1. Docs
  2. Changes and releases

Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • AI Agents klausctl v0.0.70

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klausctl/compare/v0.0.69...v0.0.70

  • AI Agents klaus-oci v0.0.21

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klaus-oci/compare/v0.0.20...v0.0.21

  • CAPVCD releases releases cloud-director-34.2.0

    Changes compared to v34.1.2

    Components

    • cluster-cloud-director from v3.1.4 to v3.2.2
    • cluster from v5.1.2 to v5.3.1
    • Flatcar from v4459.2.3 to v4459.2.4
    • Kubernetes from v1.34.5 to v1.34.7
    • os-tooling from v1.26.4 to v1.28.0

    cluster-cloud-director v3.1.4…v3.2.2

    Changed

    • Apps: Enable rbac-bootstrap as a default HelmRelease app.

    Fixed

    • Fix ntpd failing permanently on boot due to systemd rate limiting (node rolling).

    cluster v5.1.2…v5.3.1

    Added

    • Apps: Add rbac-bootstrap as a default HelmRelease app with a default ClusterRoleBinding for giantswarm:giantswarm-admins.

    Changed

    • Apps: Use OCIRepository source for rbac-bootstrap HelmRelease.

    Fixed

    • Apps: Change rbac-bootstrap default role from read-all to view and add additional groups for token forwarded cases.

    Apps

    • cert-exporter from v2.9.16 to v2.10.1
    • cilium from v1.4.1 to v1.4.3
    • coredns from v1.29.1 to v1.30.0
    • etcd-defrag from v1.2.4 to v1.2.6
    • k8s-dns-node-cache from v2.9.2 to v2.11.0
    • observability-bundle from v2.6.0 to v2.8.0
    • security-bundle from v1.17.0 to v1.17.1

    cert-exporter v2.9.16…v2.10.1

    Added

    • DaemonSet: Add VPA.

    Changed

    • Values: Tune resources.

    Fixed

    • Parse all PEM blocks in secrets and certificate files, not just the first one. This fixes false alerts when multiple certificates are concatenated (e.g. Kyverno webhook cert rotation).

    cilium v1.4.1…v1.4.3

    Changed

    coredns v1.29.1…v1.30.0

    Added

    • Add coredns-adopter job to adopt default CoreDNS resources on EKS clusters (disabled by default).

    Changed

    • Update coredns image to 1.14.2.

    etcd-defrag v1.2.4…v1.2.6

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.39.0. (#86)
    • Chart: Update dependency ahrtr/etcd-defrag to v0.38.0. (#84)

    k8s-dns-node-cache v2.9.2…v2.11.0

    Added

    • Add configmap.log.enabled helm value to toggle CoreDNS query logging (default: false).
    • Make AAAA NOERROR configurable for IPv6.

    observability-bundle v2.6.0…v2.8.0

    Added

    • Add KSM metrics for Envoy Gateway resources.
    • Add application.giantswarm.io/team annotation from HelmReleases as label to KSM emitted metrics.

    Changed

    • Update kube-prometheus-stack to 20.1.0
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).
    • Update alloy-app to 0.17.1
    • Update kube-prometheus-stack to 20.0.0
    • Update prometheus-operator-crd to 20.0.0

    security-bundle v1.17.0…v1.17.1

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Update falco (app) to v0.11.2.
    • Update gel (app) to v1.0.2.
    • Update kubescape (app) to v0.0.6.
    • Update reports-server (app) to v0.1.3.
    • Update starboard-exporter (app) to v1.0.3.
    • Update trivy (app) to v0.14.2.
    • Update trivy-operator (app) to v0.12.2.
    • Migrate chart annotations to OCI-compatible format.
  • CAPV releases releases vsphere-34.2.0

    Changes compared to v34.1.1

    Components

    • cluster-vsphere from v4.1.4 to v5.1.3
    • cluster from v5.1.2 to v5.3.1
    • Flatcar from v4459.2.3 to v4459.2.4
    • Kubernetes from v1.34.5 to v1.34.7
    • os-tooling from v1.26.4 to v1.28.0

    cluster-vsphere v4.1.4…v5.1.3

    Changed

    • HelmReleases: Reduce hard-coded default interval from 10m to 5m.
    • Apps: Enable rbac-bootstrap as a default HelmRelease app.

    Fixed

    • Allow adding additional properties into global.metadata.
    • Add missing values key to kube-vip-cloud-provider HelmRelease.

    cluster v5.1.2…v5.3.1

    Added

    • Apps: Add rbac-bootstrap as a default HelmRelease app with a default ClusterRoleBinding for giantswarm:giantswarm-admins.

