1. Docs
  2. Changes and releases

Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • Security kyverno-app v0.22.0

    Changed

    • Update kyverno to upstream version v1.16.1.

    Notes

    This release includes an upstream update. Please refer to the following Release Notes from upstream for the latest changes:

  • Others hello-world-app v2.10.0

    Added

    • Chart: add annotations io.giantswarm.application.audience and io.giantswarm.application.managed to metadata.

    Changed

    • Chart: change annotation application.giantswarm.io/team to the OCI-compliant form io.giantswarm.application.team.
    • Chart: update sources list.
    • Chart: update keywords list.

    Removed

    • Chart: Remvove maintainers key.
    • Template helpers: Remove giantswarm.io/service-type: managed annotation.
  • Observability grafana-app v2.28.4

    Changed

    • upgrade giantswarm/postgresql-cnpg image tag: 17.7 => 18.1
  • Observability grafana-app v2.28.3

    Fixed

    • Set postgresqlCluster.enabled to false to fix the ATS ci job.
  • Observability grafana-app v2.28.2

    Fixed

    • Only render plugin field of postgresql cluster if backup is enabled in the values.
  • Connectivity external-dns-app v3.3.0

    Important changes

    • TXT registry record formatting has changed in this version. After upgrading, external-dns creates new TXT records, but existing (old) records will not be deleted automatically; manual cleanup by the operator is required.
    • The value .Values.provider has been deprecated in favour of .Values.provider.name.

    Changed

    • Use kubectl-apply-job when installing CRDs.
    • Upgrade external-dns to v0.20.0.
    • Update DNSEndpoints CRD.
    • Sync to upstream helm chart 1.19.0.
      • Grant discovery.k8s.io/endpointslices permission only when using service source.
      • Update RBAC for Service source to support EndpointSlices.
      • Allow extraArgs to also be a map enabling overrides of individual values.
      • Set defaults for automountServiceAccountToken and serviceAccount.automountServiceAccountToken to true in Helm chart values.
      • Correctly handle txtPrefix and txtSuffix arguments when both are provided.
      • Add ability to generate schema with helm plugin schema.
      • Regenerate JSON schema with `helm-values-schema-json’ plugin.
      • Added ability to configure imagePullSecrets via helm global value.
      • Added options to configure labelFilter and managedRecordTypes via dedicated helm values.
      • Allow templating serviceaccount.annotations keys and values, by rendering them using the tpl built-in function.
      • Added support for extraContainers argument.
      • Added support for setting excludeDomains argument.
      • Added support for setting dnsConfig.
      • Added support for webhook providers.
    • Restrict managed record types to A and CNAME.
  • Fleet Management aws-load-balancer-controller-app v3.0.0

    Changed

    • Merge both the bundle and app chart into the same repository. Now the AWS Load Balancer Controller app and the bundle containing the necessary IAM resources (managed by Crossplane) will live in this repository.
    • The bundle chart now deploys the workload cluster chart using Flux HelmRelease instead of App CR.
    • Make sure both the bundle and app charts have been pushed to the catalogs before pushing to the capa app collection
  • CAPVCD releases releases cloud-director-33.1.0

    Update Kubernetes to v1.33.6, Flatcar to v4459.2.1 and various component upgrades.

    Changes compared to v33.0.1

    Components

    • cluster-cloud-director from v2.2.0 to v2.4.0
    • Flatcar from v4230.2.3 to v4459.2.1
    • Kubernetes from v1.33.5 to v1.33.6
    • os-tooling from v1.26.1 to v1.26.2

    cluster-cloud-director v2.2.0…v2.4.0

    Changed

    • Chart: Update cluster to v4.4.0.
    • Chart: Update cluster to v4.3.0.

