Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

• Mar 18, 2025 Security teleport-kube-agent-app v0.10.4

  Added

  • Add headless service on diag port 3000.

  Changed

  • Migrated to ABS
• Mar 18, 2025 Highlights

  Highlights for the week ending 2025-03-18

  General

  Apps

  • dashboards

    • 4.3.0
      • Add Observability Resource Usage dashboard
      • Add Backstage dashboard

  • logging-operator

    • [0.25.1](https://github.com/giantswarm/logging- operator/compare/v0.25.0…v0.25.1)
      • Stop caching helm secrets in the operator to reduce resource usage.
    • [0.25.0](https://github.com/giantswarm/logging- operator/compare/v0.24.1…v0.25.0)
      • Adds support to include and exclude event collection per namespace in workload clusters. If nothing is configured, the event collector will collect all events in the WC.
      • Fix incorrect config generation introduced by the tenant governance which defaults to alloy as a logshipper, even on promtail-equiped clusters.
      • Clean up some legacy paths that are not useful anymore.

  • object-storage-operator

    • [0.10.3](https://github.com/giantswarm/object-storage- operator/compare/v0.10.2…v0.10.3)
      • Stop caching helm secrets in the operator to reduce resource usage.
      • Use smaller dockerfile to reduce build time as ABS already generates the go binary.

  • observability-operator

    • [0.19.4](https://github.com/giantswarm/observability- operator/compare/v0.19.3…v0.19.4)
      • Revert caching tuning for configmaps and pods because it was causing api false answers.
    • [0.19.3](https://github.com/giantswarm/observability- operator/compare/v0.19.2…v0.19.3)
      • Stop caching helm secrets in the operator to reduce resource usage.
      • Cache only the dashboards configmap in the operator to reduce resource usage.
      • Cache only the alertmanager and grafana pods in the operator to reduce resource usage.
      • Remove cleanup code for Mimir Alertmanager anonymous tenant’s configuration.
      • Remove cleanup code for Mimir Ruler anonymous tenant’s rules.

  • prometheus-rules

    • [4.49.3](https://github.com/giantswarm/prometheus- rules/compare/v4.49.2…v4.49.3)

      • Increase threshold time for KubeStateMetricsSlow from 7s to 15s.

    • [4.49.2](https://github.com/giantswarm/prometheus- rules/compare/v4.49.1…v4.49.2)

      • Fixed some grafana-cloud recording rules to specifically use metrics giantswarm metrics
      • Update PromtailRequestsErrors to fire after 1h instead of 25min.
      • Update PromtailRequestsErrors to cancel outside of working hours.

    • [4.49.1](https://github.com/giantswarm/prometheus- rules/compare/v4.49.0…v4.49.1)

      • Update MimirDataPushFailures runbook url.

    • [4.49.0](https://github.com/giantswarm/prometheus- rules/compare/v4.48.0…v4.49.0)

      • Rename MimirObjectStoreLowRate to MimirDataPushFailures and update its expression to only target upload operations from the ingester component.

  • cluster-apps-operator

    • [3.1.2](https://github.com/giantswarm/cluster-apps- operator/compare/v3.1.1…v3.1.2)
      • Update app-operator to version 7.1.1.

  • hello-world-app

    • 2.8.0
      • Add HTTP->HTTPS redirect in the HTTPRoute CR.

  • konfigure-operator

    • [0.1.0](https://github.com/giantswarm/konfigure- operator/compare/v0.1.0…v0.1.0)
      • Initial implementation according to: https://github.com/giantswarm/rfc/pull/108

  • aws-cloud-controller-manager-app

    • [1.30.8-gs1](https://github.com/giantswarm/aws-cloud-controller-manager- app/compare/v1.30.7-gs3…v1.30.8-gs1)
      • Chart: Update to upstream v1.30.8.

  • aws-ebs-csi-driver-app

    • [3.0.5](https://github.com/giantswarm/aws-ebs-csi-driver- app/compare/v3.0.4…v3.0.5)
      • Chart: Update snapshot-controller to v8.2.1. (#283)
    • [3.0.4](https://github.com/giantswarm/aws-ebs-csi-driver- app/compare/v3.0.3…v3.0.4)
      • Chart: Sync to upstream. (#264)

  • aws-pod-identity-webhook

    • [1.19.1](https://github.com/giantswarm/aws-pod-identity- webhook/compare/v1.19.0…v1.19.1)
      • Go: Update dependencies.