    Changed

    • Apps: Use OCIRepository source for rbac-bootstrap HelmRelease.

    Fixed

    • Apps: Change rbac-bootstrap default role from read-all to view and add additional groups for token forwarded cases.

    Apps

    • cert-exporter from v2.9.16 to v2.10.1
    • cilium from v1.4.1 to v1.4.3
    • cloud-provider-vsphere from v2.2.0 to v2.4.0
    • coredns from v1.29.1 to v1.30.0
    • etcd-defrag from v1.2.4 to v1.2.6
    • k8s-dns-node-cache from v2.9.2 to v2.11.0
    • observability-bundle from v2.6.0 to v2.8.0
    • security-bundle from v1.17.0 to v1.17.1

    cert-exporter v2.9.16…v2.10.1

    Added

    • DaemonSet: Add VPA.

    Changed

    • Values: Tune resources.

    Fixed

    • Parse all PEM blocks in secrets and certificate files, not just the first one. This fixes false alerts when multiple certificates are concatenated (e.g. Kyverno webhook cert rotation).

    cilium v1.4.1…v1.4.3

    Changed

    cloud-provider-vsphere v2.2.0…v2.4.0

    Changed

    • Update to upstream v1.35.1.
    • Set version field of Chart.yaml to latest repo release fix ci checks.
    • Update to upstream 1.35.0.

    Removed

    • Removed PodSecurityPolicy.
    • Removed podSecurityPolicy helm value.

    coredns v1.29.1…v1.30.0

    Added

    • Add coredns-adopter job to adopt default CoreDNS resources on EKS clusters (disabled by default).

    Changed

    • Update coredns image to 1.14.2.

    etcd-defrag v1.2.4…v1.2.6

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.39.0. (#86)
    • Chart: Update dependency ahrtr/etcd-defrag to v0.38.0. (#84)

    k8s-dns-node-cache v2.9.2…v2.11.0

    Added

    • Add configmap.log.enabled helm value to toggle CoreDNS query logging (default: false).
    • Make AAAA NOERROR configurable for IPv6.

    observability-bundle v2.6.0…v2.8.0

    Added

    • Add KSM metrics for Envoy Gateway resources.
    • Add application.giantswarm.io/team annotation from HelmReleases as label to KSM emitted metrics.

    Changed

    • Update kube-prometheus-stack to 20.1.0
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).
    • Update alloy-app to 0.17.1
    • Update kube-prometheus-stack to 20.0.0
    • Update prometheus-operator-crd to 20.0.0

    security-bundle v1.17.0…v1.17.1

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Update falco (app) to v0.11.2.
    • Update gel (app) to v1.0.2.
    • Update kubescape (app) to v0.0.6.
    • Update reports-server (app) to v0.1.3.
    • Update starboard-exporter (app) to v1.0.3.
    • Update trivy (app) to v0.14.2.
    • Update trivy-operator (app) to v0.12.2.
    • Migrate chart annotations to OCI-compatible format.
  • CAPZ releases releases azure-34.2.0

    Changes compared to v34.1.1

    Components

    • cluster-azure from v5.3.0 to v5.4.1
    • cluster from v5.1.2 to v5.3.1
    • Flatcar from v4459.2.3 to v4459.2.4
    • Kubernetes from v1.34.5 to v1.34.7
    • os-tooling from v1.26.4 to v1.28.0

    cluster-azure v5.3.0…v5.4.1

    Changed

    • Apps: Enable rbac-bootstrap as a default HelmRelease app.

    cluster v5.1.2…v5.3.1

    Added

    • Apps: Add rbac-bootstrap as a default HelmRelease app with a default ClusterRoleBinding for giantswarm:giantswarm-admins.

    Changed

    • Apps: Use OCIRepository source for rbac-bootstrap HelmRelease.

    Fixed

    • Apps: Change rbac-bootstrap default role from read-all to view and add additional groups for token forwarded cases.

