Fixed
- The VPA for
external-secretserroneously picks up thekubectlpod created by the CRD installer job and changes the resource requirements for it potentially causing OOM kill for it
Changes and Releases
Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.
Changed
- Add new app dependency mechanism (
app-operator.giantswarm.io/depends-on) to the prometheus-operator-app and agent so they are not installed until the CRD app is deployed. - prometheus-operator: drop
apiserver_request_slo_duration_seconds_bucketmetrics from apiserver - upgrade
prometheus-operator-appto 4.0.1 andprometheus-operator-crdto 4.0.0 - upgrade
prometheus-agentto 0.3.0 to support chinese registry
Added
- Add
promtail-appv1.0.1 disabled by default.
- Add new app dependency mechanism (
Added
- Added the use of the runtime/default seccomp profile.
Fixed
- Prevented deletion of Organization CR until the organization namespace is deleted successfully
Added
- Add circle ci job to push to
capz-app-collectionon new release. - Static client for GitOps Server.
- Add circle ci job to push to
Added
- Helpers: Align to upstream. (#429)
- Helpers: Add
controller.containerSecurityContext. - Helpers: Add
ingress-nginx.image. - Helpers: Add
ingress-nginx.imageDigest. - Helpers: Add
ingress-nginx.controller.publishServicePath. - Helpers: Add
ingress-nginx.params. - Helpers: Add
isControllerTagValid. - Helpers: Add
extraModules.
- Helpers: Add
- Chart: Align to upstream. (#431)
- Chart: Add
.helmignore. - Chart: Add
NOTES.txt.
- Chart: Add
- Chart: Add CI values from upstream. (#432)
- Deployment: Align to upstream. (#433)
- Deployment: Implement
controller.kind. - Deployment: Implement
controller.labels. - Deployment: Implement
controller.annotations. - Deployment: Implement
revisionHistoryLimit. - Deployment: Implement
controller.podAnnotations. - Deployment: Implement
controller.dnsConfig. - Deployment: Implement
controller.hostname. - Deployment: Implement
controller.dnsPolicy. - Deployment: Implement
controller.podLabels. - Deployment: Implement
imagePullSecrets. - Deployment: Implement
controller.priorityClassName.
NOTE: Removes the hardcoded defaultsystem-cluster-critical. Please override if required. - Deployment: Implement
controller.podSecurityContext&controller.sysctls. - Deployment: Implement
controller.shareProcessNamespace. - Deployment: Implement
controller.containerName. - Deployment: Implement
controller.updateStrategy. - Deployment: Implement
controller.publishService. - Deployment: Implement
controller.ingressClass.
NOTE: If you are currently overridingcontroller.ingressClassResource.name, there are two cases which require manual intervention:- You are assigning ingresses to an ingress controller by annotation.
- You enabled
controller.ingressClassByName. Please setcontroller.ingressClassto the value ofcontroller.ingressClassResource.nameif any of these cases applies to you.
- Deployment: Implement
controller.configMapNamespace. - Deployment: Implement
controller.tcp.configMapNamespace. - Deployment: Implement
controller.udp.configMapNamespace. - Deployment: Implement
controller.scope.namespace. - Deployment: Implement
controller.scope.namespaceSelector. - Deployment: Implement
controller.reportNodeInternalIp. - Deployment: Implement
controller.admissionWebhooks.certificate&controller.admissionWebhooks.key. - Deployment: Implement
controller.maxmindLicenseKey. - Deployment: Implement
controller.healthCheckHost. - Deployment: Implement
controller.healthCheckPath. - Deployment: Implement
controller.enableTopologyAwareRouting. - Deployment: Implement
controller.extraArgs. - Deployment: Implement
serviceAccount.name. - Deployment: Implement
controller.containerSecurityContext. - Deployment: Implement
controller.hostPort. - Deployment: Implement
controller.metrics.portName. - Deployment: Implement
tcp&udpports. - Deployment: Implement
controller.customTemplate. - Deployment: Implement
controller.extraVolumeMounts. - Deployment: Implement
controller.opentelemetry. - Deployment: Implement
controller.extraContainers. - Deployment: Implement
controller.extraInitContainers. - Deployment: Implement
controller.hostNetwork. - Deployment: Implement
controller.nodeSelector. - Deployment: Implement
controller.tolerations. - Deployment: Implement
controller.affinity. - Deployment: Add
DaemonSetoption.
