1. Docs
  2. Changes and releases

Changes and Releases

Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.

  • AI Agents muster v0.1.133

    What’s Changed

    Full Changelog: https://github.com/giantswarm/muster/compare/v0.1.132...v0.1.133

  • AI Agents klaus v0.0.141

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klaus/compare/v0.0.140...v0.0.141

  • AI Agents klaus v0.0.140

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klaus/compare/v0.0.139...v0.0.140

  • AI Agents klausctl v0.0.73

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klausctl/compare/v0.0.72...v0.0.73

  • AI Agents klaus-oci v0.0.22

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klaus-oci/compare/v0.0.21...v0.0.22

  • Developer Portal backstage v0.126.0

    Added

    • Added configuration options to allow for persisting the SQLite database.
    • Add Mermaid diagram support to AI chat markdown rendering.
    • Render <details>/<summary> HTML in AI chat markdown.
    • Allow AI chat MCP servers to act as the logged-in Backstage user via the new useBackstageUserToken option, so user-context tools like auth.who-am-i work without a static external-access token.

    Changed

    • Strip reasoning content from past AI chat assistant messages to reclaim context tokens for Claude conversations.
    • Replace the fa-kubernetes Font Awesome icon with an inline SVG and remove the Font Awesome kit integration.
    • Replace @terasky/backstage-plugin-catalog-mcp-backend with the built-in catalog.query-catalog-entities action from @backstage/plugin-mcp-actions-backend.

    Fixed

    • Fix AI chat input freezing after typing dead keys (e.g., backtick on German keyboard).

    Removed

    • Remove the custom getCurrentUserInfo AI chat agent tool, superseded by the upstream auth.who-am-i tool from the mcp-actions MCP server. See ./docs/releases/v0.126.0-changelog.md for more information.
  • AI Agents muster v0.1.132

    What’s Changed

    Full Changelog: https://github.com/giantswarm/muster/compare/v0.1.131...v0.1.132

  • AI Agents klaus v0.0.139

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klaus/compare/v0.0.138...v0.0.139

  • CAPA releases releases aws-34.2.0

    Changes compared to v34.1.1

    Components

    • cluster-aws from v7.4.0 to v7.6.1
    • cluster from v5.1.2 to v5.3.1
    • Flatcar from v4459.2.3 to v4459.2.4
    • Kubernetes from v1.34.5 to v1.34.7
    • os-tooling from v1.26.4 to v1.28.0

    cluster-aws v7.4.0…v7.6.1

    Added

    • Add appVersion field to Chart.yaml.
    • Enable scraping metrics and logs from the karpenter app.
    • Allow to configure the name of the hosted zone to use for the workload cluster by setting global.connectivity.dns.hostedZoneName.
    • Allow to configure the AWS IAM Role to use when managing the DNS delegation for the hosted zone by setting global.connectivity.dns.delegationIdentityName.
    • Added new annotation network.giantswarm.io/base-domain with the base domain value used for the workload cluster.
    • Add support for network.giantswarm.io/wildcard-cname-target annotation on AWSCluster via global.connectivity.dns.wildcardCnameTarget.

    Changed

    • Enable cert-manager DNS challenges by default.
    • Reduced default karpenter consolidation from 6 hours to 1 hour.
    • Apps: Enable rbac-bootstrap as a default HelmRelease app.

    Fixed

    • Set appName before catalog lookup in aws-nth-app template to ensure correct catalog resolution from Release CR.

    cluster v5.1.2…v5.3.1

    Added

    • Apps: Add rbac-bootstrap as a default HelmRelease app with a default ClusterRoleBinding for giantswarm:giantswarm-admins.

    Changed

    • Apps: Use OCIRepository source for rbac-bootstrap HelmRelease.

    Fixed

    • Apps: Change rbac-bootstrap default role from read-all to view and add additional groups for token forwarded cases.

    Apps

    • aws-ebs-csi-driver from v4.1.1 to v4.1.2
    • aws-nth-bundle from v1.3.0 to v1.4.0
    • cert-exporter from v2.9.16 to v2.10.1
    • cert-manager-crossplane-resources from v0.1.0 to v0.1.1
    • cilium from v1.4.1 to v1.4.3
    • cloud-provider-aws from v2.0.0 to v2.1.0
    • cluster-autoscaler from v1.34.3-1 to v1.34.3-2
    • coredns from v1.29.1 to v1.30.0
    • etcd-defrag from v1.2.4 to v1.2.6
    • k8s-dns-node-cache from v2.9.2 to v2.11.0
    • karpenter from v2.1.0 to v2.3.0
    • observability-bundle from v2.6.0 to v2.8.0
    • prometheus-blackbox-exporter from v0.5.1 to v0.7.0
    • security-bundle from v1.17.0 to v1.17.1

    aws-ebs-csi-driver v4.1.1…v4.1.2

    Changed

    • Update ABS config to replace .appVersion in Chart.yaml with version detected by ABS.

    Fixed

    • Use .Chart.AppVersion instead of .Chart.Version for OCIRepository tag.

    aws-nth-bundle v1.3.0…v1.4.0

    Changed

    • Migrate sub-apps from App CRs to Flux HelmRelease CRs.
    • Add io.giantswarm.application.audience: all annotation to publish the app to the customer Backstage catalog.
    • Migrate chart metadata annotations to io.giantswarm.application.* format.

    cert-exporter v2.9.16…v2.10.1

    Added

    • DaemonSet: Add VPA.