  • kube-downscaler-app

    • [0.6.1](https://github.com/giantswarm/kube-downscaler- app/compare/v0.6.0…v0.6.1)
      • Fix ciliumnetpol’s endpointSelector.
    • [0.6.0](https://github.com/giantswarm/kube-downscaler- app/compare/v0.5.0…v0.6.0)
      • Update chart’s image.

  • cloud-provider-vsphere-app

    • [2.0.1](https://github.com/giantswarm/cloud-provider-vsphere- app/compare/v2.0.0…v2.0.1)
      • Ensure the Helm chart name stays consistent.
    • [2.0.0](https://github.com/giantswarm/cloud-provider-vsphere- app/compare/v1.12.0…v2.0.0)
      • Remove subcharts in order to deploy only the vSphere CPI (at upstream version v1.30.0).

  • cluster-cloud-director

    • [0.65.0](https://github.com/giantswarm/cluster-cloud- director/compare/v0.64.2…v0.65.0)
      • Chart: Update cluster to v2.1.1.
      • Chart: Enable coredns-extensions and etcd-defrag.

  • cluster-vsphere

    • [1.0.0](https://github.com/giantswarm/cluster- vsphere/compare/v0.69.0…v1.0.0)
      • Split cloud provider app into separate HelmReleases.
      • Add global.providerSpecific.templateSuffix to set a suffix on the VM template to use.

  • kube-vip-cloud-provider-app

    • [0.3.0](https://github.com/giantswarm/kube-vip-cloud-provider- app/compare/v0.2.0…v0.3.0)
      • Run container with a read-only filesystem.

  • vsphere-csi-driver-app

    • [3.4.2](https://github.com/giantswarm/vsphere-csi-driver- app/compare/v3.4.1…v3.4.2)
      • Correct kubectl image tag.
      • Remove superfluous update script.

  • cloudnative-pg-app

    • [0.0.7](https://github.com/giantswarm/cloudnative-pg- app/compare/v0.0.6…v0.0.7)
      • Push to CAPI app collections.
      • grafana dashboard: load it to Shared Org (public) organization

  • rbac-operator

    • [0.42.0](https://github.com/giantswarm/rbac- operator/compare/v0.41.1…v0.42.0)
      • Added support for read-all-customer-groups bindings.
      • Change ownership to Team Shield

  • trivy-app

    • 0.13.4
      • Add API capabilities check for Kyverno PolicyExceptions before switching to v2.
    • 0.13.3
      • Make livenessProbe.initialDelaySeconds configurable.

  • cluster

    • 2.2.0
      • Preventing container with Nvidia runtime taking down the whole node going OOM by properly isolating the container.
      • Apps: Remove source config from external-dns defaults.

  • cluster-autoscaler-app

    • [1.30.4-gs1](https://github.com/giantswarm/cluster-autoscaler- app/compare/v1.30.3-gs2…v1.30.4-gs1)
      • Chart: Update to upstream v1.30.4. (#308)

  • etcd-backup-operator

    • [4.10.1](https://github.com/giantswarm/etcd-backup- operator/compare/v4.10.0…v4.10.1)
      • Ensure the default clustersToExcludeRegex doesn’t match any clusters

  • etcd-kubernetes-resources-count-exporter

    • [1.10.3](https://github.com/giantswarm/etcd-kubernetes-resources-count- exporter/compare/v1.10.2…v1.10.3)
      • Go: Update dependencies.
    • [1.10.2](https://github.com/giantswarm/etcd-kubernetes-resources-count- exporter/compare/v1.10.1…v1.10.2)
      • Go: Update dependencies.

  • node-exporter-app

    • [1.20.2](https://github.com/giantswarm/node-exporter- app/compare/v1.20.1…v1.20.2)
      • Go: Update dependencies.