    Apps

    • cert-exporter from v2.9.12 to v2.9.14
    • cert-manager from v3.9.3 to v3.9.4
    • cilium from v1.3.1 to v1.3.2
    • etcd-defrag from v1.2.1 to v1.2.3
    • etcd-k8s-res-count-exporter from v1.10.9 to v1.10.11
    • k8s-audit-metrics from v0.10.8 to v0.10.10
    • node-exporter from v1.20.7 to v1.20.9
    • observability-policies from v0.0.2 to v0.0.3
    • security-bundle from v1.13.1 to v1.15.0
    • teleport-kube-agent from v0.10.6 to v0.10.7

    cert-exporter v2.9.12…v2.9.14

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    cert-manager v3.9.3…v3.9.4

    Added

    • Add E2E tests using apptest-framework for automated PR testing across multiple providers (CAPA, CAPV, CAPZ, CAPVCD).
      • Basic test suite: Validates fresh installations
      • Upgrade test suite: Tests upgrade scenarios and certificate reconciliation
    • Add certificate issuance integration test to cluster-test-suites.

    Changed

    • Upgrade cert-manager to v1.18.2.

    cilium v1.3.1…v1.3.2

    Changed

    etcd-defrag v1.2.1…v1.2.3

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.36.0. (#69)
    • Chart: Update dependency ahrtr/etcd-defrag to v0.35.0. (#64)

    etcd-k8s-res-count-exporter v1.10.9…v1.10.11

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    k8s-audit-metrics v0.10.8…v0.10.10

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    node-exporter v1.20.7…v1.20.9

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    observability-policies v0.0.2…v0.0.3

    Fixed

    • Missing RBAC for kyverno-report-controller

    security-bundle v1.13.1…v1.15.0

    Added

    • Add kubescape (app) version v0.0.4.

    Changed

    • Update kyverno (app) to v0.21.1.
    • Update kyverno-crds (app) to v1.15.0.
    • Update kyverno (app) to v0.20.1.
    • Update kyverno-crds (app) to v1.14.0.
    • Update kyverno-policies (app) to v0.24.0.
    • Update reports-server (app) to v0.0.3.

    teleport-kube-agent v0.10.6…v0.10.7

    Added

    • Add ephemeral-storage requests and limits to satisfy Kyverno policy require-emptydir-requests-and-limits.

    Changed

    • Enable upstream-provided Prometheus PodMonitor to scrape metrics from Teleport Kube Agent pods.
  • CAPV releases releases vsphere-33.1.0

    Update Kubernetes to v1.33.6, Flatcar to v4459.2.1 and various component upgrades.

    Changes compared to v33.0.1

    Components

    • cluster-vsphere from v3.2.0 to v3.4.0
    • Flatcar from v4230.2.3 to v4459.2.1
    • Kubernetes from v1.33.5 to v1.33.6
    • os-tooling from v1.26.1 to v1.26.2

    cluster-vsphere v3.2.0…v3.4.0

    Changed

    • Chart: Update cluster to v4.4.0.
    • Chart: Update cluster to v4.3.0.

    Apps

    • cert-exporter from v2.9.12 to v2.9.14
    • cert-manager from v3.9.3 to v3.9.4
    • cilium from v1.3.1 to v1.3.2
    • etcd-defrag from v1.2.1 to v1.2.3
    • etcd-k8s-res-count-exporter from v1.10.9 to v1.10.11
    • k8s-audit-metrics from v0.10.8 to v0.10.10
    • node-exporter from v1.20.7 to v1.20.9
    • observability-policies from v0.0.2 to v0.0.3
    • security-bundle from v1.13.1 to v1.15.0
    • teleport-kube-agent from v0.10.6 to v0.10.7

    cert-exporter v2.9.12…v2.9.14

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    cert-manager v3.9.3…v3.9.4

    Added

    • Add E2E tests using apptest-framework for automated PR testing across multiple providers (CAPA, CAPV, CAPZ, CAPVCD).
      • Basic test suite: Validates fresh installations
      • Upgrade test suite: Tests upgrade scenarios and certificate reconciliation
    • Add certificate issuance integration test to cluster-test-suites.