    Changed

    • Values: Tune resources.

    Fixed

    • Parse all PEM blocks in secrets and certificate files, not just the first one. This fixes false alerts when multiple certificates are concatenated (e.g. Kyverno webhook cert rotation).

    cert-manager-crossplane-resources v0.1.0…v0.1.1

    Changed

    • Update architect-orb to v6.15.0.

    cilium v1.4.1…v1.4.3

    Changed

    cloud-provider-aws v2.0.0…v2.1.0

    Changed

    • Bump to upstream image v1.35.0

    cluster-autoscaler v1.34.3-1…v1.34.3-2

    Added

    • Validate that managementCluster (when isManagementCluster=true) or clusterID (otherwise) are set, failing early with a clear error message.
    • Add support for CAPI mode (kubeconfig-incluster): run cluster-autoscaler on the management cluster using a pre-existing kubeconfig to connect to the workload cluster.
    • Add clusterAPI values section for configuring CAPI mode (autodiscovery, kubeconfig secret, configmaps namespace).
    • Add rbac.clusterScoped toggle to support namespace-scoped RBAC (no ClusterRole/ClusterRoleBinding) for CAPI deployments.

    Changed

    • Migrate test infrastructure from pipenv to uv.
    • Deploy the Kyverno policy exception in the policy-exceptions Namespace.
    • Deploy the Kyverno PolicyException as a Helm pre-install,pre-upgrade hook so it takes effect before chart resources are created.

    coredns v1.29.1…v1.30.0

    Added

    • Add coredns-adopter job to adopt default CoreDNS resources on EKS clusters (disabled by default).

    Changed

    • Update coredns image to 1.14.2.

    etcd-defrag v1.2.4…v1.2.6

    Changed

    • Chart: Update dependency ahrtr/etcd-defrag to v0.39.0. (#86)
    • Chart: Update dependency ahrtr/etcd-defrag to v0.38.0. (#84)

    k8s-dns-node-cache v2.9.2…v2.11.0

    Added

    • Add configmap.log.enabled helm value to toggle CoreDNS query logging (default: false).
    • Make AAAA NOERROR configurable for IPv6.

    karpenter v2.1.0…v2.3.0

    Changed

    • Migrate workload chart to use unmodified upstream Karpenter v1.8.1 chart as a Helm dependency (alias: upstream), eliminating fork maintenance.
    • Bundle chart: add giantswarm.workloadValues transformer to route values under upstream: key with extras (podLogs, global) at top level.
    • Bundle chart: convert proxy settings to controller.env entries for upstream compatibility.
    • Bundle chart: add giantswarm.combineImage helper to merge split registry+repository into single repository path.
    • Restructure bundle values.yaml into annotated BUNDLE-ONLY / UPSTREAM / EXTRAS sections.
    • Add io.giantswarm.application.audience: all annotation to publish the app to the customer Backstage catalog.
    • Migrate chart metadata annotations to io.giantswarm.application.* format for both the karpenter and karpenter-bundle charts.
    • Update ABS config to replace .appVersion in Chart.yaml with version detected by ABS.

    Fixed

    • Use .Chart.AppVersion instead of .Chart.Version for OCIRepository tag.

    Removed

    • Remove all forked upstream templates from workload chart (replaced by upstream dependency).
    • Remove vendir.yml, vendir.lock.yml, vendor/ directory, and Makefile.custom.mk.

    observability-bundle v2.6.0…v2.8.0

    Added

    • Add KSM metrics for Envoy Gateway resources.
    • Add application.giantswarm.io/team annotation from HelmReleases as label to KSM emitted metrics.

    Changed

    • Update kube-prometheus-stack to 20.1.0
    • Change team annotation in Chart.yaml to OpenContainers format (io.giantswarm.application.team).
    • Update alloy-app to 0.17.1
    • Update kube-prometheus-stack to 20.0.0
    • Update prometheus-operator-crd to 20.0.0

    prometheus-blackbox-exporter v0.5.1…v0.7.0

    Added

    • Add http_2xx_insecure module with insecure_skip_verify: true to support probing workload cluster API servers from the management cluster. The MC’s service account CA (http_2xx_k8sca) only covers the MC itself; workload clusters have their own CA which is not available to the blackbox exporter, making TLS verification impossible without this module.

    Changed

    • Set priorityClassName to system-node-critical to ensure DaemonSet pods are scheduled even on full nodes.

    security-bundle v1.17.0…v1.17.1

    Added

    • Add io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.

    Changed

    • Update falco (app) to v0.11.2.
    • Update gel (app) to v1.0.2.
    • Update kubescape (app) to v0.0.6.
    • Update reports-server (app) to v0.1.3.
    • Update starboard-exporter (app) to v1.0.3.
    • Update trivy (app) to v0.14.2.
    • Update trivy-operator (app) to v0.12.2.
    • Migrate chart annotations to OCI-compatible format.
  • AI Agents klausctl v0.0.72

    What’s Changed

    Full Changelog: https://github.com/giantswarm/klausctl/compare/v0.0.71...v0.0.72