Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • Changed

    • Fix issues with templates
    • Change ownership to Team Shield
  • Changed

    • Update Kyverno to upstream version v1.12.5.
  • Fixed

    • Fix Nginx Parser based on the upstream parser.
  • Changes compared to v29.1.0

    Components

    • cluster-aws from v2.0.0 to v2.2.0
    • Flatcar from v3975.2.0 to v3975.2.1
    • Kubernetes from v1.29.8 to v1.29.9

    cluster-aws v2.0.0…v2.2.0

    ⚠️ Breaking change

    • Do not allow additional properties in the following fields in order to avoid unnoticed typos:

      • global.connectivity.network
      • global.connectivity.network.pods
      • global.connectivity.network.services
      • global.connectivity.subnets[]
      • global.connectivity.topology
      • global.controlPlane
      • global.controlPlane.additionalSecurityGroups[]
      • global.controlPlane.machineHealthCheck
      • global.controlPlane.oidc
      • global.providerSpecific
      • global.providerSpecific.instanceMetadataOptions

    If you were using values like global.controlPlane.containerdVolumeSizeGB and global.controlPlane.kubeletVolumeSizeGB, please move to the new .global.controlPlane.libVolumeSizeGB which defines the size of disk volume used for /var/lib mount point.

    Added

    • Allow to enable auditd through global.components.auditd.enabled helm value.
    • Chart: Support multiple service account issuers.
      This is used for example in the migration from Vintage AWS clusters to CAPA. Multiple issuers were previously supported only through internal chart values (this change removes internal.migration.irsaAdditionalDomain). The internal annotation aws.giantswarm.io/irsa-additional-domain on AWSMachineTemplate objects is changed to plural aws.giantswarm.io/irsa-trust-domains on the AWSCluster object.

    Changed

    • Chart: Update cluster to v1.4.1.
    • Set provider specific configuration for cilium CNI ENI values.
    • Do not allow additional properties in most values in order to avoid unnoticed typos.
    • Validate that machine pool availability zones belong to the selected region.
    • CI: Bump release version.
    • Apps: Use catalog from Release CR.

    Removed

    • Remove Cilium app deprecated values.
    • Remove unused kubectl image Helm value.

    Apps

    • aws-pod-identity-webhook from v1.16.0 to v1.17.0
    • coredns from v1.21.0 to v1.22.0
    • observability-bundle from v1.6.1 to v1.6.2
    • security-bundle from v1.8.1 to v1.8.2
    • teleport-kube-agent from v0.9.2 to v0.10.3
    • vertical-pod-autoscaler from v5.2.4 to v5.3.0
    • vertical-pod-autoscaler-crd from v3.1.0 to v3.1.1

    aws-pod-identity-webhook v1.16.0…v1.17.0

    Changed

    • Fix VPA being ineffective due to referring to a non-existing Deployment name

    coredns v1.21.0…v1.22.0

    Changed

    • Update coredns image to 1.11.3.

    Removed

    • Removed legacy Giant Swarm monitoring labels as coredns is monitored through a prometheus-operator generated servicemonitor.

    observability-bundle v1.6.1…v1.6.2

    Changed

    • Fixed alloyMetrics catalog

    security-bundle v1.8.1…v1.8.2

    Changed

    • Update cloudnative-pg (app) to v0.0.6.
    • Update trivy-operator (app) to v0.10.0.
    • Update kyverno-policy-operator (app) to v0.0.8.
    • Update kyverno (app) to v0.17.16.

    teleport-kube-agent v0.9.2…v0.10.3

    Changed

    • Disable JAMF components on chart templates
    • Fix issues with templates
    • Change ownership to Team Shield
    • Added small fix on podSecurityContext for seccompProfile.
    • Upgraded to Teleport version 16

    vertical-pod-autoscaler v5.2.4…v5.3.0

    Changed

    • Chart: Update Helm release vertical-pod-autoscaler to v9.9.0. (#314)
    • Chart: Consume global.imageRegistry. (#315)