  Docs

• Mar 18, 2025 CAPA releases releases aws-30.1.0

  Changes compared to v30.0.0

  Components

  • cluster-aws from v3.0.0 to v3.2.1
  • Kubernetes from v1.30.10 to v1.30.11
  • os-tooling from v1.23.1 to v1.24.0

  cluster-aws v3.0.0…v3.2.1

  Added

  • Add ingress rule in nodes Security Group to allow access for monitoring Chart Operator, EBS CSI Controller, Cilium Operator and Node Exporter.
  • Add ingress rule in nodes Security Group to allow access to the Cilium Relay when using ENI mode.
  • Add option global.providerSpecific.nodeTerminationHandlerEnabled to disable the AWS Node Termination Handler (NTH).

  Changed

  • Chart: Update cluster to v2.2.0.

  os-tooling v1.23.1…v1.24.0

  Added

  • Added nvidia_runtime to allow running of GPU workloads

  Apps

  • aws-ebs-csi-driver from v3.0.3 to v3.0.5
  • aws-pod-identity-webhook from v1.19.0 to v1.19.1
  • capi-node-labeler from v1.0.1 to v1.0.2
  • cert-exporter from v2.9.4 to v2.9.5
  • cilium from v0.31.0 to v0.31.1
  • cloud-provider-aws from v1.30.7-gs3 to v1.30.8-gs1
  • cluster-autoscaler from v1.30.3-gs2 to v1.30.4-gs1
  • etcd-defrag from v1.0.1 to v1.0.2
  • etcd-kubernetes-resources-count-exporter from v1.10.1 to v1.10.3
  • k8s-audit-metrics from v0.10.1 to v0.10.2
  • net-exporter from v1.21.0 to v1.22.0
  • node-exporter from v1.20.1 to v1.20.2
  • observability-bundle from v1.9.0 to v1.11.0
  • security-bundle from v1.9.1 to v1.10.0
  • teleport-kube-agent from v0.10.3 to v0.10.4

  aws-ebs-csi-driver v3.0.3…v3.0.5

  Changed

  • Chart: Update snapshot-controller to v8.2.1. (#283)
  • Chart: Sync to upstream. (#264)

  aws-pod-identity-webhook v1.19.0…v1.19.1

  Changed

  • Go: Update dependencies.

  capi-node-labeler v1.0.1…v1.0.2

  Changed

  • Go: Update dependencies.

  cert-exporter v2.9.4…v2.9.5

  Changed

  • Go: Update dependencies.

  cilium v0.31.0…v0.31.1

  Changed

  • Upgrade Cilium to v1.16.7.

  cloud-provider-aws v1.30.7-gs3…v1.30.8-gs1

  Changed

  • Chart: Update to upstream v1.30.8.

  cluster-autoscaler v1.30.3-gs2…v1.30.4-gs1

  Changed

  • Chart: Update to upstream v1.30.4. (#308)

  etcd-defrag v1.0.1…v1.0.2

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.25.0. (#17)

  etcd-kubernetes-resources-count-exporter v1.10.1…v1.10.3

  Changed

  • Go: Update dependencies.

  k8s-audit-metrics v0.10.1…v0.10.2

  Changed

  • Go: Update dependencies.

  net-exporter v1.21.0…v1.22.0

  Changed

  • Narrow down CiliumNetworkPolicy to allow desired traffic only.

  Removed

  • Remove NetworkPolicy resource and rely on CiliumNetworkPolicy only.

  node-exporter v1.20.1…v1.20.2

  Changed

  • Go: Update dependencies.

  observability-bundle v1.9.0…v1.11.0

  Changed

  • prometheus-operator will not check promql syntax for prometheusRules that are labelled observability.giantswarm.io/rule-type: logs
  • Upgrade alloy to chart 0.9.0.
    • Bumps alloy from to 1.5.1 to 1.7.1
  • Upgrade kube-prometheus-stack from 66.2.1 to 69.5.1
    • Bumps prometheus-operator to 0.80.1
    • Bumps prometheus to 3.0.1

  security-bundle v1.9.1…v1.10.0

  Added

  • Add e2e tests for the security-bundle and all is components

  Changed

  • Update kyverno (app) to v0.19.0.
  • Update kyverno-crds (app) to v1.13.0.
  • Update kyverno-policies (app) to v0.23.0.
  • Update edgedb (app) to v0.1.0.
  • Update falco (app) to v0.10.0.
  • Update trivy (app) to v0.13.2.

  teleport-kube-agent v0.10.3…v0.10.4

  Added

  • Add headless service on diag port 3000.

