Tenant Cluster Releases for AWS

  • This release offers the possibility to configure the subnet size of Network Pools, the size and wait time of batches during tenant cluster upgrades. More details about the upgrade improvements can be found in our Fine-tuning upgrade disruption on AWS guide.

    Change details

    aws-cni 1.7.5

    Bug - Match primary ENI IP correctly (#1247 , @mogren)

    aws-operator 9.3.1

    Changed

    • Update dependencies to next major versions.

    Fixed

    • During a deletion of a cluster, ignore volumes that are mounted to an instance in a different cluster.

    Added

    • Annotation alpha.aws.giantswarm.io/metadata-v2 to enable AWS Metadata API v2
    • Annotation alpha.aws.giantswarm.io/aws-subnet-size to customize subnet size of Control Plane and Node Pools
    • Annotation alpha.aws.giantswarm.io/update-max-batch-size to configure max batch size in ASG update policy on cluster or machine deployment CR.
    • Annotation alpha.aws.giantswarm.io/update-pause-time to configure pause between batches in ASG update on cluster or machine deployment CR.

    cert-manager 2.3.2

    Added

    • Added values.schema.json for validation of default values. (#90)
    • Made cert-manager version configurable. (#91)

    Changed

    • Updated cert-manager to v1.0.4. (#95)
    • Update RBAC API versions. (#84)

    Fixed

    • Updated app version in Chart.yaml metadata to v1.0.3. (#91)
  • This patch release prevents an issue with QPS (Queries per Second) limits introduced by Docker Hub. Also, it solves a corner case scenario during ETCD mouting time.

    This minor release also contains two alpha features to terminate unhealthy nodes and to use the new AWS metadata API v2. Both only works when the cluster CR is annotated properly.

    Change details

    aws-operator 9.2.0

    Fixed

    • Fix dockerhub QPS by using paid user token for pulls.
    • Remove dependency on var-lib-etcd.automount to avoid dependency cycle on new systemd.

    Added

    • Add terminate-unhealthy-node alpha feature to automatically terminate bad and unhealthy nodes in a Cluster.
    • Add alpha.giantswarm.io/aws-metadata-v2 annotation to enable AWS Metadata API v2.
  • Nodes will be rolled during upgrade to this version.

    This patch release prevents an issue with QPS (Queries per Second) limits introduced by Docker Hub.

    Change details

    aws-operator 8.7.10

    Fixed

    • Fix DockerHub QPS limits by using paid user token for pulls.
  • If you are upgrading from 12.5.1, upgrading to this release will not roll your nodes. It will only update the apps.

    This release fixes an issue that causes app-operator to crash when handling cluster deletion.

    Because we rarely delete clusters, the likelihood of this issue is low. But if we do delete a cluster (for example, a test cluster) with the broken app-operator, the operator will crash and stop reconciling app CRs in other clusters. Everything in that version breaks.

    As this is a patch update that doesn’t roll nodes, we highly recommended upgrading to it.

    Change details

    app-operator 2.3.5

    Fixed

    • Skip removing finalizer for chart-operator chart CR if its not present.
    • Skip deleting chart-operator in case of cluster deletion.
  • This release fixes an issue that prevented upgrades of the Control Planes.

    Change details

    aws-operator 9.1.3

    Fixed

    • Ignore error when missing APIServerPublicLoadBalancer CF Stack output to allow upgrade.

    app-operator 2.3.3

    Added

    • Delete chart-operator helm release and chart CR so it can be re-installed.

    chart-operator 2.3.5

    Fixed

    • Stop repeating helm upgrade for the failed helm release.
  • If you are upgrading from 9.3.8, upgrading to this release will not roll your nodes.

    This patch release fixes a problem causing the accidental deletion and reinstallation of Preinstalled Apps (such as CoreDNS) in 9.x.x tenant clusters.

    Please upgrade all older clusters to this version in order to prevent possible downtime.

    Change details

    cluster-operator 0.23.18

    Changed

    • Get app-operator version from releases CR.

    Fixed

    • Remove all chartconfig migration logic that caused accidental deletion and is no longer needed.

    chart-operator 0.13.2

    Changed

    • Calculating md5sum from Chart go struct.
    • Add metrics for Helm releases with a mismatched namespace.
  • This release offers the possibility to add additional Network Pools to the Control Plane and flexibly choose the IP range for new Tenant Clusters from these pools. It also upgrades Kubernetes to v1.17.13.

