Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

• Feb 5, 2025 CAPA releases releases aws-28.5.1

  This release introduces improvements for ENI mode targetting the CAPA migration process.

  Changes compared to v28.5.0

  Components

  • cluster-aws from v1.3.6 to v1.3.7

  cluster-aws v1.3.6…v1.3.7

  Added

  • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

  Apps

  • cilium-crossplane-resources from v0.1.0 to v0.2.0

  cilium-crossplane-resources v0.1.0…v0.2.0

  Added

  • Add a Security Group rule for node to pod communication
• Feb 5, 2025 CAPA releases releases aws-29.6.1

  This release introduces improvements for ENI mode targetting the CAPA migration process.

  Changes compared to v29.6.0

  Components

  • cluster-aws from v2.6.0 to v2.6.1

  cluster-aws v2.6.0…v2.6.1

  Added

  • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

  Changed

  • Cilium: Replace no longer supported tunnel option by routingMode.

  Apps

  • cilium-crossplane-resources from v0.1.0 to v0.2.0

  cilium-crossplane-resources v0.1.0…v0.2.0

  Added

  • Add a Security Group rule for node to pod communication
• Feb 5, 2025 Connectivity gateway-api-app v1.2.0

  Added

  • Allow selecting channel (“standard” or “experimental”) for each individual CRD

  Changed

  • Upgrade Gateway API CRDs to v1.2.1
• Feb 5, 2025 Managed Apps gateway-api-app v1.2.0

  Added

  • Allow selecting channel (“standard” or “experimental”) for each individual CRD

  Changed

  • Upgrade Gateway API CRDs to v1.2.1
• Feb 4, 2025 Developer Portal backstage v0.51.0

  In this release:

  • Deployments page with overview of all apps deployed throughout clusters was added. Deployments list changes:
  • Information in SOURCE column was changed. Now it shows type of source and source name. Information about chart name was moved to a separate column called CHART NAME;
  • NAMESPACE/NAME column was split into two separate columns;
  • CLUSTER column was changed. Missing cluster names are being correctly filled and values are displayed as links to cluster details pages;
  • CLUSTER TYPE column was added to deployments list. Clusters list changes:
  • AWS ACCOUNT ID column was fixed to display values in groups of four digits. See ./docs/releases/v0.51.0-changelog.md for more information.
• Feb 3, 2025 Managed Apps athena v1.13.1

  Removed

  • Removed unused chart value .secret.firestoreServiceAccountKey and .secret.
• Feb 3, 2025 Security athena v1.13.1

  Removed

  • Removed unused chart value .secret.firestoreServiceAccountKey and .secret.
• Jan 31, 2025 Connectivity ingress-nginx-app v4.0.0-alpha1

  Depending on your current setup, this release may contain breaking changes. We go into these in more detail below and therefore ask you to read them carefully and check whether and to what extent they affect your setup.

  Added

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Deployment: Add controller.progressDeadlineSeconds.
    • Pod Disruption Budget: Add controller.unhealthyPodEvictionPolicy.
    • Prometheus Rule: Add controller.metrics.prometheusRule.annotations.
    • Metrics Service: Add controller.metrics.service.enabled.
    • Default Backend: Add defaultBackend.maxUnavailable.
    • Default Backend: Add defaultBackend.unhealthyPodEvictionPolicy.

  Changed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Controller: Update image to v1.12.0.
      NOTE: Please read the upstream changelog carefully, especially the entries marked with ⚠️. In addition, the following should be noted:
      • The --enable-annotation-validation CLI flag is already enabled by default in this app since v3.2.0.
      • The allow-cross-namespace-resources ConfigMap option getting deactivated affects you if you are currently referencing resources such as Secrets in Ingress resource annotations from namespaces other than the Ingress resource itself.
      • The annotations-risk-level ConfigMap option getting lowered to High affects you if you are currently using annotations with an annotation risk level of Critical. Especially snippet annotations belong to this annotation risk level. So even though you activated snippet annotations via ConfigMap option in the past, you now also need to increase the annotations-risk-level ConfigMap option back to Critical.
      • The strict-validate-path-type ConfigMap option is already enabled by default in this app since v3.2.0.
    • Values: Rename image to global.image.

  Removed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Chart: Remove Pod Security Policies.
      NOTE: Pod Security Policies have already been removed from Kubernetes in v1.25. Therefore, this version is not compatible with Kubernetes v1.24 and below.
    • Values: Remove configmap.
      NOTE: The configmap value is deprecated since v3.0.0. Please use controller.config instead.
    • Deployment: Remove giantswarm.io/monitoring_basic_sli label.
    • Deployment: Remove OpenTelemetry init container.
      NOTE: OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
• Jan 31, 2025 Managed Apps ingress-nginx-app v4.0.0-alpha1

  Depending on your current setup, this release may contain breaking changes. We go into these in more detail below and therefore ask you to read them carefully and check whether and to what extent they affect your setup.

