Skip to content

Release v1.22.1
Compare
Choose a tag to compare
@SIGHUP-C-3PO SIGHUP-C-3PO released this 06 Dec 20:13
· 1238 commits to main since this release
v1.22.1
8b5e226
This commit was signed with the committer’s verified signature.
ralgozino Ramiro Algozino
GPG key ID: 8D2626E46135BFEE
Learn about vigilant mode.

Kubernetes Fury Distribution Release v1.22.1

Welcome to KFD release v1.22.1.

The distribution is maintained with ❤️ by the team SIGHUP, and is battle tested in production environments.

This release adds a bunch of new features and improvements to the core modules, adds a new core module auth and some package replacement/removals.

New Features since v1.22.0

Core Module Updates

  • networking 📦 core module: v1.9.0 -> v1.10.0
    • Updated calico from 3.23.2 to 3.24.1.
    • Updated ip-masq-agent from 2.5.0 to 2.8.0.
    • Added Tigera operator package.
  • monitoring 📦 core module: v1.14.2 -> v2.0.1
    • Updated alertmanager from 0.23.0 to 0.24.0.
    • Updated grafana from 8.3.3 to 8.5.5.
    • Updated kube-rbac-proxy from 0.11.0 to 0.12.0.
    • Updated kube-state-metrics from 2.3.0 to 2.5.0.
    • Updated prometheus-operator from 0.53.1 to 0.57.0.
    • Updated prometheus from 2.32.1 to 2.36.1.
    • Updated x509-exporter from 2.12.1 to 3.2.0.
    • Removed goldpinger package.
    • Removed metrics-server package.
    • Added blackbox-exporter package 0.21.0.
    • Added prometheus-adapter package 0.9.1.
  • logging 📦 core module: v1.10.3 -> v3.0.1
    • Removed elasticsearch package.
    • Removed kibana package.
    • Removed fluentd package.
    • Removed curator package.
    • Added opensearch package 2.0.0.
    • Added opensearch-dashboards package 2.0.0.
    • Added logging-operator package 3.17.7.
    • Added loki-stack as tech preview package 2.4.2.
  • ingress 📦 core module: v1.12.2 -> v1.13.1
    • Updated cert-manager from 1.6.1 to 1.10.0.
    • Updated forecastle from 1.0.75 to 1.0.103.
    • Removed nginx-ldap-auth package.
    • Removed nginx-ovh package.
    • Removed nginx-gke package.
    • Removed pomerium package.
    • Added external-dns package 0.10.2.
    • Added aws-cert-manager terraform module.
    • Added aws-external-dns terraform module.
  • dr 📦 core module: v1.9.2 -> v1.10.1
    • Updated velero from 1.7.1 to 1.9.2.
    • Updated velero-plugin-for-aws from 1.3.0 to 1.5.1.
    • Updated velero-plugin-for-microsoft-azure from 1.3.1 to 1.5.1.
    • Updated velero-plugin-for-gcp from 1.3.0 to 1.5.1.
    • Updated velero-plugin-for-csi from 0.2.0 to 0.3.1.
  • OPA 📦 core module: v1.6.2 -> v1.7.3
    • Updated gatekeeper from 3.7.0 to 3.9.2.
    • Updated gatekeeper-policy-manager from 0.5.1 to 1.0.2.
  • auth 📦 core module: v0.0.2
    • Added pomerium package 0.15.8.
    • Added dex package 2.35.3.
    • Added gangway package 3.2.0.

Please refer the individual release notes for detailed information.

Upgrade procedure

Check the v1.22.0-to-v1.22.1 upgrade guide for the detailed procedure.

Breaking changes

Follow a summary of all the breaking changes introduced in this release, check each module for detailed information.

  • Monitoring:
    • Removed goldpinger package, no replacement available.
    • Replaced metrics-server with prometheus-adapter.
    • kubectl --server-side apply is now required.
  • Logging:
    • Removed elasticsearch and kibana packages, replaced by opensearch and opensearch-dashboards packages.
    • Removed self managed fluentd/fluentbit stack in favour of logging-operator.
  • Ingress:
    • Removed support for annotations on NGINX ingress controller side.
    • Removed nginx-ldap-auth with no replacement available.
    • Moved pomerium to the new auth module.
    • Removed nginx-ovh and nginx-gke packages. The only thing they did was to patch the svc from the NGINX package to type LoadBalancer.
  • Disaster Recovery:
    • Removed deprecated eks-velero in favour of velero-plugin-for-aws

New features 🌟

This release adds new features acrross all the core modules. Following is a list of the most interesting ones for each module.

  • Networking

    • Added Tigera operator package, can be used to manage Calico (instead of installing it directly with calico package) or to enforce Network Policies on EKS-based clusters.

  • Monitoring

    • Added blackbox-exporter package to monitor services external to the cluster.

  • Logging

    • Introduced logging operator to manage all the logging stack and logging configs in a dynamic way.
    • Added Grafana Loki stack as tech preview.
    • Swtiched from ElasticSearch to OpenSearch.

  • Ingress

    • Added ExternalDNS package to manage DNS records for services exposed through Ingress.
    • Added Terraform modules to manage IAM roles on AWS for cert-manager and external-dns.
    • Added Validating Webhook on NGINX ingress controller to validate the Ingress resources and prevent invalid configurations.
    • Forecastle now is Fury branded.

  • Disaster Recovery

    • Added a Prometheus alert for when there are no successful backups in the last 24 hours for the included schedules.

  • OPA

    • Major overhaul for Gatekeeper Policy Manager that is now released as a v1.0.2.
    • A set of custom Prometheus alerts that get triggered when the Gatekeeper webhooks are misbehaving for more than 5 min has been added.
    • Gatekeeper now has mutating capabilities in addition to just validating.

  • Auth

    • Module was introduced as core module.
    • Pomerium, Dex and Gangway packages are available.
Assets 9
Loading