Release v1.29.1

Kubernetes Fury Distribution Release v1.29.1

Welcome to KFD release v1.29.1.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.29.0

Installer Updates

• on-premises 📦 installer: v1.29.3-rev.1
  • Added support for airgap installations.

New features 🌟

• New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
  You can adjust the parameters using .spec.kubernetes.advanced.airGap: <object>. An example configuration is:

spec:
  kubernetes:
    advanced:
      airGap:
        containerdDownloadUrl: **url-to-containerd**
        runcDownloadUrl: **url-to-runc**
        runcChecksum: sha256: **runc-checksum**
        etcdDownloadUrl: **url-to-etcd**
        dependenciesOverride:
          apt:
            name: k8s-1.27
            repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
            gpg_key: **url-to-gpg-key**
            gpg_key_id: **gpg-key-id**
          yum:
            name: k8s-1.27
            repo: **yum-repo-url**
            gpg_key: **url-to-gpg-key**
            gpg_key_check: true
            repo_gpg_check: true

• New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using .spec.kubernetes.advancedAnsible.pythonInterpreter: <string>:

spec:
  kubernetes:
    advancedAnsible:
      pythonInterpreter: python3

Fixes 🐞

• Pomerium Logs: set log level to info by default, instead of debug.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.28.1

Kubernetes Fury Distribution Release v1.28.1

Welcome to KFD release v1.28.1.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.28.0

Core Module Updates

• networking 📦 core module: v1.17.0
  • Updated calico to 3.27.3.
  • Updated tigera operator to 1.32.7.

Installer Updates

• on-premises 📦 installer: v1.29.3-rev.1
  • Added support for airgap installations.

New features 🌟

• New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
  You can adjust the parameters using .spec.kubernetes.advanced.airGap: <object>. An example configuration is:

spec:
  kubernetes:
    advanced:
      airGap:
        containerdDownloadUrl: **url-to-containerd**
        runcDownloadUrl: **url-to-runc**
        runcChecksum: sha256: **runc-checksum**
        etcdDownloadUrl: **url-to-etcd**
        dependenciesOverride:
          apt:
            name: k8s-1.27
            repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
            gpg_key: **url-to-gpg-key**
            gpg_key_id: **gpg-key-id**
          yum:
            name: k8s-1.27
            repo: **yum-repo-url**
            gpg_key: **url-to-gpg-key**
            gpg_key_check: true
            repo_gpg_check: true

• New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using .spec.kubernetes.advancedAnsible.pythonInterpreter: <string>:

spec:
  kubernetes:
    advancedAnsible:
      pythonInterpreter: python3

Fixes 🐞

• Pomerium Logs: set log level to info by default, instead of debug.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.27.6

Kubernetes Fury Distribution Release v1.27.6

Welcome to KFD release v1.27.6.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.5

Core Module Updates

• networking 📦 core module: v1.17.0
  • Updated calico to 3.27.3.
  • Updated tigera operator to 1.32.7.

Installer Updates

• on-premises 📦 installer: v1.29.3-rev.1
  • Added support for airgap installations.

New features 🌟

• New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
  You can adjust the parameters using .spec.kubernetes.advanced.airGap: <object>. An example configuration is:

spec:
  kubernetes:
    advanced:
      airGap:
        containerdDownloadUrl: **url-to-containerd**
        runcDownloadUrl: **url-to-runc**
        runcChecksum: sha256: **runc-checksum**
        etcdDownloadUrl: **url-to-etcd**
        dependenciesOverride:
          apt:
            name: k8s-1.27
            repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
            gpg_key: **url-to-gpg-key**
            gpg_key_id: **gpg-key-id**
          yum:
            name: k8s-1.27
            repo: **yum-repo-url**
            gpg_key: **url-to-gpg-key**
            gpg_key_check: true
            repo_gpg_check: true

• New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using .spec.kubernetes.advancedAnsible.pythonInterpreter: <string>:

spec:
  kubernetes:
    advancedAnsible:
      pythonInterpreter: python3

Fixes 🐞

• Pomerium Logs: set log level to info by default, instead of debug.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Prerelease v1.27.6-rc.0

Kubernetes Fury Distribution Release v1.27.6

Welcome to KFD release v1.27.6.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.5

This is a maintenance release with focus on improving the overall stability of the distribution:

• Added air gap support to OnPremises kind.
• Updated on-premises installer to version v1.29.3-rev.1-rc.0 to support the new air gap variables.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.29.0

Kubernetes Fury Distribution Release v1.29.0

Welcome to KFD release v1.29.0.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

This release adds compatibility with Kubernetes 1.29.

New Features since v1.28.0

Core Module Updates

• networking 📦 core module: v1.17.0
  • Updated calico to 3.27.3.
  • Updated tigera operator to 1.32.7.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.28.0

Kubernetes Fury Distribution Release v1.28.0

Welcome to KFD release v1.28.0.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

This release adds compatibility with Kubernetes 1.28.