    Changed

    • Upgrade cert-manager to v1.18.2.

    cilium v1.3.1…v1.3.2

    Changed

    etcd-defrag v1.2.1…v1.2.3

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.36.0. (#69)
    • Chart: Update dependency ahrtr/etcd-defrag to v0.35.0. (#64)

    etcd-k8s-res-count-exporter v1.10.9…v1.10.11

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    k8s-audit-metrics v0.10.8…v0.10.10

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    node-exporter v1.20.7…v1.20.9

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    observability-policies v0.0.2…v0.0.3

    Fixed

    • Missing RBAC for kyverno-report-controller

    security-bundle v1.13.1…v1.15.0

    Added

    • Add kubescape (app) version v0.0.4.

    Changed

    • Update kyverno (app) to v0.21.1.
    • Update kyverno-crds (app) to v1.15.0.
    • Update kyverno (app) to v0.20.1.
    • Update kyverno-crds (app) to v1.14.0.
    • Update kyverno-policies (app) to v0.24.0.
    • Update reports-server (app) to v0.0.3.

    teleport-kube-agent v0.10.6…v0.10.7

    Added

    • Add ephemeral-storage requests and limits to satisfy Kyverno policy require-emptydir-requests-and-limits.

    Changed

    • Enable upstream-provided Prometheus PodMonitor to scrape metrics from Teleport Kube Agent pods.
  • CAPA releases releases aws-33.1.0

    Update Kubernetes to v1.33.6, Flatcar to v4459.2.1 and various component upgrades.

    Changes compared to v33.0.1

    Components

    • cluster-aws from v6.2.0 to v6.4.1
    • Flatcar from v4230.2.3 to v4459.2.1
    • Kubernetes from v1.33.5 to v1.33.6
    • os-tooling from v1.26.1 to v1.26.2

    cluster-aws v6.2.0…v6.4.1

    Added

    • This change will roll the nodes on Karpenter node pools Attach the lb Security Group to Karpenter nodes.
    • This change will roll the nodes on Karpenter node pools Name instance on AWS after the nodepool name.
    • Add node-problem-detector-app, disabled by default.

    Changed

    • Tidy up dependencies on azs-getter.
    • Make global.baseDomain and global.managementCluster required values. These values will be passed to the chart when deploying it from the cluster-app-installation-values ConfigMap in the default namespace.
    • Extract required values to its own central file to avoid repeating the required keyword and error messages. This is normally done automatically by a Kyverno policy.
    • Change the default root disk size for Karpenter node pools. Karpenter will choose the cheapest instances, and certain instances, like g6f.xlarge come with some drivers that require a larger disk.
    • Chart: Update cluster to v4.3.0.

    Apps

    • aws-ebs-csi-driver from v3.2.0 to v3.3.0
    • aws-pod-identity-webhook from v2.0.0 to v2.1.0
    • cert-exporter from v2.9.12 to v2.9.14
    • cert-manager from v3.9.3 to v3.9.4
    • cilium from v1.3.1 to v1.3.2
    • etcd-defrag from v1.2.1 to v1.2.3
    • etcd-k8s-res-count-exporter from v1.10.9 to v1.10.11
    • k8s-audit-metrics from v0.10.8 to v0.10.10
    • karpenter-crossplane-resources from v0.4.0 to v0.5.1
    • node-exporter from v1.20.7 to v1.20.9
    • observability-policies from v0.0.2 to v0.0.3
    • security-bundle from v1.13.1 to v1.15.0
    • teleport-kube-agent from v0.10.6 to v0.10.7