  Changed

  • Migrated to ABS
• Mar 18, 2025 CAPVCD releases releases cloud-director-30.1.0

  Changes compared to v30.0.0

  Components

  • cluster-cloud-director from v0.65.0 to v0.66.0
  • Kubernetes from v1.30.10 to v1.30.11
  • os-tooling from v1.23.1 to v1.24.0

  cluster-cloud-director v0.65.0…v0.66.0

  Changed

  • Chart: Update cluster to v2.2.0.

  os-tooling v1.23.1…v1.24.0

  Added

  • Added nvidia_runtime to allow running of GPU workloads

  Apps

  • capi-node-labeler from v1.0.1 to v1.0.2
  • cert-exporter from v2.9.4 to v2.9.5
  • cilium from v0.31.0 to v0.31.1
  • etcd-defrag from v1.0.1 to v1.0.2
  • etcd-kubernetes-resources-count-exporter from v1.10.1 to v1.10.3
  • k8s-audit-metrics from v0.10.1 to v0.10.2
  • net-exporter from v1.21.0 to v1.22.0
  • node-exporter from v1.20.1 to v1.20.2
  • observability-bundle from v1.9.0 to v1.11.0
  • security-bundle from v1.9.1 to v1.10.0
  • teleport-kube-agent from v0.10.3 to v0.10.4

  capi-node-labeler v1.0.1…v1.0.2

  Changed

  • Go: Update dependencies.

  cert-exporter v2.9.4…v2.9.5

  Changed

  • Go: Update dependencies.

  cilium v0.31.0…v0.31.1

  Changed

  • Upgrade Cilium to v1.16.7.

  etcd-defrag v1.0.1…v1.0.2

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.25.0. (#17)

  etcd-kubernetes-resources-count-exporter v1.10.1…v1.10.3

  Changed

  • Go: Update dependencies.

  k8s-audit-metrics v0.10.1…v0.10.2

  Changed

  • Go: Update dependencies.

  net-exporter v1.21.0…v1.22.0

  Changed

  • Narrow down CiliumNetworkPolicy to allow desired traffic only.

  Removed

  • Remove NetworkPolicy resource and rely on CiliumNetworkPolicy only.

  node-exporter v1.20.1…v1.20.2

  Changed

  • Go: Update dependencies.

  observability-bundle v1.9.0…v1.11.0

  Changed

  • prometheus-operator will not check promql syntax for prometheusRules that are labelled observability.giantswarm.io/rule-type: logs
  • Upgrade alloy to chart 0.9.0.
    • Bumps alloy from to 1.5.1 to 1.7.1
  • Upgrade kube-prometheus-stack from 66.2.1 to 69.5.1
    • Bumps prometheus-operator to 0.80.1
    • Bumps prometheus to 3.0.1

  security-bundle v1.9.1…v1.10.0

  Added

  • Add e2e tests for the security-bundle and all is components

  Changed

  • Update kyverno (app) to v0.19.0.
  • Update kyverno-crds (app) to v1.13.0.
  • Update kyverno-policies (app) to v0.23.0.
  • Update edgedb (app) to v0.1.0.
  • Update falco (app) to v0.10.0.
  • Update trivy (app) to v0.13.2.

  teleport-kube-agent v0.10.3…v0.10.4

  Added

  • Add headless service on diag port 3000.

  Changed

  • Migrated to ABS
• Mar 18, 2025 CAPV releases releases vsphere-30.1.0

  Changes compared to v30.0.0

  Components

  • cluster-vsphere from v0.69.0 to v1.1.0
  • Kubernetes from v1.30.10 to v1.30.11
  • os-tooling from v1.23.1 to v1.24.0

  cluster-vsphere v0.69.0…v1.1.0

  Added

  • Add global.providerSpecific.templateSuffix to set a suffix on the VM template to use.

