1. Docs
  2. Changes and releases

Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • Security rbac-operator v0.33.4

    Removed

    • Stop pushing to openstack-app-collection.
  • Connectivity ingress-nginx-app v3.0.0-alpha1

    Added

    • Service: Align features from external service to internal one. (#467)
    • Service: Add controller.service.internal.ports & controller.service.internal.targetPorts. (#469)

    Changed

    • Helpers: Align labels to upstream. (#450)
    • Values: Align CPU & memory requests to actual needs. (#453)
    • Values: Deprecate configmap, use controller.config instead. (#463)
    • Chart: Rename to ingress-nginx. (#464)
    • HPA: Align to upstream. (#465)

    Removed

    • Service: Remove controller.service.suffix & controller.service.internal.suffix. (#448)
      NOTE: This is part of our alignment to upstream. There is no replacement for this key.
    • Params: Align to upstream. (#452)
      • Params: Remove controller.annotationsPrefix.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
      • Params: Remove controller.defaultSSLCertificate.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
      • Params: Remove controller.enableSSLChainCompletion.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
      • Params: Remove controller.updateIngressStatus.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
    • Service: Remove default values for controller.service.nodePorts & controller.service.internal.nodePorts. (#461)
      NOTE: If you are running on our KVM product, please make sure to manually set those keys to their prior values.
    • Params: Remove controller.disableExternalNameForwarding. (#462)
      NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
  • Managed Apps ingress-nginx-app v3.0.0-alpha1

    Added

    • Service: Align features from external service to internal one. (#467)
    • Service: Add controller.service.internal.ports & controller.service.internal.targetPorts. (#469)

    Changed

    • Helpers: Align labels to upstream. (#450)
    • Values: Align CPU & memory requests to actual needs. (#453)
    • Values: Deprecate configmap, use controller.config instead. (#463)
    • Chart: Rename to ingress-nginx. (#464)
    • HPA: Align to upstream. (#465)

    Removed

    • Service: Remove controller.service.suffix & controller.service.internal.suffix. (#448)
      NOTE: This is part of our alignment to upstream. There is no replacement for this key.
    • Params: Align to upstream. (#452)
      • Params: Remove controller.annotationsPrefix.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
      • Params: Remove controller.defaultSSLCertificate.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
      • Params: Remove controller.enableSSLChainCompletion.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
      • Params: Remove controller.updateIngressStatus.
        NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
    • Service: Remove default values for controller.service.nodePorts & controller.service.internal.nodePorts. (#461)
      NOTE: If you are running on our KVM product, please make sure to manually set those keys to their prior values.
    • Params: Remove controller.disableExternalNameForwarding. (#462)
      NOTE: This is part of our alignment to upstream. Use controller.extraArgs instead.
  • Managed Apps grafana-app v2.4.0

    Changed

    • upgrade grafana chart: 6.55.1 => 6.56.1
    • upgrade grafana: 9.4.7 => 9.5.1

    Removed

    • Stop pushing to openstack-app-collection.
  • Observability grafana-app v2.4.0

    Changed

    • upgrade grafana chart: 6.55.1 => 6.56.1
    • upgrade grafana: 9.4.7 => 9.5.1

    Removed

    • Stop pushing to openstack-app-collection.
  • Connectivity ingress-nginx-app v2.30.1

    Changed

  • Managed Apps ingress-nginx-app v2.30.1

    Changed

  • Developer Portal happa v1.58.4

    Changes

    Full Changelog: https://github.com/giantswarm/happa/compare/v1.58.3...v1.58.4

  • Highlights

    Highlights for the week ending May 5, 2023

    Apps

    • falco-app version v0.5.2 adds a new Kyverno PolicyException allowing falco to run in clusters enforcing restricted Pod Security Standards, and replaces a deprecated toleration label.
    • kyverno-app version v0.14.4 introduces a new policy limiting the namespaces where Kyverno PolicyExceptions may be created. By default, customer exceptions may be created only in the policy-exceptions namespace.
    • security-bundle version 0.14.1 (and 0.14.0) includes new the versions of Falco, Kyverno, and Trivy Operator mentioned in this announcement. To make App configuration and diffs easier to work with in GitOps workflows, it also changes the way config values are passed to the bundled Apps: rather than passing a single multi-line string containing each App’s configuration, all keys under the App’s top-level key will be copied into the App’s values. This is a breaking configuration change. Users must change all places where they override default values of a security-bundle App. This is typically a one character change, an example of which is available in our PR changing our sample.
    • trivy-operator-app version 0.4.0 updates to upstream Trivy Operator v0.13.2 and introduces Cilium NetworkPolicies to support scanning in Clilium-based clusters.

    Documentation

    • There is a new guide about achieving compliance with Pod Security Standards (PSS). Future releases will require all workloads to be compliant with these new standards, which differ slightly from the now-deprecated Pod Security Policies (PSP). Depending on your organization’s current security policy, this may require some migration effort, so we have provided this guide to encourage early planning and adoption.
  • Fleet Management rbac-operator v0.33.3

    Changed

    • Update dependency gin to v1.9.0

    Fixed

    • Fixed read-all clusterRole to append pods/log policy rule once
    • Fixed reconciling subjects in existing organization namespace role bindings