    Apps

    • azure-cloud-controller-manager from v2.0.0 to v2.1.0
    • azure-cloud-node-manager from v2.0.0 to v2.1.0
    • cert-exporter from v2.9.16 to v2.10.1
    • cilium from v1.4.1 to v1.4.3
    • coredns from v1.29.1 to v1.30.0
    • etcd-defrag from v1.2.4 to v1.2.6
    • k8s-dns-node-cache from v2.9.2 to v2.11.0
    • observability-bundle from v2.6.0 to v2.8.0
    • prometheus-blackbox-exporter from v0.5.1 to v0.7.0
    • security-bundle from v1.17.0 to v1.17.1

    azure-cloud-controller-manager v2.0.0…v2.1.0

    Changed

    • Migrate to App Build Suite (ABS).
    • Bump to upstream image v1.35.1

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.

    azure-cloud-node-manager v2.0.0…v2.1.0

    Changed

    • Migrate to App Build Suite (ABS).
    • Bump to upstream image v1.35.1

    Removed

    • Removed PodSecurityPolicy.
    • Removed global.podSecurityStandards.enforced helm value.

    cert-exporter v2.9.16…v2.10.1

    Added

    • DaemonSet: Add VPA.

    Changed

    • Values: Tune resources.

    Fixed

    • Parse all PEM blocks in secrets and certificate files, not just the first one. This fixes false alerts when multiple certificates are concatenated (e.g. Kyverno webhook cert rotation).

    cilium v1.4.1…v1.4.3

    Changed

    coredns v1.29.1…v1.30.0

    Added

    • Add coredns-adopter job to adopt default CoreDNS resources on EKS clusters (disabled by default).

    Changed

    • Update coredns image to 1.14.2.

    etcd-defrag v1.2.4…v1.2.6

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.39.0. (#86)
    • Chart: Update dependency ahrtr/etcd-defrag to v0.38.0. (#84)

    k8s-dns-node-cache v2.9.2…v2.11.0

    Added

    • Add configmap.log.enabled helm value to toggle CoreDNS query logging (default: false).
    • Make AAAA NOERROR configurable for IPv6.

    observability-bundle v2.6.0…v2.8.0

    Added

    • Add KSM metrics for Envoy Gateway resources.
    • Add application.giantswarm.io/team annotation from HelmReleases as label to KSM emitted metrics.

    Changed

    • Update kube-prometheus-stack to 20.1.0
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).
    • Update alloy-app to 0.17.1
    • Update kube-prometheus-stack to 20.0.0
    • Update prometheus-operator-crd to 20.0.0

    prometheus-blackbox-exporter v0.5.1…v0.7.0

    Added

    • Add http_2xx_insecure module with insecure_skip_verify: true to support probing workload cluster API servers from the management cluster. The MC’s service account CA (http_2xx_k8sca) only covers the MC itself; workload clusters have their own CA which is not available to the blackbox exporter, making TLS verification impossible without this module.

    Changed

    • Set priorityClassName to system-node-critical to ensure DaemonSet pods are scheduled even on full nodes.

    security-bundle v1.17.0…v1.17.1

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Update falco (app) to v0.11.2.
    • Update gel (app) to v1.0.2.
    • Update kubescape (app) to v0.0.6.
    • Update reports-server (app) to v0.1.3.
    • Update starboard-exporter (app) to v1.0.3.
    • Update trivy (app) to v0.14.2.
    • Update trivy-operator (app) to v0.12.2.
    • Migrate chart annotations to OCI-compatible format.
  • Developer Portal backstage v0.125.0

    Added

    • Persist AI chat conversations and add a conversation history page with rename, delete, batch delete, and pagination, plus a history view in the chat drawer.
    • Add a getDate tool to the AI chat agent for retrieving the current date and time.
    • Prune older tool outputs in AI chat once cumulative tool I/O exceeds a configurable budget (aiChat.pruning.reservedTokens, aiChat.pruning.minimumSavingsTokens).

    Changed

    • Report AI chat context size, output tokens, and cost by requesting token usage from OpenAI-compatible streaming responses (vLLM/KServe).
    • Clarify tool use in the muster system prompt to avoid calling internal tools via muster’s call_tool.

    Fixed

    • Re-observe the element when the ref target changes in useContainerDimensions.
    • Reject empty titles in PATCH /conversations/:id/title with HTTP 400. See ./docs/releases/v0.125.0-changelog.md for more information.
  • AI Agents muster v0.1.130

    What’s Changed

    Full Changelog: https://github.com/giantswarm/muster/compare/v0.1.129...v0.1.130

  • AI Agents muster v0.1.129

    What’s Changed

    Full Changelog: https://github.com/giantswarm/muster/compare/v0.1.128...v0.1.129

  • Developer Portal backstage v0.124.4

    Added

    • Make sidebar logo image height configurable via app.branding.logo.height.

    Fixed

  • AI Agents klaus v0.0.135

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klaus/compare/v0.0.134...v0.0.135