Releases: sighupio/fury-distribution
Release v1.29.1
Kubernetes Fury Distribution Release v1.29.1
Welcome to KFD release v1.29.1
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.29.0
Installer Updates
- on-premises 📦 installer: v1.29.3-rev.1
- Added support for airgap installations.
New features 🌟
- New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
You can adjust the parameters using.spec.kubernetes.advanced.airGap: <object>
. An example configuration is:
spec:
kubernetes:
advanced:
airGap:
containerdDownloadUrl: **url-to-containerd**
runcDownloadUrl: **url-to-runc**
runcChecksum: sha256: **runc-checksum**
etcdDownloadUrl: **url-to-etcd**
dependenciesOverride:
apt:
name: k8s-1.27
repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
gpg_key: **url-to-gpg-key**
gpg_key_id: **gpg-key-id**
yum:
name: k8s-1.27
repo: **yum-repo-url**
gpg_key: **url-to-gpg-key**
gpg_key_check: true
repo_gpg_check: true
- New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using
.spec.kubernetes.advancedAnsible.pythonInterpreter: <string>
:
spec:
kubernetes:
advancedAnsible:
pythonInterpreter: python3
Fixes 🐞
- Pomerium Logs: set log level to
info
by default, instead ofdebug
.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Release v1.28.1
Kubernetes Fury Distribution Release v1.28.1
Welcome to KFD release v1.28.1
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.28.0
Core Module Updates
- networking 📦 core module: v1.17.0
- Updated calico to
3.27.3
. - Updated tigera operator to
1.32.7
.
- Updated calico to
Installer Updates
- on-premises 📦 installer: v1.29.3-rev.1
- Added support for airgap installations.
New features 🌟
- New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
You can adjust the parameters using.spec.kubernetes.advanced.airGap: <object>
. An example configuration is:
spec:
kubernetes:
advanced:
airGap:
containerdDownloadUrl: **url-to-containerd**
runcDownloadUrl: **url-to-runc**
runcChecksum: sha256: **runc-checksum**
etcdDownloadUrl: **url-to-etcd**
dependenciesOverride:
apt:
name: k8s-1.27
repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
gpg_key: **url-to-gpg-key**
gpg_key_id: **gpg-key-id**
yum:
name: k8s-1.27
repo: **yum-repo-url**
gpg_key: **url-to-gpg-key**
gpg_key_check: true
repo_gpg_check: true
- New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using
.spec.kubernetes.advancedAnsible.pythonInterpreter: <string>
:
spec:
kubernetes:
advancedAnsible:
pythonInterpreter: python3
Fixes 🐞
- Pomerium Logs: set log level to
info
by default, instead ofdebug
.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Release v1.27.6
Kubernetes Fury Distribution Release v1.27.6
Welcome to KFD release v1.27.6
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.27.5
Core Module Updates
- networking 📦 core module: v1.17.0
- Updated calico to
3.27.3
. - Updated tigera operator to
1.32.7
.
- Updated calico to
Installer Updates
- on-premises 📦 installer: v1.29.3-rev.1
- Added support for airgap installations.
New features 🌟
- New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
You can adjust the parameters using.spec.kubernetes.advanced.airGap: <object>
. An example configuration is:
spec:
kubernetes:
advanced:
airGap:
containerdDownloadUrl: **url-to-containerd**
runcDownloadUrl: **url-to-runc**
runcChecksum: sha256: **runc-checksum**
etcdDownloadUrl: **url-to-etcd**
dependenciesOverride:
apt:
name: k8s-1.27
repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
gpg_key: **url-to-gpg-key**
gpg_key_id: **gpg-key-id**
yum:
name: k8s-1.27
repo: **yum-repo-url**
gpg_key: **url-to-gpg-key**
gpg_key_check: true
repo_gpg_check: true
- New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using
.spec.kubernetes.advancedAnsible.pythonInterpreter: <string>
:
spec:
kubernetes:
advancedAnsible:
pythonInterpreter: python3
Fixes 🐞
- Pomerium Logs: set log level to
info
by default, instead ofdebug
.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Prerelease v1.27.6-rc.0
Kubernetes Fury Distribution Release v1.27.6
Welcome to KFD release v1.27.6
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.27.5
This is a maintenance release with focus on improving the overall stability of the distribution:
- Added air gap support to OnPremises kind.
- Updated on-premises installer to version
v1.29.3-rev.1-rc.0
to support the new air gap variables.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Release v1.29.0
Kubernetes Fury Distribution Release v1.29.0
Welcome to KFD release v1.29.0
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
This release adds compatibility with Kubernetes 1.29.
New Features since v1.28.0
Core Module Updates
- networking 📦 core module: v1.17.0
- Updated calico to
3.27.3
. - Updated tigera operator to
1.32.7
.
- Updated calico to
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Release v1.28.0
Kubernetes Fury Distribution Release v1.28.0
Welcome to KFD release v1.28.0
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
This release adds compatibility with Kubernetes 1.28.