  Added

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Deployment: Add controller.progressDeadlineSeconds.
    • Pod Disruption Budget: Add controller.unhealthyPodEvictionPolicy.
    • Prometheus Rule: Add controller.metrics.prometheusRule.annotations.
    • Metrics Service: Add controller.metrics.service.enabled.
    • Default Backend: Add defaultBackend.maxUnavailable.
    • Default Backend: Add defaultBackend.unhealthyPodEvictionPolicy.

  Changed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Controller: Update image to v1.12.0.
      NOTE: Please read the upstream changelog carefully, especially the entries marked with ⚠️. In addition, the following should be noted:
      • The --enable-annotation-validation CLI flag is already enabled by default in this app since v3.2.0.
      • The allow-cross-namespace-resources ConfigMap option getting deactivated affects you if you are currently referencing resources such as Secrets in Ingress resource annotations from namespaces other than the Ingress resource itself.
      • The annotations-risk-level ConfigMap option getting lowered to High affects you if you are currently using annotations with an annotation risk level of Critical. Especially snippet annotations belong to this annotation risk level. So even though you activated snippet annotations via ConfigMap option in the past, you now also need to increase the annotations-risk-level ConfigMap option back to Critical.
      • The strict-validate-path-type ConfigMap option is already enabled by default in this app since v3.2.0.
    • Values: Rename image to global.image.

  Removed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Chart: Remove Pod Security Policies.
      NOTE: Pod Security Policies have already been removed from Kubernetes in v1.25. Therefore, this version is not compatible with Kubernetes v1.24 and below.
    • Values: Remove configmap.
      NOTE: The configmap value is deprecated since v3.0.0. Please use controller.config instead.
    • Deployment: Remove giantswarm.io/monitoring_basic_sli label.
    • Deployment: Remove OpenTelemetry init container.
      NOTE: OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
• Jan 30, 2025 Highlights

  Highlights for the week ending 2025-01-30

  Observability

  • Observability Platform API version 0.1.0

    • Introduced an initial setup with ingress and application templates to enhance platform observability.

  • Observability Operator version 0.10.2

    • Enhanced alert management with a new Alertmanager controller.
    • Simplified SSO settings by switching to the Grafana admin API.
    • Improved data source management and dashboard loading options.

  • Prometheus Meta Operator version 4.83.0

    • Improved alert notifications and link management for better usability.
    • Enhanced security by updating dependencies and configurations.

  • Dashboards version 3.29.1

    • Added and improved various dashboards including Cluster Overview and Promtail Overview for better monitoring insights.
    • Enhanced DNS dashboard for more accurate memory usage reporting.

  • Prometheus Rules version 4.34.0

    • Added new alerts and annotations to enhance monitoring capabilities.
    • Streamlined alert management by removing deprecated entries.

  • Logging Operator version 0.20.0

    • Introduced support for customer-specific log tenancy and enhanced default configurations.

  • Cluster API Monitoring App version 1.16.1

    • Improved security and compliance with updated RBAC permissions.

  • Prometheus Blackbox Exporter App version 0.5.0

    • Enhanced security settings to meet compliance standards.

  Security

  • Kyverno Policy Operator version 0.1.1

    • Enhanced CRD management and improved controller functionality for better policy enforcement.

  • Cert Manager App version 3.9.0

    • Upgraded to the latest Cert-manager version for improved certificate management.

  Connectivity

  • Cilium App version 0.31.0

    • Upgraded to the latest Cilium version for better network performance and reliability.

  • CoreDNS Extensions App version 0.1.2

    • Introduced VPA support for CoreDNS to enhance scalability and performance.

  • Kong App version 4.5.0

    • Updated Kong Ingress Controller for improved routing and security features.

  • Ingress NGINX App version 3.9.4

    • Enhanced ingress management with updated images and synced upstream changes.

  • Vertical Pod Autoscaler App version 5.3.1

    • Updated Helm release to improve resource management and scaling.

  Others

  • Object Storage Operator version 0.10.0

    • Secured Azure storage with private access and updated policy management.

  • n8n App version 0.1.5

    • A new AI workflow automation platform has been added.

  • Debug Toolbox version 1.1.1

    • Released new tools for better debugging and troubleshooting.

  • Hello World App version 2.6.1

    • Enhanced features with Gateway API support and updated documentation for easier usage.

  Docs

  - [We have unified header and footer of our website](https://github.com/giantswarm/docs/pull/2445).
  - [New guide on adding your application logs to the managed Loki installation](https://github.com/giantswarm/docs/pull/2447).
  - [We added the annotations you can tune in the Cluster AWS resources](https://github.com/giantswarm/docs/pull/2454).
  

• Newer entries
• Older entries