All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project's packages adheres to Semantic Versioning.
4.0.0 - 2024-11-19
- Removed PSP support and thus support for pre v1.25 Kubernetes clusters.
- Removed
.global.podSecurityStandards.enforced
Helm value.
- Removed
- Removed
.project.branch
andproject.commit
Helm values.
- Bump
architect-orb
tov5.11.1
. - Updated build pipeline to use
app-build-suite
.- Changed value for
application.giantswarm.io/branch
label to point to.Chart.AppVersion
instead as ABS does not support mangling the templates anymore. - Changed value for
application.giantswarm.io/commit
label to point to.Chart.AppVersion
instead as ABS does not support mangling the templates anymore.
- Changed value for
- Defaulted
.image.tag
to be an empty string and default that to.Chart.AppVersion
in the deployment. - Bumped
test-app
version tov1.0.0
in integration tests.
3.3.0 - 2024-07-18
- Added and enabled by default an
emptyDir
volume undertmp
of the deployment for artifact pulls so that we can make the rest of the root file system read only under the security context. - Added control over the VPA max allowed resources.
- Requests and limits are always set on the deployment.
- Increased default requests and limits because of the introduction of the
emptyDir
volume under/tmp
. - Enabled read only root file system by default on the security context.
- Update PolicyExceptions to v2 and fallback to v2beta1.
3.2.1 - 2024-03-05
- Use separate rest configs for different Kubernetes clients.
3.2.0 - 2024-02-27
- Added
--service.controller.resyncperiod
daemon flag that can be controller via.controller.resyncPeriod
Helm value. Controls the duration after which a complete sync with all known runtime objects the controller watches is performed. Defaults to5m
.
3.1.3 - 2024-01-29
- Move pss values under the global property
- Use base images from
gsoci.azurecr.io
3.1.2 - 2023-12-20
- Configure
gsoci.azurecr.io
as the default container image registry.
3.1.1 - 2023-12-05
- Configure gsoci.azurecr.io as the registry to use by default
3.1.0 - 2023-10-19
- Force-disable PSP-related resources when
global.podSecurityStandards.enforced
value is true.
3.0.0 - 2023-10-04
- Removed
giantswarm.io/monitoring: "true"
label from theService
resource. To get metricschart-operator
should be from now on used in conjunction withchart-operator-extensions
versionv1.1.1
or later to deployServiceMonitor
resource for it. It was split up aschart-operator
is one of the first component to get into a cluster that will deploy most other things, for example Prometheus that will eventually actually deploy the CRD forServiceMonitor
.
2.35.2 - 2023-09-26
- Fixed default values for
.proxy
and.cluster.proxy
values and updated Helm values schema accordingly.
2.35.1 - 2023-09-21
- Changed pod taint toleration to only tolerate
NotReady
for CAPI.
2.35.0 - 2023-05-04
- Disable PSPs for k8s 1.25 and newer.
2.34.1 - 2023-05-02
- Add Kyverno
PolicyExceptions
for necessary capabilities normally prohibited by PSS policies.
2.34.0 - 2023-02-14
- Selecting private Helm client on demand for some operations.
2.33.2 - 2022-12-16
2.33.1 - 2022-12-16
- New error for values schema validation.
- Use transitional errors coming from running Helm in the Chart CR status.
2.33.0 - 2022-11-16
- Add support to run in private cloud clusters, which cannot provide any working
externalDNSIP
.
2.32.0 - 2022-11-15
- Support for running behind a proxy.
HTTP_PROXY
,HTTPS_PROXY
andNO_PROXY
are set as environment variables indeployment/chart-operator
if defined invalues.yaml
.
- Support for using
cluster-apps-operator
generatedcluster.proxy
values.
2.31.0 - 2022-10-07
- Add internal upgrade step on installation for Helm charts marked by annotation.
2.30.0 - 2022-09-23
- Add suport for timeouts fields in the Chart CR.
- Add support for new control-plane label in k8s 1.24.
2.29.0 - 2022-08-12
- Reconfigure VPA autoscaler to react correctly to pod resource ceilings
2.28.0 - 2022-08-09
- Add
pre-upgrade
helm annotation togiantswarm-critical
PriorityClass in order to fix upgrade issues.
