1. Docs
  2. Changes and releases

Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • Dashboards dashboards v3.30.0

    Changed

    • Add team label to karpenter dashboard.
    • Add grafana organization label to public dashboards

    Removed

    • Remove CAPI Overview dashboard.
  • Workload cluster releases for CAPA releases aws-25.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v25.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • Workload cluster releases for CAPA releases aws-26.4.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v26.3.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • Workload cluster releases for CAPA releases aws-27.5.0

    Most notable change in this release is the reduction of IAM permissions on the worker nodes instance profile, aiming at improving the general security of the clusters. Additional changes include reducing the size of the ETCD volume to 50GB targetting costs saving initiatives, improvements for the node-termination-handler application for smoother upgrades and operations as well as fixes for ENI mode targetting the CAPA migration.

    Changes compared to v27.4.0

    Components

    • cluster-aws from v1.3.5 to v1.3.7

    cluster-aws v1.3.5…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Chart: Reduce default etcd volume size to 50 GB.
    • Explicitly set Ignition user data storage type to S3 bucket objects for machine pools
    • Use reduced IAM permissions on worker nodes instance profile. This can be toggled back with global.providerSpecific.reducedInstanceProfileIamPermissionsForWorkers.
    • Explicitly set aws-node-termination-handler queue region so crash-loops are avoided, allowing faster startup

    Apps

    • aws-nth-bundle from v1.2.0 to v1.2.1
    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    aws-nth-bundle v1.2.0…v1.2.1

    Added

    • Forward proxy settings to aws-node-termination-handler-app as environment variables

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • Workload cluster releases for CAPA releases aws-28.5.1

    This release introduces improvements for ENI mode targetting the CAPA migration process.

    Changes compared to v28.5.0

    Components

    • cluster-aws from v1.3.6 to v1.3.7

    cluster-aws v1.3.6…v1.3.7

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Apps

    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • Workload cluster releases for CAPA releases aws-29.6.1

    This release introduces improvements for ENI mode targetting the CAPA migration process.

    Changes compared to v29.6.0

    Components

    • cluster-aws from v2.6.0 to v2.6.1

    cluster-aws v2.6.0…v2.6.1

    Added

    • Add ingress rule in nodes Security Group to allow access to the Kubelet API when using ENI mode. This is needed by the metrics server to gather metrics from the Kubelet

    Changed

    • Cilium: Replace no longer supported tunnel option by routingMode.

    Apps

    • cilium-crossplane-resources from v0.1.0 to v0.2.0

    cilium-crossplane-resources v0.1.0…v0.2.0

    Added

    • Add a Security Group rule for node to pod communication
  • Managed Apps gateway-api-app v1.2.0

    Added

    • Allow selecting channel (“standard” or “experimental”) for each individual CRD

    Changed

    • Upgrade Gateway API CRDs to v1.2.1
  • Web UI backstage v0.51.0

    In this release:

    • Deployments page with overview of all apps deployed throughout clusters was added. Deployments list changes:
    • Information in SOURCE column was changed. Now it shows type of source and source name. Information about chart name was moved to a separate column called CHART NAME;
    • NAMESPACE/NAME column was split into two separate columns;
    • CLUSTER column was changed. Missing cluster names are being correctly filled and values are displayed as links to cluster details pages;
    • CLUSTER TYPE column was added to deployments list. Clusters list changes:
    • AWS ACCOUNT ID column was fixed to display values in groups of four digits. See ./docs/releases/v0.51.0-changelog.md for more information.
  • Managed Apps athena v1.13.1

    Removed

    • Removed unused chart value .secret.firestoreServiceAccountKey and .secret.
  • Managed Apps ingress-nginx-app v4.0.0-alpha1

    Depending on your current setup, this release may contain breaking changes. We go into these in more detail below and therefore ask you to read them carefully and check whether and to what extent they affect your setup.

    Added

    • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
      • Deployment: Add controller.progressDeadlineSeconds.
      • Pod Disruption Budget: Add controller.unhealthyPodEvictionPolicy.
      • Prometheus Rule: Add controller.metrics.prometheusRule.annotations.
      • Metrics Service: Add controller.metrics.service.enabled.
      • Default Backend: Add defaultBackend.maxUnavailable.
      • Default Backend: Add defaultBackend.unhealthyPodEvictionPolicy.

    Changed

    • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
      • Controller: Update image to v1.12.0.
        NOTE: Please read the upstream changelog carefully, especially the entries marked with ⚠️. In addition, the following should be noted:
        • The --enable-annotation-validation CLI flag is already enabled by default in this app since v3.2.0.
        • The allow-cross-namespace-resources ConfigMap option getting deactivated affects you if you are currently referencing resources such as Secrets in Ingress resource annotations from namespaces other than the Ingress resource itself.
        • The annotations-risk-level ConfigMap option getting lowered to High affects you if you are currently using annotations with an annotation risk level of Critical. Especially snippet annotations belong to this annotation risk level. So even though you activated snippet annotations via ConfigMap option in the past, you now also need to increase the annotations-risk-level ConfigMap option back to Critical.
        • The strict-validate-path-type ConfigMap option is already enabled by default in this app since v3.2.0.
      • Values: Rename image to global.image.

    Removed

    • Chart: Sync to upstream. (#768https://github.com/giantswarm/ingress-nginx-app/pull/768)
      • Chart: Remove Pod Security Policies.
        NOTE: Pod Security Policies have already been removed from Kubernetes in v1.25. Therefore, this version is not compatible with Kubernetes v1.24 and below.
      • Values: Remove configmap.
        NOTE: The configmap value is deprecated since v3.0.0. Please use controller.config instead.
      • Deployment: Remove giantswarm.io/monitoring_basic_sli label.
      • Deployment: Remove OpenTelemetry init container.
        NOTE: OpenTelemetry is still supported, but since the module is built into the controller image since v1.10, we hereby remove the init container and image which were used to install it upon controller startup.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.