  Changed

  • Chart: Update cluster to v2.2.0.
  • Split cloud provider app into separate HelmReleases.

  os-tooling v1.23.1…v1.24.0

  Added

  • Added nvidia_runtime to allow running of GPU workloads

  Apps

  • capi-node-labeler from v1.0.1 to v1.0.2
  • cert-exporter from v2.9.4 to v2.9.5
  • cilium from v0.31.0 to v0.31.1
  • cloud-provider-vsphere from v1.12.0 to v2.0.1
  • etcd-defrag from v1.0.1 to v1.0.2
  • etcd-kubernetes-resources-count-exporter from v1.10.1 to v1.10.3
  • k8s-audit-metrics from v0.10.1 to v0.10.2
  • kube-vip added at v0.2.0
  • kube-vip-cloud-provider added at v0.3.0
  • net-exporter from v1.21.0 to v1.22.0
  • node-exporter from v1.20.1 to v1.20.2
  • observability-bundle from v1.9.0 to v1.11.0
  • security-bundle from v1.9.1 to v1.10.0
  • teleport-kube-agent from v0.10.3 to v0.10.4
  • vsphere-csi-driver added at v3.4.2

  capi-node-labeler v1.0.1…v1.0.2

  Changed

  • Go: Update dependencies.

  cert-exporter v2.9.4…v2.9.5

  Changed

  • Go: Update dependencies.

  cilium v0.31.0…v0.31.1

  Changed

  • Upgrade Cilium to v1.16.7.

  cloud-provider-vsphere v1.12.0…v2.0.1

  Changed

  • Remove subcharts in order to deploy only the vSphere CPI (at upstream version v1.30.0).

  etcd-defrag v1.0.1…v1.0.2

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.25.0. (#17)

  etcd-kubernetes-resources-count-exporter v1.10.1…v1.10.3

  Changed

  • Go: Update dependencies.

  k8s-audit-metrics v0.10.1…v0.10.2

  Changed

  • Go: Update dependencies.

  kube-vip v0.2.0

  Added

  • Initial release which tracks upstream version 0.8.4.

  kube-vip-cloud-provider v0.3.0

  Added

  • Initial release which tracks upstream version 0.0.10.

  Changed

  • Run container with a read-only filesystem.

  net-exporter v1.21.0…v1.22.0

  Changed

  • Narrow down CiliumNetworkPolicy to allow desired traffic only.

  Removed

  • Remove NetworkPolicy resource and rely on CiliumNetworkPolicy only.

  node-exporter v1.20.1…v1.20.2

  Changed

  • Go: Update dependencies.

  observability-bundle v1.9.0…v1.11.0

  Changed

  • prometheus-operator will not check promql syntax for prometheusRules that are labelled observability.giantswarm.io/rule-type: logs
  • Upgrade alloy to chart 0.9.0.
    • Bumps alloy from to 1.5.1 to 1.7.1
  • Upgrade kube-prometheus-stack from 66.2.1 to 69.5.1
    • Bumps prometheus-operator to 0.80.1
    • Bumps prometheus to 3.0.1

  security-bundle v1.9.1…v1.10.0

  Added

  • Add e2e tests for the security-bundle and all is components

  Changed

  • Update kyverno (app) to v0.19.0.
  • Update kyverno-crds (app) to v1.13.0.
  • Update kyverno-policies (app) to v0.23.0.
  • Update edgedb (app) to v0.1.0.
  • Update falco (app) to v0.10.0.
  • Update trivy (app) to v0.13.2.

  teleport-kube-agent v0.10.3…v0.10.4

  Added

  • Add headless service on diag port 3000.

  Changed

  • Migrated to ABS

  vsphere-csi-driver v3.4.2

  Added

  • Add upstream chart at v3.3.0.

  Changed

  • Correct kubectl image tag.

  Removed

  • Remove superfluous update script.
• Mar 18, 2025 Developer Portal backstage v0.55.0

  In this release, layout of deployments and clusters pages was changed. Now it allows to add filters for a table. See ./docs/releases/v0.55.0-changelog.md for more information.

• Mar 17, 2025 Security trivy-app v0.13.4

  Changed

  • Add API capabilities check for Kyverno PolicyExceptions before switching to v2.
• Mar 17, 2025 Security trivy-app v0.13.3

  Changed

  • Make livenessProbe.initialDelaySeconds configurable.
• Mar 17, 2025 Security rbac-operator v0.42.0

  Added

  • Added support for read-all-customer-groups bindings.

  Changed

  • Change ownership to Team Shield
• Mar 14, 2025 Others hello-world-app v2.8.0

  Changed

  • Add HTTP->HTTPS redirect in the HTTPRoute CR.

• Newer entries
• Older entries