By Category

Dashboards Documentation Highlights Kubectl Gs Managed Apps Observability Platform Platform API Web UI Workload Cluster Releases for AWS Workload Cluster Releases for Azure Workload Cluster Releases for CAPA Workload Cluster Releases for CLOUD-DIRECTOR Workload Cluster Releases for VSPHERE

Workload cluster release v20.1.0 for AWS

Apr 24, 2024 Workload cluster releases for AWS releases v20.1.0

This release provides security updates for container linux and a fix for IMDSv2 only clusters.

Change details

aws-operator 16.1.1

Fixed

Bump k8scc to fix issues with IMDS v2.

cert-operator 3.4.0

Changed

Avoid exiting with a failure at startup time if the PKI cleanup fails.

cluster-operator 5.11.1

Changed

Configure gsoci.azurecr.io as the default container image registry.

Added

Add team label in resources.
Add global.podSecurityStandards.enforced value for PSS migration.

Fixed

Fix release version check for PSS enforcement.

containerlinux 3815.2.2

Changes since Stable 3815.2.1

Security fixes:

Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26584, CVE-2024-26585, CVE-2024-26642, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26686, CVE-2024-26700, CVE-2024-26809)
Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor (CVE-2024-3094)
openssh (CVE-2023-48795, CVE-2023-51384, CVE-2023-51385)

Bug fixes:

Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
Fixed toolbox to prevent mounted ctr snapshots from being garbage-collected (toolbox#9)

Changes:

Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (scripts#1771)
SDK: Unified qemu image formats, so that the qemu_uefi build target provides the regular qemu and the qemu_uefi_secure artifacts (scripts#1847)

Updates:

Linux (6.1.85 (includes 6.1.84, 6.1.83, 6.1.82))
ca-certificates (3.99)
openssh (9.6p1)

etcd 3.5.13

etcd server

Fix leases wrongly revoked by the leader by ignoring old leader’s leases revoking request.
Fix no progress notification being sent for watch that doesn’t get any events.
Fix watch event loss after compaction.

Package `clientv3`

gRPC Proxy

Add three flags (see below) for grpc-proxy
- --dial-keepalive-time
- --dial-keepalive-timeout
- --permit-without-stream

Dependencies

Upgrade bbolt to v1.3.9.
Compile binaries using go 1.21.8.
Upgrade google.golang.org/protobuf to v1.33.0 to address CVE-2024-24786.
Upgrade github.com/sirupsen/logrus to v1.9.3 to address PRISMA-2023-0056.

Others

Make CGO_ENABLED configurable.

app-operator 6.11.0

Added

Add support for App resources having a dependency on HelmReleases.

vertical-pod-autoscaler 5.1.0

Added

Repository: Add ATS. (#267)

Changed

Chart: Improve readability of image tag. (#263)
Repository: Chores. (#266)
- Repository: Move .kube-linter.yaml.
- Repository: Rework ABS.
- Repository: Rework CircleCI.
- Repository: Rework README.
- Chart: Regenerate values schema JSON.
- Chart: Rework Chart.yaml.
- Chart: Rework README.md.gotmpl.
Chart: Rework chart. (#269)
- Chart: Rework helpers.
- Chart: Rework vertical pod autoscalers.
- Chart: Rework policy exceptions.
- Chart: Rework network policies.
- Chart: Rework CRD patch.
Chart: PSS compliance. (#270)

Removed

Repository: Chores. (#266)
- Repository: Remove unused script.
- Repository: Remove .nancy-ignore*.
- Repository: Remove images.
- Repository: Remove config.
- Repository: Remove .gitignore.
- Chart: Remove .helmignore.
- Chart: Remove useless CI values.
Chart: Rework chart. (#269)
- Chart: Remove global network policies.

etcd-kubernetes-resources-count-exporter 1.10.0

Changed

Set min VPA settings and adjust CPU and memory resources.
Use PodMonitor instead of legacy labels for monitoring.

observability-bundle 1.3.4

Changed

Upgrade kube-prometheus-stack to 9.1.2.

k8s-audit-metrics 0.9.0

Added

Add team label in resources.
Use ServiceMonitor for monitoring.

Changed

Configure gsoci.azurecr.io as the default container image registry.

cert-manager 3.7.4

Added

Added support for AzureDNS integration with a Service Principal on clusterIssuer helm chart .

Changed

Changed appVersion to v1.14.2

chart-operator 3.2.1

Fixed

Use separate rest configs for different Kubernetes clients.

cilium 0.22.0

Added

Add helm values schema.

Changed

Add safe-to-evict annotations to Hubble Relay and UI pods.
Enable deletion of extra network policies.
Update team label to cabbage

cluster-autoscaler 1.25.3-gs2

Added

Add possibility to use egress proxy.

Changed

Chart: Improve proxy settings. (#249)

external-dns 3.1.0

Changed

Remove default namespaceFilter configuration. (#324).

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.