Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

• Feb 3, 2025 Security athena v1.13.1

  Removed

  • Removed unused chart value .secret.firestoreServiceAccountKey and .secret.
• Jan 31, 2025 Connectivity ingress-nginx-app v4.0.0-alpha1

  Depending on your current setup, this release may contain breaking changes. We go into these in more detail below and therefore ask you to read them carefully and check whether and to what extent they affect your setup.

  Added

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Deployment: Add controller.progressDeadlineSeconds.
    • Pod Disruption Budget: Add controller.unhealthyPodEvictionPolicy.
    • Prometheus Rule: Add controller.metrics.prometheusRule.annotations.
    • Metrics Service: Add controller.metrics.service.enabled.
    • Default Backend: Add defaultBackend.maxUnavailable.
    • Default Backend: Add defaultBackend.unhealthyPodEvictionPolicy.

  Changed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Controller: Update image to v1.12.0.
      NOTE: Please read the upstream changelog carefully, especially the entries marked with ⚠️. In addition, the following should be noted:
      • The --enable-annotation-validation CLI flag is already enabled by default in this app since v3.2.0.
      • The allow-cross-namespace-resources ConfigMap option getting deactivated affects you if you are currently referencing resources such as Secrets in Ingress resource annotations from namespaces other than the Ingress resource itself.
      • The annotations-risk-level ConfigMap option getting lowered to High affects you if you are currently using annotations with an annotation risk level of Critical. Especially snippet annotations belong to this annotation risk level. So even though you activated snippet annotations via ConfigMap option in the past, you now also need to increase the annotations-risk-level ConfigMap option back to Critical.
      • The strict-validate-path-type ConfigMap option is already enabled by default in this app since v3.2.0.
    • Values: Rename image to global.image.

  Removed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Chart: Remove Pod Security Policies.
      NOTE: Pod Security Policies have already been removed from Kubernetes in v1.25. Therefore, this version is not compatible with Kubernetes v1.24 and below.
    • Values: Remove configmap.
      NOTE: The configmap value is deprecated since v3.0.0. Please use controller.config instead.
    • Deployment: Remove giantswarm.io/monitoring_basic_sli label.
    • Deployment: Remove OpenTelemetry init container.
      NOTE: OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
• Jan 31, 2025 Managed Apps ingress-nginx-app v4.0.0-alpha1

  Depending on your current setup, this release may contain breaking changes. We go into these in more detail below and therefore ask you to read them carefully and check whether and to what extent they affect your setup.

  Added

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Deployment: Add controller.progressDeadlineSeconds.
    • Pod Disruption Budget: Add controller.unhealthyPodEvictionPolicy.
    • Prometheus Rule: Add controller.metrics.prometheusRule.annotations.
    • Metrics Service: Add controller.metrics.service.enabled.
    • Default Backend: Add defaultBackend.maxUnavailable.
    • Default Backend: Add defaultBackend.unhealthyPodEvictionPolicy.

  Changed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Controller: Update image to v1.12.0.
      NOTE: Please read the upstream changelog carefully, especially the entries marked with ⚠️. In addition, the following should be noted:
      • The --enable-annotation-validation CLI flag is already enabled by default in this app since v3.2.0.
      • The allow-cross-namespace-resources ConfigMap option getting deactivated affects you if you are currently referencing resources such as Secrets in Ingress resource annotations from namespaces other than the Ingress resource itself.
      • The annotations-risk-level ConfigMap option getting lowered to High affects you if you are currently using annotations with an annotation risk level of Critical. Especially snippet annotations belong to this annotation risk level. So even though you activated snippet annotations via ConfigMap option in the past, you now also need to increase the annotations-risk-level ConfigMap option back to Critical.
      • The strict-validate-path-type ConfigMap option is already enabled by default in this app since v3.2.0.
    • Values: Rename image to global.image.

  Removed

  • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
    • Chart: Remove Pod Security Policies.
      NOTE: Pod Security Policies have already been removed from Kubernetes in v1.25. Therefore, this version is not compatible with Kubernetes v1.24 and below.
    • Values: Remove configmap.
      NOTE: The configmap value is deprecated since v3.0.0. Please use controller.config instead.
    • Deployment: Remove giantswarm.io/monitoring_basic_sli label.
    • Deployment: Remove OpenTelemetry init container.
      NOTE: OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.
• Jan 30, 2025 Highlights

  Highlights for the week ending 2025-01-30

  Observability

  • Observability Platform API version 0.1.0

    • Introduced an initial setup with ingress and application templates to enhance platform observability.