2.27.0 - 2022-07-29
- Ensure the
giantswarm-critical
PriorityClass is created first on initial installation.
2.26.0 - 2022-07-20
- Use
127.0.0.1
as KUBERNETES_SERVICE_HOST whenbootstrapMode
is enabled.
2.25.0 - 2022-07-04
- Tighten pod and container security contexts for PSS restricted policies.
- Use downward API to set deployment env var
KUBERNETES_SERVICE_HOST
tostatus.hostIP
. - Change
initialBootstrapMode
configuration value tobootstrapMode
. - Use private Helm client for installing app-operators from control-plane-test-catalog
- Allow to set api server pod port when enabling
initialBootstrapMode
.
2.24.1 - 2022-06-22
- Update
helmclient
to v4.10.1.
2.24.0 - 2022-06-09
- Add
chart-pull-failed
error to differentiate between issues when pulling chart tarball and other problems.
- Fix missing
PriorityClass
issue.
2.23.0 - 2022-06-06
- Always create
giantswarm-critical
priority class if it does not exist. - Add initialBootstrapMode flag to allow deploying CNI as managed apps.
2.22.0 - 2022-05-30
- Split Helm client into private Helm client for
giantswarm
-namespaced apps and public Helm client for rest of the apps.
2.21.1 - 2022-05-19
- Add Helm release failure reason when it is known, and if there is a currently successfully released version
2.21.0 - 2022-04-07
- Update
helmclient
to v4.10.0.
2.20.1 - 2022-03-15
- Use
apptestctl
to install CRDs in integration tests to avoid hitting GitHub rate limits.
- Fix
status
resource to use Helm release status if it exists.
2.20.0 - 2021-12-15
- Update Helm to v3.6.3.
- Use controller-runtime client to remove CAPI dependency.
- Remove unused helm 2 release collector.
2.19.1 - 2021-10-20
- Deployment
hostNetwork
is enabled or not depending onchartOperator.cni.install
value.
2.19.0 - 2021-08-13
- Remove
tillermigration
resource now Helm 3 migration is complete.
2.18.1 - 2021-08-05
- Increase memory limit for deploying large charts in workload clusters.
2.18.0 - 2021-06-21
- Add releasemaxhistory resource which ensures we retry at a reduced rate when there are repeated failed upgrades.
- Upgrade Helm release when failed even if version or values have not changed to handle situations like failed webhooks where we should retry.
2.17.0 - 2021-06-09
- Prepare helm values to configuration management.
- Update architect-orb to v3.0.0.
- Improve status message when helm release has failed max number of attempts.
2.16.0 - 2021-06-03
For CAPI clusters:
- Add tolerations to start on
NotReady
nodes for installing CNI. - Create
giantswarm-critical
priority class. - Use host network to allow installing CNI packaged as an app.
2.15.0 - 2021-05-20
- Proxy support in helm template.
2.14.0 - 2021-04-30
- Cancel the release resource when the manifest object already exists.
- Cancel the release resource when helm returns an unknown error.
2.13.1 - 2021-04-06
- Updated OperatorKit to v4.3.1 for Kubernetes 1.20 support.
2.13.0 - 2021-03-31
giantswarm-critical
PriorityClass only managed when E2E.
2.12.0 - 2021-03-26
- Set docker.io as the default registry
- Pass RESTMapper to helmclient to reduce the number of REST API calls.
- Updated Helm to v3.5.3.
2.11.0 - 2021-03-19
- Updating namespace metadata using namespaceConfig in
Chart
CRs.
2.10.0 - 2021-03-17
- Pause Chart CR reconciliation when it has chart-operator.giantswarm.io/paused=true annotation.
- Deploy
giantswarm-critical
PriorityClass when it's not found.
2.9.0 - 2021-02-03
- Use diff key when logging differences between the current and desired release.
- Stop updating Helm release if it has failed the previous 5 attempts.
2.8.0 - 2021-01-27
- Add support for skip CRD flag when installing Helm releases.
2.7.1 - 2021-01-13
- Only create VPA if autoscaling API group is present.
2.7.0 - 2021-01-07
- Added last reconciled timestamp as metrics.
2.6.0 - 2020-12-21
- Print difference between current release and desired release.
- Updated Helm to v3.4.2.
