Cilium to v1.18.7.
cilium-servicemonitors v0.1.3…v0.1.4
Changed
- Migrate chart metadata annotations
etcd-defrag v1.2.3…v1.2.4
Changed
- Chart: Update dependency ahrtr/etcd-defrag to v0.37.0. (#78)
etcd-k8s-res-count-exporter v1.10.12…v1.10.14
Changed
- Migrate to App Build Suite (ABS) for Helm chart building.
- Go: Update dependencies.
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value. - Removed
resource.psphelm value.
k8s-audit-metrics v0.10.11…v0.10.13
Changed
- Migrate to App Build Suite (ABS) for Helm chart building.
- Go: Update dependencies.
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value. - Removed
resource.psphelm value.
k8s-dns-node-cache v2.9.1…v2.9.2
Changed
- Upgrade application to version 1.26.7 (includes coredns 1.13.1)
metrics-server v2.7.0…v2.8.0
Changed
- Upgrade metrics-server to v0.8.1.
- Change team annotation in
Chart.yamlto OpenContainers format (io.giantswarm.application.team).
net-exporter v1.23.0…v1.23.1
Removed
- Removed
PodSecurityPolicy. - Removed
global.podSecurityStandards.enforcedhelm value.
node-exporter v1.20.10…v1.20.11
Changed
- Migrate to App Build Suite (ABS) for building and publishing Helm charts.
Fixed
- Removed duplicated
applabel which is already added by the selector helper.
observability-bundle v2.5.0…v2.6.0
Added
- Add KSM metrics for Gateway API resources
observability-policies v0.0.3…v0.0.4
Changed
- Rename app to
observability-policies - Change team annotation in
Chart.yamlto OpenContainers format (io.giantswarm.application.team).
priority-classes v0.3.0…v0.3.1
Fixed
- Sanitize
Chart.Versionused in labels. This is needed because flux apapends the digest to the version using the+character which is not allowed in labels.
prometheus-blackbox-exporter v0.5.0…v0.5.1
Changed
- Migrate to App Build Suite (ABS) for Helm chart building.
security-bundle v1.16.1…v1.17.0
Changed
- Update
kyverno(app) to v0.23.0. - Update
kyverno-crds(app) to v1.16.0. - Update
reports-server(app) to v0.1.0. - Update
cloudnative-pg(app) to v0.0.13. - Update
kubescape(app) to v0.0.5. - Update
starboard-exporter(app) to v1.0.2.
teleport-kube-agent v0.10.7…v0.10.8
Added
- Add
io.giantswarm.application.audienceandio.giantswarm.application.managedchart annotations for Backstage visibility.
Changed
- Migrate chart metadata annotations to OCI-compatible format.
vertical-pod-autoscaler v6.1.1…v6.1.2
Fixed
- Pushed helm chart to OCI repository.
vertical-pod-autoscaler-crd v4.1.1…v4.1.2
Fixed
- Pushed helm chart to OCI repository.