  • Observability Operator version 0.10.2

    • Enhanced alert management with a new Alertmanager controller.
    • Simplified SSO settings by switching to the Grafana admin API.
    • Improved data source management and dashboard loading options.

  • Prometheus Meta Operator version 4.83.0

    • Improved alert notifications and link management for better usability.
    • Enhanced security by updating dependencies and configurations.

  • Dashboards version 3.29.1

    • Added and improved various dashboards including Cluster Overview and Promtail Overview for better monitoring insights.
    • Enhanced DNS dashboard for more accurate memory usage reporting.

  • Prometheus Rules version 4.34.0

    • Added new alerts and annotations to enhance monitoring capabilities.
    • Streamlined alert management by removing deprecated entries.

  • Logging Operator version 0.20.0

    • Introduced support for customer-specific log tenancy and enhanced default configurations.

  • Cluster API Monitoring App version 1.16.1

    • Improved security and compliance with updated RBAC permissions.

  • Prometheus Blackbox Exporter App version 0.5.0

    • Enhanced security settings to meet compliance standards.

  Security

  • Kyverno Policy Operator version 0.1.1

    • Enhanced CRD management and improved controller functionality for better policy enforcement.

  • Cert Manager App version 3.9.0

    • Upgraded to the latest Cert-manager version for improved certificate management.

  Connectivity

  • Cilium App version 0.31.0

    • Upgraded to the latest Cilium version for better network performance and reliability.

  • CoreDNS Extensions App version 0.1.2

    • Introduced VPA support for CoreDNS to enhance scalability and performance.

  • Kong App version 4.5.0

    • Updated Kong Ingress Controller for improved routing and security features.

  • Ingress NGINX App version 3.9.4

    • Enhanced ingress management with updated images and synced upstream changes.

  • Vertical Pod Autoscaler App version 5.3.1

    • Updated Helm release to improve resource management and scaling.

  Others

  • Object Storage Operator version 0.10.0

    • Secured Azure storage with private access and updated policy management.

  • n8n App version 0.1.5

    • A new AI workflow automation platform has been added.

  • Debug Toolbox version 1.1.1

    • Released new tools for better debugging and troubleshooting.

  • Hello World App version 2.6.1

    • Enhanced features with Gateway API support and updated documentation for easier usage.

  Docs

  - [We have unified header and footer of our website](https://github.com/giantswarm/docs/pull/2445).
  - [New guide on adding your application logs to the managed Loki installation](https://github.com/giantswarm/docs/pull/2447).
  - [We added the annotations you can tune in the Cluster AWS resources](https://github.com/giantswarm/docs/pull/2454).
  

• Jan 29, 2025 Managed Apps vertical-pod-autoscaler-app v5.4.0

  Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v10.0.0 (#335)
• Jan 29, 2025 Fleet Management vertical-pod-autoscaler-app v5.4.0

  Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v10.0.0. (#335)
• Jan 29, 2025 Observability observability-platform-api v0.1.0

  Added

  • add ingress template
  • skaffolding of the application template
• Jan 29, 2025 Developer Portal backstage v0.50.0

  In this release:

  • KUBERNETES VERSION column was added to clusters list;
  • AWS ACCOUNT ID column in clusters list was changed to display value with color hashing and link to AWS account;
  • CLUSTER APP column in clusters list was changed to display provider specific cluster app version. See ./docs/releases/v0.50.0-changelog.md for more information.
• Jan 28, 2025 Connectivity coredns-app v1.24.0

  Changed

  • Update coredns image to 1.12.0.
  • Disable HPA Memory target.
  • Increase threshold for HPA CPU target to 80%.
• Jan 28, 2025 Managed Apps coredns-app v1.24.0

  Changed

  • Update coredns image to 1.12.0.
  • Disable HPA Memory target.
  • Increase threshold for HPA CPU target to 80%.

• Newer entries
• Older entries