2.5.2 - 2020-12-07
- Add Vertical Pod Autoscaler support.
2.5.1 - 2020-12-01
- Fix comparison of last deployed and revision optional fields in status resource.
- Set memory limit and reduce requests.
2.5.0 - 2020-11-09
- Validate the cache in helmclient to avoid state requests when pulling tarballs.
- Call status webhook with token values.
- Update apiextensions to v3 and replace CAPI with Giant Swarm fork.
2.4.0 - 2020-10-29
- Call status webhook when webhook annotation is present.
- Remove chartmigration resource as migration from chartconfig to chart CRs is complete.
2.3.5 - 2020-10-13
- Stop repeating helm upgrade for the failed helm release.
2.3.4 - 2020-10-01
- Added release name as a label into the event count metrics.
2.3.3 - 2020-09-29
- Updated Helm to v3.3.4.
- Updated Kubernetes dependencies to v1.18.9.
- Update deployment annotation to use checksum instead of helm revision to reduce how often pods are rolled.
- Increase wait timeout for accessing Kubernetes API from 10s to 120s.
2.3.2 - 2020-09-22
- Added event count metrics for delete, install, rollback and update of Helm releases.
- Fix structs merging error in helmclient.
- Updated Helm to v3.3.3.
2.3.1 - 2020-09-04
- Add monitoring labels.
- Add namespace to logging message.
- Remove memory limits from deployment.
2.3.0 - 2020-08-24
- Using default DNS policy for control planes.
2.2.1 - 2020-08-19
- Fixed the timeout value for the namespace resource.
2.2.0 - 2020-08-19
- Creating namespace before helm operations.
2.1.0 - 2020-08-18
- Updated Helm to v3.3.0.
2.0.0 - 2020-08-12
- Updated backward incompatible Kubernetes dependencies to v1.18.5.
- Updated Helm to v3.2.4.
- Fix the rollback in a loop problem.
1.0.7 - 2020-08-05
- Rollback the helm release in pending-install, pending-upgrade.
1.0.6 - 2020-07-24
- Disable force upgrades since recreating resources is not supported.
- Graduate Chart CRD to v1.
- Upgrade to operatorkit 1.2.0.
1.0.5 - 2020-07-15
- Enable force upgrades when chart CR annotation is present.
1.0.4 - 2020-07-08
- Update MD5 Hash only if chart-operator upgrade the release successfully.
- Make kubernetes wait timeout configurable when installing and updating releases.
- Set release revision in CR status.
v1.0.3 2020-06-16
- Fixed PodSecurityPolicy compatibility problem.
v1.0.2 2020-06-04
- Disabled force-upgrade from helmclient.
- Canceling the release resource when migration is done yet.
v1.0.1 2020-05-26
- Using helmclient v1.0.1 for security fix.
- Cancel the release resource when the manifest validation failed.
v1.0.0 2020-05-18
- Updated to support Helm 3; To keep using Helm 2, please use version 0.X.X.
v0.13.0 2020-04-21
- Deploy as a unique app in app collection in control plane clusters.
v0.12.4 2020-04-15
- Always set chart CR annotations so update state calculation is accurate.
- Only update failed Helm releases if the chart values or version has changed.
v0.12.3 2020-04-09
- Fix problem pushing chart to default app catalog.
v0.12.2 2020-04-09
- Fix update state calculation and status resource for long running deployments.
- Handle 503 responses when GitHub Pages is unavailable.
- Make HTTP client timeout configurable for pulling chart tarballs in AWS China.
- Switch from dep to go modules.
v0.12.1 2020-03-10
- Remove usage of legacy chartconfig CRs in Tiller metrics.
v0.12.0 2020-03-09
- Add chartmigration resource to allow legacy chartconfig controller to be removed. (#358)
- Improve reason field in chart CR status when installing a chart fails. (#359)
- Use version from chart CR when calculating desired state to reduce number of HTTP requests to pull chart tarballs. (#351)
- Wait for deleted Helm release before removing finalizer. (#360)
- Do not wait when installing or updating a Helm release takes over 3 seconds. We check progress in the next reconciliation loop. (#362)
- Remove legacy chartconfig controller. (#365)
- Separate network policy.
- Separate podsecuritypolicy.
- Security context in deployment spec with non-root user.