Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • Changed

    • Upgrade Alloy upstream chart from 1.6.0 to 1.6.1 (CHANGELOG)
      • This bumps the version of Alloy from 1.13.0 to 1.13.2 (CHANGELOG)
  • Fixed

    • Fix memory usage calculation in nodes-overview and cluster-overview dashboards by using node_memory_MemAvailable_bytes instead of node_memory_MemFree_bytes, which incorrectly excluded cached/buffered memory from free memory

    Changed

    • Update DNS dashboard
      • Add new node and pod filters
      • Update variables description and query to use coredns_build_info as label source
      • Remove cache prefetch panel since the metric is gone
      • Fix DNS dashboard log panels
    • Kube-Builder Operators dashboard: add a logs datasource selector
  • Changed

  • Changed

  • Added

    • Add Crossplane support for Azure (CAPZ) blob storage provisioning with the following resources:
      • Storage Accounts and Blob Containers for mimir, ruler, and alertmanager components
      • ManagementPolicy for automatic blob expiration (configurable per component)
      • PrivateEndpoint for private cluster deployments (when crossplane.private: true)
    • Tags from AzureCluster CR are automatically merged with user-provided tags (keys sanitized for Azure compatibility)
    • Storage account names are automatically derived and sanitized from container names to meet Azure naming requirements
  • Changed

    • Improve CNPG templates.

    Fixed

    • Fix crossplane azure container tags.
  • Added

    • Create AWS cluster role identity roles and bindings when the operator runs in capa.
  • Changes compared to v34.0.0

    Components

    • cluster-aws from v7.2.5 to v7.4.0
    • Flatcar from v4459.2.2 to v4459.2.3
    • Kubernetes from v1.34.3 to v1.34.5
    • os-tooling from v1.26.3 to v1.26.4

    cluster-aws v7.2.5…v7.4.0

    Added

    • Add JSON schema validation patterns for global.providerSpecific.region.
    • Add JSON schema validation patterns for global.providerSpecific.awsAccountId.
    • Add JSON schema validation patterns for global.controlPlane.instanceType and node pool instanceType.
    • Add JSON schema maxLength: 20 constraint for global.metadata.name, aligning with the constraint enforced by our kyverno policies.

    Changed

    • Values: Use container registries from cluster chart.
    • Karpenter: Provide proxy configuration.
    • AWS EBS CSI Driver & Karpenter: Reduce interval and enable drift detection.\
    • Install the aws-ebs-csi-driver-bundle that contains the aws-ebs-csi-driver app, together with the crossplane resources to manage the AWS IAM Roles required by the app.
    • Install the karpenter-bundle that contains the karpenter app, together with the crossplane custom resources to manage the AWS resources required by karpenter.
    • Use cluster chart values for Karpenter kubelet systemReserved and kubeReserved configuration instead of hardcoded values.
    • Set correct maxPods value for karpenter node pools, based on the configured nodeCidrMaskSize, but capped at 110 pods.
    • Always install the karpenter-bundle, regardless of whether karpenter node pools are configured. This is useful when deleting karpenter node pools, because otherwise the karpenter app was being removed and karpenter did not have time to clean up the node pools.
    • Allow CertManager to use DNS challenges on non-private clusters.

    Fixed

    • Install node-termination-handler bundle even if falling back to default node pools. No workers could come up without NTH, so nodePools: {} (= use default node pools) did not create a working cluster.