    aws-ebs-csi-driver v3.2.0…v3.3.0

    Changed

    • Chart: Sync to upstream. (#338)
      • Chart: Update AWS EBS CSI Driver from v1.41.0 to v1.51.0.
      • Chart: ⚠️ URGENT: XFS Compatibility Issue - Newly formatted XFS volumes may fail to mount on nodes with older kernels (Amazon Linux 2). Use node.legacyXFS: true as workaround.
      • Chart: ⚠️ URGENT: Controller Health Checks - Controller now performs AWS API dry-run checks. Ensure proper IAM permissions and network connectivity.
      • Chart: ⚠️ URGENT: StorageClass Parameter Deprecation* - blockExpress parameter is deprecated for io2 volumes (now always uses 256,000 IOPS cap).
      • Chart: Add support for creating instant, point-in-time copies of EBS volumes within the same Availability Zone.
      • Chart: Add debugLogs parameter for maximum verbosity logging and debugging.
      • Chart: Add metadataSources configuration option for node metadata handling.
      • Chart: Add disableMutation parameter for service account mutation control.
      • Chart: Add support for updating node’s max attachable volume count via MutableCSINodeAllocatableCount feature gate (Kubernetes 1.33+).
      • Chart: Update dependencies including AWS SDK, Prometheus, and various Go modules.
      • Chart: Add missing enablePrometheusAnnotations values for controller and node components.
      • Chart: Update sidecar container versions:
    • csi-provisioner: v5.2.0 → v5.3.0
    • csi-attacher: v4.8.1 → v4.9.0
    • csi-snapshotter: v8.2.1 → v8.3.0
    • livenessprobe: v2.14.0 → v2.16.0
    • csi-resizer: v1.13.2 → v1.14.0
    • csi-node-driver-registrar: v2.13.0 → v2.14.0
    • volume-modifier-for-k8s: v0.5.1 → v0.8.0

    aws-pod-identity-webhook v2.0.0…v2.1.0

    Changed

    • Set VPA minAllowed CPU to 50m. Otherwise VPA will set the CPU to tiny values that will cause CPU throttling.

    cert-exporter v2.9.12…v2.9.14

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    cert-manager v3.9.3…v3.9.4

    Added

    • Add E2E tests using apptest-framework for automated PR testing across multiple providers (CAPA, CAPV, CAPZ, CAPVCD).
      • Basic test suite: Validates fresh installations
      • Upgrade test suite: Tests upgrade scenarios and certificate reconciliation
    • Add certificate issuance integration test to cluster-test-suites.

    Changed

    • Upgrade cert-manager to v1.18.2.

    cilium v1.3.1…v1.3.2

    Changed

    etcd-defrag v1.2.1…v1.2.3

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.36.0. (#69)
    • Chart: Update dependency ahrtr/etcd-defrag to v0.35.0. (#64)

    etcd-k8s-res-count-exporter v1.10.9…v1.10.11

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    k8s-audit-metrics v0.10.8…v0.10.10

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    karpenter-crossplane-resources v0.4.0…v0.5.1

    Added

    • Add new Helm value to configure the workers IAM role. When Karpenter launches worker instances, it will attach the worker instance profile.

    Fixed

    • Default the iam:PassRole resource to old worker role ARN (the one used before crossplane started managing the IAM Roles) when workersIamRole is not provided. This is needed to make our tests automation to work, regardless of the version of this app used.

    node-exporter v1.20.7…v1.20.9

    Changed

    • Go: Update dependencies.
    • Go: Update dependencies.

    observability-policies v0.0.2…v0.0.3

    Fixed

    • Missing RBAC for kyverno-report-controller

    security-bundle v1.13.1…v1.15.0

    Added

    • Add kubescape (app) version v0.0.4.

    Changed

    • Update kyverno (app) to v0.21.1.
    • Update kyverno-crds (app) to v1.15.0.
    • Update kyverno (app) to v0.20.1.
    • Update kyverno-crds (app) to v1.14.0.
    • Update kyverno-policies (app) to v0.24.0.
    • Update reports-server (app) to v0.0.3.

    teleport-kube-agent v0.10.6…v0.10.7

    Added

    • Add ephemeral-storage requests and limits to satisfy Kyverno policy require-emptydir-requests-and-limits.

    Changed

    • Enable upstream-provided Prometheus PodMonitor to scrape metrics from Teleport Kube Agent pods.