- Deployment: Implement
Changed
- Helpers: Align to upstream. (#429)
- Helpers: Rename
nametoingress-nginx.name. - Helpers: Rename
charttoingress-nginx.chart. - Helpers: Align
ingress-nginx.fullname. - Helpers: Align
ingress-nginx.controller.fullname. - Helpers: Align
ingress-nginx.controller.electionID. - Helpers: Align
ingress-nginx.defaultBackend.fullname. - Helpers: Align
ingress-nginx.labels. - Helpers: Align
ingress-nginx.selectorLabels. - Helpers: Align
ingress-nginx.defaultBackend.serviceAccountName.
- Helpers: Rename
- Chart: Align to upstream. (#431)
- Chart: Align
Chart.yaml.
- Chart: Align
- HPA: Use capabilities, reorder
if. (#434) - Deployment: Align to upstream. (#433)
- Deployment: Align
controller.image. - Deployment: Align
startupProbe.
NOTE: Please removecontroller.startupProbe.enabledfrom your overrides and remove/setcontroller.startupProbeinstead. - Deployment: Align
livenessProbe.
NOTE: Please removecontroller.livenessProbe.enabledfrom your overrides and remove/setcontroller.livenessProbeinstead. - Deployment: Align
readinessProbe.
NOTE: Please removecontroller.readinessProbe.enabledfrom your overrides and remove/setcontroller.readinessProbeinstead. - Deployment: Update
controller.image.tagtov1.6.4.
- Deployment: Align
Removed
- Helpers: Align to upstream. (#429)
- Helpers: Remove
resource.controller-service-internal.name. - Helpers: Remove
resource.controller-service.name.
- Helpers: Remove
- Deployment: Align to upstream. (#433)
- Deployment: Remove
controller.extraAnnotations.deployment.
NOTE: This is part of our alignment to upstream. Usecontroller.annotationsinstead. - Deployment: Remove
controller.extraAnnotations.pod.
NOTE: This is part of our alignment to upstream. Usecontroller.podAnnotationsinstead. - Deployment: Remove
sysctlssettingnet.ipv4.ip_local_port_range.
NOTE: Set viacontroller.sysctlsif required. - Deployment: Remove
initContainerssettingnet.core.somaxconn.
NOTE: Set viacontroller.sysctlsif required. - Deployment: Remove
controller.maxSurge.
NOTE: This is part of our alignment to upstream. Usecontroller.updateStrategyinstead. - Deployment: Remove
controller.maxUnavailable.
NOTE: This is part of our alignment to upstream. Usecontroller.updateStrategyinstead. - Deployment: Remove
controller.userID.
NOTE: This is part of our alignment to upstream. Usecontroller.image.runAsUserinstead. - Deployment: Remove
controller.groupID.
NOTE: This is part of our alignment to upstream. There is no replacement for this key. - Deployment: Remove
controller.antiAffinityScheduling&controller.nodeAffinity. NOTE: This is part of our alignment to upstream. Usecontroller.affinityinstead.
- Deployment: Remove
- Helpers: Align to upstream. (#429)
Added
- Add ServiceMonitor and default values (#245).
Changed
- Sync with upstream update concerning image.registry
Changed
- Update to upstream version
0.7.0/app version0.37.2.
- Update to upstream version
Added
- Added the use of the runtime/default seccomp profile.
- Added reconciliation of static resources like e.g. ClusterRoles, ClusterRoleBindings, ServiceAccounts in the default namespace, etc.
Changed
- Default to new IRSA role for
cert-manager-controllerthat has permissions needed for the DNS01 challenge via AWS Route53
- Default to new IRSA role for