    Apps

    • aws-ebs-csi-driver from v3.4.1 to v4.1.1
    • aws-ebs-csi-driver-servicemonitors from v0.1.0 to v0.1.2
    • aws-pod-identity-webhook from v2.1.0 to v2.2.0
    • cert-exporter from v2.9.15 to v2.9.16
    • cert-manager from v3.9.4 to v3.11.0
    • chart-operator-extensions from v1.1.2 to v1.1.3
    • cilium from v1.3.4 to v1.4.1
    • cilium-servicemonitors from v0.1.3 to v0.1.4
    • cluster-autoscaler from v1.34.1-1 to v1.34.3-1
    • coredns-extensions from v0.1.2 to v0.1.3
    • etcd-defrag from v1.2.3 to v1.2.4
    • etcd-k8s-res-count-exporter from v1.10.12 to v1.10.14
    • irsa-servicemonitors from v0.1.0 to v0.1.1
    • k8s-audit-metrics from v0.10.11 to v0.10.13
    • k8s-dns-node-cache from v2.9.1 to v2.9.2
    • karpenter from v1.4.0 to v2.1.0
    • karpenter-taint-remover from v1.0.1 to v1.0.2
    • metrics-server from v2.7.0 to v2.8.0
    • net-exporter from v1.23.0 to v1.23.1
    • node-exporter from v1.20.10 to v1.20.11
    • observability-bundle from v2.5.0 to v2.6.0
    • observability-policies from v0.0.3 to v0.0.4
    • priority-classes from v0.3.0 to v0.3.1
    • prometheus-blackbox-exporter from v0.5.0 to v0.5.1
    • security-bundle from v1.16.1 to v1.17.0
    • teleport-kube-agent from v0.10.7 to v0.10.8
    • vertical-pod-autoscaler from v6.1.1 to v6.1.2
    • vertical-pod-autoscaler-crd from v4.1.1 to v4.1.2

    aws-ebs-csi-driver v3.4.1…v4.1.1

    Added

    • Introduce bundle chart architecture with Crossplane IAM resources.
      • Add aws-ebs-csi-driver-app-bundle chart that includes:
      • Crossplane IAM Role with EBS CSI driver permissions
      • Flux HelmRelease to deploy the workload cluster chart
      • ConfigMap for values passthrough
      • Bundle chart is installed on the management cluster and deploys the app chart to the workload cluster
      • IAM role uses OIDC federation (IRSA) and reads configuration from <clusterID>-crossplane-config ConfigMap
      • Both charts share the same version and are released together

    Changed

    • Refactor crossplane config data retrieval. Fail installation if the ConfigMap can’t be found, otherwise the chart was creating invalid IAM roles.
    • Change IAM role name for the ebs-csi-driver-controller, to differentiate it from the old one managed by the iam-operator.
    • Remove dependency for the cloud-provider-aws in the aws-ebs-csi-driver HelmRelease. That dependency should be set in the bundle HelmRelease by the provider cluster chart
    • Update CircleCI configuration to push both app and bundle charts
    • Update README with bundle architecture documentation

    Fixed

    • Fix boolean type of the expansion
    • Allow volume expansion by default on gp3

    aws-ebs-csi-driver-servicemonitors v0.1.0…v0.1.2

    Changed

    • Migrate to App Build Suite (ABS).

    Fixed

    • Remove duplicate application.giantswarm.io/team label in PodMonitor that caused install failure. The label is already included via the common labels helper.

    aws-pod-identity-webhook v2.1.0…v2.2.0

    Changed

    • Sanitize Chart.Version when used in labels due to flux appending the artifact digest to the version.

    cert-exporter v2.9.15…v2.9.16

    Changed

    • Go: Update dependencies.

    cert-manager v3.9.4…v3.11.0

    Added

    • Add Vertical Pod Autoscaler (VPA) support for webhook pods.
    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.
    • Add PodLogs for log collection.

    Fixed

    • Fix controller Vertical Pod Autoscaler (VPA) resource syntax.

    chart-operator-extensions v1.1.2…v1.1.3

    Changed

    cilium v1.3.4…v1.4.1

    Changed

    • Upgrade Cilium to v1.19.1.
    • Upgrade Cilium to v1.19.0.
    • Update chart icon to use Giant Swarm-hosted Cilium icon.
    • Upgrade Cilium to v1.18.7.

    cilium-servicemonitors v0.1.3…v0.1.4

    Changed

    • Migrate chart metadata annotations

    cluster-autoscaler v1.34.1-1…v1.34.3-1

    Changed

    • Chart: Update to upstream v1.34.3.
    • Chart: Update to upstream v1.34.2.

    etcd-defrag v1.2.3…v1.2.4

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.37.0. (#78)

    etcd-k8s-res-count-exporter v1.10.12…v1.10.14

    Changed

    • Migrate to App Build Suite (ABS) for Helm chart building.
    • Go: Update dependencies.