    Removed

    • Chart: Do not override crds.image.tag. (#316)

    vertical-pod-autoscaler-crd v3.1.0…v3.1.1

    Changed

    • Chart: Improve Chart.yaml. (#110)
    • Repository: Some chores. (#111)
  • Changes compared to v29.0.0

    Components

    • cluster-azure from v1.0.0 to v1.3.0
    • Flatcar from v3815.2.5 to v3975.2.1
    • Kubernetes from v1.29.7 to v1.29.9

    cluster-azure v1.0.0…v1.3.0

    Changed

    • Chart: Update cluster to v1.4.1
      • Allow to enable auditd service through global.components.auditd.enabled.
      • Allow configuring kube-controller-manager --node-cidr-mask-size flag.
      • Set MachineDeployment Kubernetes version from release
    • Apps: Use catalog from Release CR.

    Removed

    • Remove Cilium deprecated values.
    • Remove unused internal values from values.schema.json.

    Apps

    • cert-exporter from v2.9.1 to v2.9.2
    • coredns from v1.21.0 to v1.22.0
    • node-exporter from v1.19.0 to v1.20.0
    • observability-bundle from v1.5.3 to v1.6.2
    • security-bundle from v1.8.0 to v1.8.2
    • teleport-kube-agent from v0.9.2 to v0.10.3
    • vertical-pod-autoscaler from v5.2.4 to v5.3.0
    • vertical-pod-autoscaler-crd from v3.1.0 to v3.1.1

    cert-exporter v2.9.1…v2.9.2

    Added

    • Chart: Add VPA and resources configuration for deployment and daemonset. (#382)

    coredns v1.21.0…v1.22.0

    Changed

    • Update coredns image to 1.11.3.

    Removed

    • Removed legacy Giant Swarm monitoring labels as coredns is monitored through a prometheus-operator generated servicemonitor.

    node-exporter v1.19.0…v1.20.0

    Changed

    • Synced with upstream chart v4.38.0 (node-exporter 1.8.2).

    observability-bundle v1.5.3…v1.6.2

    Added

    • Add alloy v0.4.0 as alloyMetrics.

    Changed

    • Fixed alloyMetrics catalog
    • Disable usage reporting to GrafanaLabs by:
      • Bumping alloyLogs and alloyMetrics to v0.4.1.
      • Bumping grafanaAgent to v0.4.6.

    security-bundle v1.8.0…v1.8.2

    Changed

    • Update cloudnative-pg (app) to v0.0.6.
    • Update trivy-operator (app) to v0.10.0.
    • Update kyverno-policy-operator (app) to v0.0.8.
    • Update kyverno (app) to v0.17.16.

    teleport-kube-agent v0.9.2…v0.10.3

    Changed

    • Disable JAMF components on chart templates
    • Fix issues with templates
    • Change ownership to Team Shield
    • Added small fix on podSecurityContext for seccompProfile.
    • Upgraded to Teleport version 16

    vertical-pod-autoscaler v5.2.4…v5.3.0

    Changed

    • Chart: Update Helm release vertical-pod-autoscaler to v9.9.0. (#314)
    • Chart: Consume global.imageRegistry. (#315)

    Removed

    • Chart: Do not override crds.image.tag. (#316)

    vertical-pod-autoscaler-crd v3.1.0…v3.1.1

    Changed

    • Chart: Improve Chart.yaml. (#110)
    • Repository: Some chores. (#111)
  • Added

    • GS plugin: Add Grafana dashboard link for deployments.
  • Added

    • Add “manual e2e” testing procedure.
    • Add PR message template referring to the manual testing procedure.
  • Added

    • Add option to create ServiceMonitor object for monitoring
  • Changed

    • Updated alertmanager dashboard to show related logs
    • Add loki mixins dashboards update script.
    • Update mimir mixins dashboards via script.

    Fixed

    • Fix Alloy mixins tags.
  • Changed

    • Update to upstream version 2.8.3.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.