1. Docs
  2. Changes and releases

Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • Managed Apps cert-manager-app v3.9.0

    Changed

    • Updates Cert-manager Chart to Upstream 1.16.2

    Added

    • Adds new sync method based on Vendir to sync from upstream
  • Security cert-manager-app v3.9.0

    Changed

    • Updates Cert-manager Chart to Upstream 1.16.2

    Added

    • Adds new sync method based on Vendir to sync from upstream
  • Developer Portal backstage v0.49.2

    This release fixes fetching of unsupported infrastructure cluster identity resources. See ./docs/releases/v0.49.2-changelog.md for more information.

  • Developer Portal backstage v0.49.1

    This release fixes clusters fetching for unsupported providers. See ./docs/releases/v0.49.1-changelog.md for more information.

  • Connectivity kong-app v4.5.0

    Changed

    • Update kong ingress controller to 3.4.1
    • Align with upstream chart version 2.46.0 (Changes in upstream repository)
    • Revert ingressController.admissionWebhook settings to upstream values. (Enabled by default with failurePolicy: Ignore)
    • Update Kong Gateway image to 3.8.1.0-debian
    • Execute CRD installation Job only if ingressController is enabled (ingressController.enabled)

    Removed

    • Keep PSP disabled by default and remove Giant Swarm PSP-PSS migration hacks
    • Legacy Giant Swarm metrics Service and labels
  • Managed Apps kong-app v4.5.0

    Changed

    • Update kong ingress controller to 3.4.1
    • Align with upstream chart version 2.46.0 (Changes in upstream repository)
    • Revert ingressController.admissionWebhook settings to upstream values. (Enabled by default with failurePolicy: Ignore)
    • Update Kong Gateway image to 3.8.1.0-debian
    • Execute CRD installation Job only if ingressController is enabled (ingressController.enabled)

    Removed

    • Keep PSP disabled by default and remove Giant Swarm PSP-PSS migration hacks
    • Legacy Giant Swarm metrics Service and labels
  • Developer Portal backstage v0.49.0

    In this release:

    • RELEASE column was added to clusters list;
    • LOCATION column was added to clusters list;
    • AWS ACCOUNT ID column was added to clusters list. See ./docs/releases/v0.49.0-changelog.md for more information.
  • CAPA releases releases aws-28.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, as well as improvements for the node-termination-handler application for smoother upgrades and operations.

    Changes compared to v28.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.6

    cluster-aws v1.3.5…v1.3.6

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.

    Fixed

    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables
  • CAPA releases releases aws-29.6.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, as well as improvements for the node-termination-handler application for smoother upgrades and operations. Several components such as Flatcar or Kubernetes have also been updated to the latest available versions.

    Changes compared to v29.5.0

    Components

    • cluster-aws from v2.5.0 to v2.6.0
    • Flatcar from v3975.2.2 to v4081.2.1
    • Kubernetes from v1.29.12 to v1.29.13

    cluster-aws v2.5.0…v2.6.0

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.

    Fixed

    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • aws-pod-identity-webhook from v1.17.0 to v1.18.0
    • cilium from v0.25.1 to v0.25.2
    • prometheus-blackbox-exporter from v0.4.2 to v0.5.0
    • security-bundle from v1.8.2 to v1.9.1
    • vertical-pod-autoscaler from v5.3.0 to v5.3.1
    • vertical-pod-autoscaler-crd from v3.1.1 to v3.1.2

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    aws-pod-identity-webhook v1.17.0…v1.18.0

    Changed

    • Update securityContext to be compliant.

    cilium v0.25.1…v0.25.2

    Changed

    prometheus-blackbox-exporter v0.4.2…v0.5.0

    Changed

    • Harden security context to pass PSS compliance.

    Removed

    • Remove PSP resources.

    security-bundle v1.8.2…v1.9.1

    Breaking changes

    Note: When upgrading to this security-bundle version with Falco enabled, the Falco App will fail to upgrade due to a breaking change in the upstream chart. To finish the upgrade, disable, then re-enable the Falco App by setting apps.falco.enabled=[false|true] in the security-bundle user values Config Map.

    Changed

    • Update trivy-operator (app) to v0.10.3.
    • Update trivy (app) to v0.13.1.
    • Update kyverno (app) to v0.18.1.
    • Update kyverno-crds (app) to v1.12.0.
    • Update kyverno-policies (app) to v0.21.0.
    • Update starboard-exporter (app) to v0.8.0.
    • Update falco (app) to v0.9.1.

    vertical-pod-autoscaler v5.3.0…v5.3.1

    Changed

    • Chart: Update Helm release vertical-pod-autoscaler to v9.9.1. (#333)

    vertical-pod-autoscaler-crd v3.1.1…v3.1.2

    Changed

    • Chart: Sync to upstream. (#124)
  • CAPZ releases releases azure-29.5.0

    Changes compared to v29.4.0

    Components

    • cluster-azure from v1.5.0 to v1.6.0
    • Flatcar from v3975.2.2 to v4081.2.1
    • Kubernetes from v1.29.12 to v1.29.13

    cluster-azure v1.5.0…v1.6.0

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.

    Apps

    • cilium from v0.25.1 to v0.25.2
    • prometheus-blackbox-exporter from v0.4.2 to v0.5.0
    • security-bundle from v1.8.2 to v1.9.1
    • vertical-pod-autoscaler from v5.3.0 to v5.3.1
    • vertical-pod-autoscaler-crd from v3.1.1 to v3.1.2

    cilium v0.25.1…v0.25.2

    Changed

    prometheus-blackbox-exporter v0.4.2…v0.5.0

    Changed

    • Harden security context to pass PSS compliance.

    Removed

    • Remove PSP resources.

    security-bundle v1.8.2…v1.9.1

    Breaking changes

    Note: When upgrading to this security-bundle version with Falco enabled, the Falco App will fail to upgrade due to a breaking change in the upstream chart. To finish the upgrade, disable, then re-enable the Falco App by setting apps.falco.enabled=[false|true] in the security-bundle user values Config Map.

    Changed

    • Update trivy-operator (app) to v0.10.3.
    • Update trivy (app) to v0.13.1.
    • Update kyverno (app) to v0.18.1.
    • Update kyverno-crds (app) to v1.12.0.
    • Update kyverno-policies (app) to v0.21.0.
    • Update starboard-exporter (app) to v0.8.0.
    • Update falco (app) to v0.9.1.

    vertical-pod-autoscaler v5.3.0…v5.3.1

    Changed

    • Chart: Update Helm release vertical-pod-autoscaler to v9.9.1. (#333)

    vertical-pod-autoscaler-crd v3.1.1…v3.1.2

    Changed

    • Chart: Sync to upstream. (#124)

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.