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.
    • Removed resource.psp helm value.

    irsa-servicemonitors v0.1.0…v0.1.1

    Changed

    • Migrate to App Build Suite (ABS) for building and publishing Helm charts.

    k8s-audit-metrics v0.10.11…v0.10.13

    Changed

    • Migrate to App Build Suite (ABS) for Helm chart building.
    • Go: Update dependencies.

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.
    • Removed resource.psp helm value.

    k8s-dns-node-cache v2.9.1…v2.9.2

    Changed

    • Upgrade application to version 1.26.7 (includes coredns 1.13.1)

    karpenter v1.4.0…v2.1.0

    Added

    • Add PodLogs and PodMonitor custom resources for observability data ingestion.
    • Deployment: Add HTTP proxy support.
    • Add e2e tests for this app.
    • Add karpenter-bundle chart that consolidates karpenter-app and karpenter-crossplane-resources into a single deployable bundle. The bundle includes:
      • HelmRelease and OCIRepository for deploying karpenter to workload clusters
      • IAM roles for karpenter and nodeclassgenerator via Crossplane
      • SQS queue and CloudWatch event rules for interruption handling

    Fixed

    • Use only clustertest v3 instead of v2 and v3. We also upgraded to apptest-framework v3 due to this.

    karpenter-taint-remover v1.0.1…v1.0.2

    Changed

    • Migrate to App Build Suite (ABS) for building and publishing Helm charts.

    metrics-server v2.7.0…v2.8.0

    Changed

    • Upgrade metrics-server to v0.8.1.
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).

    net-exporter v1.23.0…v1.23.1

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.

    node-exporter v1.20.10…v1.20.11

    Changed

    • Migrate to App Build Suite (ABS) for building and publishing Helm charts.

    Fixed

    • Removed duplicated app label which is already added by the selector helper.

    observability-bundle v2.5.0…v2.6.0

    Added

    • Add KSM metrics for Gateway API resources

    observability-policies v0.0.3…v0.0.4

    Changed

    • Rename app to observability-policies
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).

    priority-classes v0.3.0…v0.3.1

    Fixed

    • Sanitize Chart.Version used in labels. This is needed because flux apapends the digest to the version using the + character which is not allowed in labels.

    prometheus-blackbox-exporter v0.5.0…v0.5.1

    Changed

    • Migrate to App Build Suite (ABS) for Helm chart building.

    security-bundle v1.16.1…v1.17.0

    Changed

    • Update kyverno (app) to v0.23.0.
    • Update kyverno-crds (app) to v1.16.0.
    • Update reports-server (app) to v0.1.0.
    • Update cloudnative-pg (app) to v0.0.13.
    • Update kubescape (app) to v0.0.5.
    • Update starboard-exporter (app) to v1.0.2.

    teleport-kube-agent v0.10.7…v0.10.8

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Migrate chart metadata annotations to OCI-compatible format.

    vertical-pod-autoscaler v6.1.1…v6.1.2

    Fixed

    • Pushed helm chart to OCI repository.

    vertical-pod-autoscaler-crd v4.1.1…v4.1.2

    Fixed

    • Pushed helm chart to OCI repository.
  • Changes compared to v34.0.0

    Components

    • cluster-cloud-director from v3.1.2 to v3.1.3
    • Flatcar from v4459.2.2 to v4459.2.3
    • Kubernetes from v1.34.3 to v1.34.5
    • os-tooling from v1.26.3 to v1.26.4

    cluster-cloud-director v3.1.2…v3.1.3

    Changed

    • Values: Enable management cluster registry cache for gsoci.azurecr.io.

    Apps

    • cert-exporter from v2.9.15 to v2.9.16
    • cert-manager from v3.9.4 to v3.11.0
    • chart-operator-extensions from v1.1.2 to v1.1.3
    • cilium from v1.3.4 to v1.4.1
    • cilium-servicemonitors from v0.1.3 to v0.1.4
    • coredns-extensions from v0.1.2 to v0.1.3
    • etcd-defrag from v1.2.3 to v1.2.4
    • etcd-k8s-res-count-exporter from v1.10.12 to v1.10.14
    • k8s-dns-node-cache from v2.9.1 to v2.9.2
    • metrics-server from v2.7.0 to v2.8.0
    • net-exporter from v1.23.0 to v1.23.1
    • node-exporter from v1.20.10 to v1.20.11
    • observability-bundle from v2.5.0 to v2.6.0
    • observability-policies from v0.0.3 to v0.0.4
    • priority-classes from v0.3.0 to v0.3.1
    • security-bundle from v1.16.1 to v1.17.0
    • teleport-kube-agent from v0.10.7 to v0.10.8
    • vertical-pod-autoscaler from v6.1.1 to v6.1.2
    • vertical-pod-autoscaler-crd from v4.1.1 to v4.1.2

    cert-exporter v2.9.15…v2.9.16

    Changed

    • Go: Update dependencies.