New Features since v1.27.4

Core Module Updates

• networking 📦 core module: v1.16.0
  • Updated calico to 3.27.0.
  • Updated tigera operator to 1.32.3.
  • Updated cilium to 1.15.2.
• monitoring 📦 core module: v3.1.0
  • Updated thanos to v0.34.0.
  • Updated x509-exporter to v3.12.0.
  • Updated mimir to v2.11.0.
  • Updated minio-ha to RELEASE.2024-02-09T21-25-16Z.
• logging 📦 core module: v3.4.0
  • Removed cerebro.
  • Updated opensearch to 2.12.0.
  • Updated opensearch-dashboards to 2.12.0.
  • Updated logging-operator to 4.5.6.
• ingress 📦 core module: v2.3.0
  • Updated cert-manager to 1.14.2.
  • Updated external-dns to 0.14.0.
  • Updated forecastle to 1.0.136.
  • Updated nginx to 1.9.6.
• dr 📦 core module: v2.3.0
  • Updated velero to 1.13.0.
  • Updated all plugins to 1.9.0.
• OPA 📦 core module: v1.12.0
  • Updated gatekeeper to 3.15.1.
  • Updated gatekeeper-policy-manager to 1.0.10.
  • Updated kyverno to 1.11.4.
• auth 📦 core module: v0.2.0
  • Updated dex to 2.38.0.
  • Updated pomerium to 0.25.0.
• tracing 📦 core module: v1.0.3

Please refer the individual release notes for detailed information.

New features 🌟

This release add the following features:

• New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the encryption-provider-config parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using .spec.kubernetes.advanced.encryption.configuration: <string> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:

  apiVersion: apiserver.config.k8s.io/v1
  kind: EncryptionConfiguration
  resources:
    - resources:
      - secrets
      providers:
      - aescbc:
          keys:
          - name: key1
            # example base64 encode of "passwordpassword"
            secret: cGFzc3dvcmRwYXNzd29yZAo=
      # fallback to read non encrypted secrets
      - identity: {}

• New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added, .spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters, along with a manual restart of the ETCD service).

• Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:

  spec:
    distribution:
      customPatches:
        images:
          - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator
            newName: quay.io/prometheus-operator/prometheus-operator
            newTag: latest

• Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label node-role.kubernetes.io/{{ node_role }}= has been added.

• Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.

• Additional Static Clients on DEX: A new parameter, additionalStaticClients, on DEX configuration can now be configured:

  spec:
    distribution:
      modules:
        auth:
          dex: 
            connectors:
              - type: ldap
                ...
            additionalStaticClients:
              - id: test
                redirectURIs:
                  - https://argocd.test/auth/callback
                  - https://argocd.test/auth/login
                name: 'ArgoCD Login'
                secret: XXXXXX

Fixes

• Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
• Mimir max_global_series_per_user to Unlimited: We changed the default value of max_global_series_per_user to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.

Removals 🗑️

• Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.27.5

Kubernetes Fury Distribution Release v1.27.5

Welcome to KFD release v1.27.5.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.4

Core Module Updates

• networking 📦 core module: v1.16.0
  • Updated calico to 3.27.0.
  • Updated tigera operator to 1.32.3.
  • Updated cilium to 1.15.2.
• monitoring 📦 core module: v3.1.0
  • Updated thanos to v0.34.0.
  • Updated x509-exporter to v3.12.0.
  • Updated mimir to v2.11.0.
  • Updated minio-ha to RELEASE.2024-02-09T21-25-16Z.
• logging 📦 core module: v3.4.0
  • Removed cerebro.
  • Updated opensearch to 2.12.0.
  • Updated opensearch-dashboards to 2.12.0.
  • Updated logging-operator to 4.5.6.
• ingress 📦 core module: v2.3.0
  • Updated cert-manager to 1.14.2.
  • Updated external-dns to 0.14.0.
  • Updated forecastle to 1.0.136.
  • Updated nginx to 1.9.6.
• dr 📦 core module: v2.3.0
  • Updated velero to 1.13.0.
  • Updated all plugins to 1.9.0.
• OPA 📦 core module: v1.12.0
  • Updated gatekeeper to 3.15.1.
  • Updated gatekeeper-policy-manager to 1.0.10.
  • Updated kyverno to 1.11.4.
• auth 📦 core module: v0.2.0
  • Updated dex to 2.38.0.
  • Updated pomerium to 0.25.0.
• tracing 📦 core module: v1.0.3

Please refer the individual release notes for detailed information.

New features 🌟

This release add the following features:

• New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the encryption-provider-config parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using .spec.kubernetes.advanced.encryption.configuration: <string> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:

  apiVersion: apiserver.config.k8s.io/v1
  kind: EncryptionConfiguration
  resources:
    - resources:
      - secrets
      providers:
      - aescbc:
          keys:
          - name: key1
            # example base64 encode of "passwordpassword"
            secret: cGFzc3dvcmRwYXNzd29yZAo=
      # fallback to read non encrypted secrets
      - identity: {}

• New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added, .spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters, along with a manual restart of the ETCD service).

• Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:

  spec:
    distribution:
      customPatches:
        images:
          - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator
            newName: quay.io/prometheus-operator/prometheus-operator
            newTag: latest

• Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label node-role.kubernetes.io/{{ node_role }}= has been added.

• Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.

• Additional Static Clients on DEX: A new parameter, additionalStaticClients, on DEX configuration can now be configured:

  spec:
    distribution:
      modules:
        auth:
          dex: 
            connectors:
              - type: ldap
                ...
            additionalStaticClients:
              - id: test
                redirectURIs:
                  - https://argocd.test/auth/callback
                  - https://argocd.test/auth/login
                name: 'ArgoCD Login'
                secret: XXXXXX

Fixes

• Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
• Mimir max_global_series_per_user to Unlimited: We changed the default value of max_global_series_per_user to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.

Removals 🗑️

• Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.26.6

Kubernetes Fury Distribution Release v1.26.6

Welcome to KFD release v1.26.6.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.26.5

Core Module Updates

• networking 📦 core module: v1.16.0
  • Updated calico to 3.27.0.
  • Updated tigera operator to 1.32.3.
  • Updated cilium to 1.15.2.
• monitoring 📦 core module: v3.1.0
  • Updated thanos to v0.34.0.
  • Updated x509-exporter to v3.12.0.
  • Updated mimir to v2.11.0.
  • Updated minio-ha to RELEASE.2024-02-09T21-25-16Z.
• logging 📦 core module: v3.4.0
  • Removed cerebro.
  • Updated opensearch to 2.12.0.
  • Updated opensearch-dashboards to 2.12.0.
  • Updated logging-operator to 4.5.6.
• ingress 📦 core module: v2.3.0
  • Updated cert-manager to 1.14.2.
  • Updated external-dns to 0.14.0.
  • Updated forecastle to 1.0.136.
  • Updated nginx to 1.9.6.
• dr 📦 core module: v2.3.0
  • Updated velero to 1.13.0.
  • Updated all plugins to 1.9.0.
• OPA 📦 core module: v1.12.0
  • Updated gatekeeper to 3.15.1.
  • Updated gatekeeper-policy-manager to 1.0.10.
  • Updated kyverno to 1.11.4.
• auth 📦 core module: v0.2.0
  • Updated dex to 2.38.0.
  • Updated pomerium to 0.25.0.
• tracing 📦 core module: v1.0.3

Please refer the individual release notes for detailed information.

New features 🌟

This release add the following features:

• New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the encryption-provider-config parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using .spec.kubernetes.advanced.encryption.configuration: <string> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:

  apiVersion: apiserver.config.k8s.io/v1
  kind: EncryptionConfiguration
  resources:
    - resources:
      - secrets
      providers:
      - aescbc:
          keys:
          - name: key1
            # example base64 encode of "passwordpassword"
            secret: cGFzc3dvcmRwYXNzd29yZAo=
      # fallback to read non encrypted secrets
      - identity: {}

• New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added, .spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters, along with a manual restart of the ETCD service).

• Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:

  spec:
    distribution:
      customPatches:
        images:
          - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator
            newName: quay.io/prometheus-operator/prometheus-operator
            newTag: latest

• Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label node-role.kubernetes.io/{{ node_role }}= has been added.

• Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.

• Additional Static Clients on DEX: A new parameter, additionalStaticClients, on DEX configuration can now be configured:

  spec:
    distribution:
      modules:
        auth:
          dex: 
            connectors:
              - type: ldap
                ...
            additionalStaticClients:
              - id: test
                redirectURIs:
                  - https://argocd.test/auth/callback
                  - https://argocd.test/auth/login
                name: 'ArgoCD Login'
                secret: XXXXXX

Fixes

• Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
• Mimir max_global_series_per_user to Unlimited: We changed the default value of max_global_series_per_user to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.

Removals 🗑️

• Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.27.4

Kubernetes Fury Distribution Release v1.27.4

Welcome to KFD release v1.27.4.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.3

This is a maintenance release with focus on improving the overall stability of the distribution:

• Added additionalStaticClients configuration on dex options.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Furyctl compatibility

Check Furyctl repository for more informations.

Release v1.27.3

Kubernetes Fury Distribution Release v1.27.3

Welcome to KFD release v1.27.3.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.2

This is a maintenance release with focus on improving the overall stability of the distribution:

• Updated on-premises installer to version v1.27.6-rev.2 that updates containerd to v1.7.13 and changes the behaviour of the keepalived service on the APIServer loadbalancer with unicast instead of multicast.
• Improved speed of the e2e tests, thanks to @ralgozino.
• Add: support for the logsTypes field in the EKSCluster kind to select the log types to be collected by the cluster. The new supported field of the configuration file is:
  • .spec.kubernetes.logsTypes

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Furyctl compatibility

Check Furyctl repository for more informations.