    Note for Solution Engineers:

    • Helm3:
      • Please use Upgrading tenant clusters to Helm 3 as a guide on the upgrade process for the checks and monitoring steps.
      • Note for future 12.x.x releases:
        • Please persist this note and the above, until all customers are on AWS v12.3.x and above.
    • cert-manager-app:
      • Please use this upgrade script to assist with the process. Due to changes in Cert Manager’s API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager.
      • Note for future 12.x.x releases:
        • Please persist this note and the above, until all customers are on AWS v12.1.x and above.

    Change details

    aws-operator 9.1.2

    Added

    • Add etcd client certificates for Prometheus.
    • Add --service.aws.hostaccesskey.role flag.
    • Add api.<cluster ID>.k8s.<base domain> and *.<cluster ID>.k8s.<base domain> records into CP internal hosted zone.

    Fixes

    • Fix vpc/route-table lookups.

    Changed

    • Access Control Plane AWS account using role assumption. This is to prepare running aws-operator inside a Tenant Cluster.
    • Changed AWS CNI parameters to be more conservative with preallocated IPs while not hitting the AWS API too hard.

    Changed

    • Update k8scloudconfig to v8.0.3.

    cluster-operator 3.3.1

    Fixed

    • Manage Tenant Cluster API errors gracefully.

    Kubernetes 1.17.13

    • Prevent logging of docker config contents if file is malformed (#95348)
    • Do not fail sorting empty elements. (#94666)
    • Fix detach azure disk issue when vm not exist (#95177)
    • Fix etcd_object_counts metric reported by kube-apiserver (#94817)
    • Fix kubectl printer to correctly handle timestamps of events emitted using events.k8s.io API (#90227)
    • Fix the cloudprovider_azure_api_request_duration_seconds metric buckets to correctly capture the latency metrics. Previously, the majority of the calls would fall in the “+Inf” bucket. (#95376)
    • Fix: detach azure disk broken on Azure Stack (#94885)
    • Fixed a bug where improper storage and comparison of endpoints led to excessive API traffic from the endpoints controller (#94935)
    • Kubeadm: warn but do not error out on missing “ca.key” files for root CA, front-proxy CA and etcd CA, during “kubeadm join –control-plane” if the user has provided all certificates, keys and kubeconfig files which require signing with the given CA keys. (#94988)

    Check the upstream changelog for details on all changes.

  • This release upgrades cert-manager-app to v2.3.0 which brings new patch version v1.0.2 of the upstream project.

    Change details

    cert-manager 2.3.0

    • New Cert-Manager v1.0.2 fixes the errors from kubectl invocation.
    • Fix hook-delete-policy to delete hook resources to make upgrades reliable
    • This version add support for Route53 using Kiam annotation.

    external-dns 1.5.0

    • New External-DNS upstream version v0.7.4 with several bugfixes.
  • This release updates Cert-Manager to 1.1.0 to add support for Route53 using Kiam annotation.

    Change details

    cert-manager 1.1.0

    • Update cert-manager to 1.1.0 to add support for Route53 using Kiam annotation.
  • If you are upgrading from 12.2.0, upgrading to this release will not roll your nodes. It will only update the apps.

    This release upgrades all Helm releases managed by Giant Swarm to use Helm v3.3.4.

    This lets us benefit from the improved security model and keep up to date with the community. We also remove the Tiller deployment from the giantswarm namespace, removing its gRPC endpoint, which reduces operational complexity.

    If you are still using Helm 2 then these Helm releases will not be affected. However we encourage you to upgrade to Helm 3. As Helm 2 support ends on November 13th 2020. https://helm.sh/blog/helm-v2-deprecation-timeline/

    Below, you can find more details on components that were changed with this release.

    Note before upgrade:

    Please contact your Solution Engineer before upgrading. The upgrade is automated. However, it includes a data migration from Helm 2 release configmaps to Helm 3 release secrets, there are some pre-upgrade checks and we recommend monitoring the upgrade to ensure safety.

    Note for Solution Engineers:

    • Helm3:
      • Please use Upgrading tenant clusters to Helm 3 as a guide on the upgrade process for the checks and monitoring steps.
      • Note for future 12.x.x releases:
        • Please persist this note and the above, until all customers are on AWS v12.3.x and above.
    • cert-manager-app:
      • Please use this upgrade script to assist with the process. Due to changes in Cert Manager’s API, associated Ingresses and Secrets must also be updated to ensure they are reconciled by Cert Manager.
      • Note for future 12.x.x releases:
        • Please persist this note and the above, until all customers are on AWS v12.1.x and above.

    Change details

    app-operator v2.3.2

    chart-operator v2.3.3