    cert-manager v3.9.4…v3.11.0

    Added

    • Add Vertical Pod Autoscaler (VPA) support for webhook pods.
    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.
    • Add PodLogs for log collection.

    Fixed

    • Fix controller Vertical Pod Autoscaler (VPA) resource syntax.

    chart-operator-extensions v1.1.2…v1.1.3

    Changed

    cilium v1.3.4…v1.4.1

    Changed

    • Upgrade Cilium to v1.19.1.
    • Upgrade Cilium to v1.19.0.
    • Update chart icon to use Giant Swarm-hosted Cilium icon.
    • Upgrade Cilium to v1.18.7.

    cilium-servicemonitors v0.1.3…v0.1.4

    Changed

    • Migrate chart metadata annotations

    etcd-defrag v1.2.3…v1.2.4

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.37.0. (#78)

    etcd-k8s-res-count-exporter v1.10.12…v1.10.14

    Changed

    • Migrate to App Build Suite (ABS) for Helm chart building.
    • Go: Update dependencies.

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.
    • Removed resource.psp helm value.

    k8s-dns-node-cache v2.9.1…v2.9.2

    Changed

    • Upgrade application to version 1.26.7 (includes coredns 1.13.1)

    metrics-server v2.7.0…v2.8.0

    Changed

    • Upgrade metrics-server to v0.8.1.
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).

    net-exporter v1.23.0…v1.23.1

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.

    node-exporter v1.20.10…v1.20.11

    Changed

    • Migrate to App Build Suite (ABS) for building and publishing Helm charts.

    Fixed

    • Removed duplicated app label which is already added by the selector helper.

    observability-bundle v2.5.0…v2.6.0

    Added

    • Add KSM metrics for Gateway API resources

    observability-policies v0.0.3…v0.0.4

    Changed

    • Rename app to observability-policies
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).

    priority-classes v0.3.0…v0.3.1

    Fixed

    • Sanitize Chart.Version used in labels. This is needed because flux apapends the digest to the version using the + character which is not allowed in labels.

    security-bundle v1.16.1…v1.17.0

    Changed

    • Update kyverno (app) to v0.23.0.
    • Update kyverno-crds (app) to v1.16.0.
    • Update reports-server (app) to v0.1.0.
    • Update cloudnative-pg (app) to v0.0.13.
    • Update kubescape (app) to v0.0.5.
    • Update starboard-exporter (app) to v1.0.2.

    teleport-kube-agent v0.10.7…v0.10.8

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Migrate chart metadata annotations to OCI-compatible format.

    vertical-pod-autoscaler v6.1.1…v6.1.2

    Fixed

    • Pushed helm chart to OCI repository.

    vertical-pod-autoscaler-crd v4.1.1…v4.1.2

    Fixed

    • Pushed helm chart to OCI repository.
  • Changes compared to v34.0.0

    Components

    • cluster-azure from v5.1.2 to v5.3.0
    • Flatcar from v4459.2.2 to v4459.2.3
    • Kubernetes from v1.34.3 to v1.34.5
    • os-tooling from v1.26.3 to v1.26.4

    cluster-azure v5.1.2…v5.3.0

    Changed

    • Values: Update default instance size to D4as_v5.
    • Values: Use container registries from cluster chart.
    • Allow CertManager to use DNS challenges on non-private clusters.

