Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

• Aug 12, 2024 Workload cluster releases for Azure releases azure-27.0.0

  Changes compared to v26.0.0

  Components

  • cluster-azure from v0.18.0 to v1.0.0
  • Flatcar from v3815.2.4 to v3815.2.5
  • Kubernetes from v1.26.15 to v1.27.16

  cluster-azure v0.18.0…v1.0.0

  Changed

  • Chart: Update cluster to v1.1.0. (#325)
    • Machine Template: Adapt new image format.
    • Apps: Enable observability-policies.

  Apps

  • azure-cloud-controller-manager from v1.26.22-gs2 to v1.27.18-gs1
  • azure-cloud-node-manager from v1.26.22-gs2 to v1.27.18-gs1
  • cert-exporter from v2.9.0 to v2.9.1
  • cert-manager from v3.7.6 to v3.8.1
  • k8s-audit-metrics from v0.9.0 to v0.10.0
  • k8s-dns-node-cache from v2.6.2 to v2.8.1
  • net-exporter from v1.19.0 to v1.21.0
  • observability-bundle from v1.3.4 to v1.5.3
  • observability-policies v0.0.1
  • security-bundle from v1.7.1 to v1.8.0
  • teleport-kube-agent from v0.9.0 to v0.9.2
  • vertical-pod-autoscaler from v5.2.2 to v5.2.4

  azure-cloud-controller-manager v1.26.22-gs2…v1.27.18-gs1

  Changed

  • Chart: Update to upstream v1.27.18. (#81)

  azure-cloud-node-manager v1.26.22-gs2…v1.27.18-gs1

  Changed

  • Chart: Update to upstream v1.27.18. (#70)

  cert-exporter v2.9.0…v2.9.1

  Changed

  • Chart: Update PolicyExceptions to v2beta1. (#358)

  cert-manager v3.7.6…v3.8.1

  Added

  • Improves container security by setting runAsGroup and runAsUser greater than zero for all deployments.

  Changed

  • Bump architect-orb@5.3.1 to fix CVE-2024-24790.
  • Improves cainjector’s Vertical Pod Autoscaler
  • Remove quotes from acme-http01-solver-image argument. The quotes are used when looking up the image which causes an error.
  • Changed the way registry is being parsed in helm templates
  • Enable VPA by default

  k8s-audit-metrics v0.9.0…v0.10.0

  Changed

  • Add securityContext.readOnlyRootFilesystem helm value (default true).

  k8s-dns-node-cache v2.6.2…v2.8.1

  Changed

  • Make the app visible for all providers.
  • Reduce security exceptions #89.
    • Enable readOnly FS moving config to emptyDir volume.
    • Remove NET_ADMIN and drop ALL capabilities.
    • Add NET_BIND_SERVICE capability.
    • Add policy exception for require-non-root-groups/autogen-check-runasgroup.
    • Remove disallow-capabilities-* policy exceptions.
  • Update PolicyException CR version to v2beta1.

  net-exporter v1.19.0…v1.21.0

  Changed

  • Enable readOnlyRootFilesystem in securityContext (#376)[https://github.com/giantswarm/net-exporter/pull/376].
  • Update module google.golang.org/grpc to v1.65.0 (#373).
  • Update k8s modules to v0.30.2 (#375).
  • Update quay.io/giantswarm/alpine Docker tag to v3.20.1 (#372).
  • Add node and app labels in ServiceMonitor.

  observability-bundle v1.3.4…v1.5.3

  Added

  • Add alloy v0.3.0 as alloy-logs

  Changed

  • Rename alloy-logs app to camel case alloyLogs.
  • Fix CNP issues (allow traffic from pods in kube-system to nginx-ingress-controller)
    • Upgrade grafana-agent to 0.4.5.
    • Upgrade alloy to 0.3.1.
    • Upgrade promtail to 1.5.4.
  • Upgrade prometheus-operator-crd to 11.0.1.
  • prometheus-operator will not check promql syntax for prometheusRules that are labelled application.giantswarm.io/prometheus-rule-kind: loki
  • Upgrade kube-prometheus-stack to 11.0.0 and prometheus-operator-crd to 11.0.0. This upgrade mainly consists in:
    • kube-prometheus-stack dependency chart upgraded from 56.21.2 to 61.0.0
    • prometheus upgrade from 2.50.1 to 2.53.0
    • thanos ruler upgrade from 0.34.1 to 0.35.1
    • kube-state-metrics from 2.10.0 to 2.12.0
    • prometheus-operator from 0.71.2 0.75.0 - adding remoteWrite.proxyFromEnvironment and Scrape Class support
    • prometheus-node-exporter upgraded from 1.8.0 to 1.8.1
  • Upgrade grafana-agent from 0.4.3 to 0.4.4
    • This version enables the override the grafana agent CiliumNetworkPolicy egress and ingress sections.