    Apps

    • cert-exporter from v2.9.15 to v2.9.16
    • cert-manager from v3.9.4 to v3.11.0
    • chart-operator-extensions from v1.1.2 to v1.1.3
    • cilium from v1.3.4 to v1.4.1
    • cilium-servicemonitors from v0.1.3 to v0.1.4
    • coredns-extensions from v0.1.2 to v0.1.3
    • etcd-defrag from v1.2.3 to v1.2.4
    • etcd-k8s-res-count-exporter from v1.10.12 to v1.10.14
    • k8s-audit-metrics from v0.10.11 to v0.10.13
    • k8s-dns-node-cache from v2.9.1 to v2.9.2
    • metrics-server from v2.7.0 to v2.8.0
    • net-exporter from v1.23.0 to v1.23.1
    • node-exporter from v1.20.10 to v1.20.11
    • observability-bundle from v2.5.0 to v2.6.0
    • observability-policies from v0.0.3 to v0.0.4
    • priority-classes from v0.3.0 to v0.3.1
    • prometheus-blackbox-exporter from v0.5.0 to v0.5.1
    • security-bundle from v1.16.1 to v1.17.0
    • teleport-kube-agent from v0.10.7 to v0.10.8
    • vertical-pod-autoscaler from v6.1.1 to v6.1.2
    • vertical-pod-autoscaler-crd from v4.1.1 to v4.1.2

    cert-exporter v2.9.15…v2.9.16

    Changed

    • Go: Update dependencies.

    cert-manager v3.9.4…v3.11.0

    Added

    • Add Vertical Pod Autoscaler (VPA) support for webhook pods.
    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.
    • Add PodLogs for log collection.

    Fixed

    • Fix controller Vertical Pod Autoscaler (VPA) resource syntax.

    chart-operator-extensions v1.1.2…v1.1.3

    Changed

    cilium v1.3.4…v1.4.1

    Changed

    • Upgrade Cilium to v1.19.1.
    • Upgrade Cilium to v1.19.0.
    • Update chart icon to use Giant Swarm-hosted Cilium icon.
    • Upgrade Cilium to v1.18.7.

    cilium-servicemonitors v0.1.3…v0.1.4

    Changed

    • Migrate chart metadata annotations

    etcd-defrag v1.2.3…v1.2.4

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.37.0. (#78)

    etcd-k8s-res-count-exporter v1.10.12…v1.10.14

    Changed

    • Migrate to App Build Suite (ABS) for Helm chart building.
    • Go: Update dependencies.

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.
    • Removed resource.psp helm value.

    k8s-audit-metrics v0.10.11…v0.10.13

    Changed

    • Migrate to App Build Suite (ABS) for Helm chart building.
    • Go: Update dependencies.

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.
    • Removed resource.psp helm value.

    k8s-dns-node-cache v2.9.1…v2.9.2

    Changed

    • Upgrade application to version 1.26.7 (includes coredns 1.13.1)

    metrics-server v2.7.0…v2.8.0

    Changed

    • Upgrade metrics-server to v0.8.1.
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).

    net-exporter v1.23.0…v1.23.1

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.

    node-exporter v1.20.10…v1.20.11

    Changed

    • Migrate to App Build Suite (ABS) for building and publishing Helm charts.

    Fixed

    • Removed duplicated app label which is already added by the selector helper.

    observability-bundle v2.5.0…v2.6.0

    Added

    • Add KSM metrics for Gateway API resources

    observability-policies v0.0.3…v0.0.4

    Changed

    • Rename app to observability-policies
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).

    priority-classes v0.3.0…v0.3.1

    Fixed

    • Sanitize Chart.Version used in labels. This is needed because flux apapends the digest to the version using the + character which is not allowed in labels.

    prometheus-blackbox-exporter v0.5.0…v0.5.1

    Changed

    • Migrate to App Build Suite (ABS) for Helm chart building.

    security-bundle v1.16.1…v1.17.0

    Changed

    • Update kyverno (app) to v0.23.0.
    • Update kyverno-crds (app) to v1.16.0.
    • Update reports-server (app) to v0.1.0.
    • Update cloudnative-pg (app) to v0.0.13.
    • Update kubescape (app) to v0.0.5.
    • Update starboard-exporter (app) to v1.0.2.

    teleport-kube-agent v0.10.7…v0.10.8

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Migrate chart metadata annotations to OCI-compatible format.

    vertical-pod-autoscaler v6.1.1…v6.1.2

    Fixed

    • Pushed helm chart to OCI repository.

    vertical-pod-autoscaler-crd v4.1.1…v4.1.2

    Fixed

    • Pushed helm chart to OCI repository.