  observability-policies v0.0.1

  Added

  • Add a ClusterPolicy to prevent prometheus-operator CRDs deletion.
  • Create observability-policies app to deploy Kyverno Observability Policies into clusters.

  security-bundle v1.7.1…v1.8.0

  Added

  • Add kyverno-crds app to handle Kyverno CRD install.

  Changed

  • Update kyverno (app) to v0.17.15. This version disables the CRD install job in favor of kyverno-crds App.

  teleport-kube-agent v0.9.0…v0.9.2

  Changed

  • Introduced podAntiAffinity so teleport-kube-agent pods run on different control-plane nodes also increased the number of replicas to 3 to maintain better high availability.
  • Changed the way registry is being parsed in helm templates

  vertical-pod-autoscaler v5.2.2…v5.2.4

  Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v9.8.3. (#301)
  • Chart: Change restartPolicy to OnFailure for the CRD job. (#298)
• Aug 12, 2024 Workload cluster releases for VSPHERE releases vsphere-27.0.0

  We are happy to announce the first release for vSphere that uses the new release framework.

  Migration to new releases flow

  In order to consume the new flow, the following two fields need to be manually adapted:

  • In ConfigMap <cluster name>-userconfig set .Values.global.release.version to the release version, e.g. 27.0.0.
  • In App <cluster name> remove the spec.version field. In case of GitOps, Flux might complain that the app manifest is invalid as the spec.version field is mandatory. In that case, edit the live App CR and set spec.version to an empty string. That will unblock Flux and allow it reconcile successfully.

  And if you want to use kubectl-gs to create a cluster, you’d need to now specify the release version, e.g.:

  kubectl-gs template cluster --provider vsphere --organization my_org --name cluster_name -vsphere-network-name network_name --release 27.0.0
  

• Aug 12, 2024 Managed Apps loki-app v0.22.0

  Changed

  • Upgraded upstream chart from 6.7.4 to 6.10.0 - see changelog for more information.
• Aug 12, 2024 Observability Platform loki-app v0.22.0

  Changed

  • Upgraded upstream chart from 6.7.4 to 6.10.0 - see changelog for more information.
• Aug 12, 2024 kubectl gs kubectl-gs v3.2.0

  Changed

  • Use more portable, Bash specific shebang for GitOps pre-commit script template
  • Schedule cluster upgrades for CAPI clusters.
  • Print Release information in get cluster command.
• Aug 12, 2024 Managed Apps cilium-healthcheck v0.0.3

  Fixed

  • Fix Cilium pod being restarted too soon – instead of every 15 minutes – in case of failed regeneration recovery. This was because creation date parsing failed.
• Aug 9, 2024 Web UI backstage v0.32.1

  Changed

  • Installations:
    • Enable search for custom columns of index table.
    • Use place icon instead of Giant Swarm logo for in main menu.
    • Set page header to “Installations”.
    • Add “Base domain” and “Account engineer” field to entity page.
    • Add “Base domain” and “Account engineer” field to index table.
    • Remove “Source” field from entity page, to use generic “View source” link instead.

  Added

  • Add custom entity link icons “giantswarm” and “grafana”.
• Aug 8, 2024 Platform API organization-operator v2.0.0

  Changed

  • Migration to kubebuilder - operation simplification & metric addition
• Aug 7, 2024 Observability Platform mimir-app v0.11.1

  Fixed

  • Fix indentation of jsonData in datasource.
• Aug 7, 2024 Platform API rbac-operator v0.41.1

  Changed

  • Bump architect-orb@5.3.1 to fix CVE-2024-24790.

• Newer entries
• Older entries