New Features since v1.27.4
Core Module Updates
- networking 📦 core module: v1.16.0
- Updated calico to
3.27.0
. - Updated tigera operator to
1.32.3
. - Updated cilium to
1.15.2
.
- Updated calico to
- monitoring 📦 core module: v3.1.0
- Updated thanos to
v0.34.0
. - Updated x509-exporter to
v3.12.0
. - Updated mimir to
v2.11.0
. - Updated minio-ha to
RELEASE.2024-02-09T21-25-16Z
.
- Updated thanos to
- logging 📦 core module: v3.4.0
- Removed cerebro.
- Updated opensearch to
2.12.0
. - Updated opensearch-dashboards to
2.12.0
. - Updated logging-operator to
4.5.6
.
- ingress 📦 core module: v2.3.0
- Updated cert-manager to
1.14.2
. - Updated external-dns to
0.14.0
. - Updated forecastle to
1.0.136
. - Updated nginx to
1.9.6
.
- Updated cert-manager to
- dr 📦 core module: v2.3.0
- Updated velero to
1.13.0
. - Updated all plugins to
1.9.0
.
- Updated velero to
- OPA 📦 core module: v1.12.0
- Updated gatekeeper to
3.15.1
. - Updated gatekeeper-policy-manager to
1.0.10
. - Updated kyverno to
1.11.4
.
- Updated gatekeeper to
- auth 📦 core module: v0.2.0
- Updated dex to
2.38.0
. - Updated pomerium to
0.25.0
.
- Updated dex to
- tracing 📦 core module: v1.0.3
Please refer the individual release notes for detailed information.
New features 🌟
This release add the following features:
-
New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the
encryption-provider-config
parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using.spec.kubernetes.advanced.encryption.configuration: <string>
(NOTE: For existing clusters, manual execution of the commandkubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml
is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - resources: - secrets providers: - aescbc: keys: - name: key1 # example base64 encode of "passwordpassword" secret: cGFzc3dvcmRwYXNzd29yZAo= # fallback to read non encrypted secrets - identity: {}
-
New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added,
.spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings>
(NOTE: For existing clusters, manual execution of the commandkubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml
is required on all masters, along with a manual restart of the ETCD service). -
Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:
spec: distribution: customPatches: images: - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator newName: quay.io/prometheus-operator/prometheus-operator newTag: latest
-
Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label
node-role.kubernetes.io/{{ node_role }}=
has been added. -
Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.
-
Additional Static Clients on DEX: A new parameter,
additionalStaticClients
, on DEX configuration can now be configured:spec: distribution: modules: auth: dex: connectors: - type: ldap ... additionalStaticClients: - id: test redirectURIs: - https://argocd.test/auth/callback - https://argocd.test/auth/login name: 'ArgoCD Login' secret: XXXXXX
Fixes
- Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
- Mimir max_global_series_per_user to Unlimited: We changed the default value of
max_global_series_per_user
to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.
Removals 🗑️
- Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Release v1.27.5
Kubernetes Fury Distribution Release v1.27.5
Welcome to KFD release v1.27.5
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.27.4
Core Module Updates
- networking 📦 core module: v1.16.0
- Updated calico to
3.27.0
. - Updated tigera operator to
1.32.3
. - Updated cilium to
1.15.2
.
- Updated calico to
- monitoring 📦 core module: v3.1.0
- Updated thanos to
v0.34.0
. - Updated x509-exporter to
v3.12.0
. - Updated mimir to
v2.11.0
. - Updated minio-ha to
RELEASE.2024-02-09T21-25-16Z
.
- Updated thanos to
- logging 📦 core module: v3.4.0
- Removed cerebro.
- Updated opensearch to
2.12.0
. - Updated opensearch-dashboards to
2.12.0
. - Updated logging-operator to
4.5.6
.
- ingress 📦 core module: v2.3.0
- Updated cert-manager to
1.14.2
. - Updated external-dns to
0.14.0
. - Updated forecastle to
1.0.136
. - Updated nginx to
1.9.6
.
- Updated cert-manager to
- dr 📦 core module: v2.3.0
- Updated velero to
1.13.0
. - Updated all plugins to
1.9.0
.
- Updated velero to
- OPA 📦 core module: v1.12.0
- Updated gatekeeper to
3.15.1
. - Updated gatekeeper-policy-manager to
1.0.10
. - Updated kyverno to
1.11.4
.
- Updated gatekeeper to
- auth 📦 core module: v0.2.0
- Updated dex to
2.38.0
. - Updated pomerium to
0.25.0
.
- Updated dex to
- tracing 📦 core module: v1.0.3
Please refer the individual release notes for detailed information.
New features 🌟
This release add the following features:
-
New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the
encryption-provider-config
parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using.spec.kubernetes.advanced.encryption.configuration: <string>
(NOTE: For existing clusters, manual execution of the commandkubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml
is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - resources: - secrets providers: - aescbc: keys: - name: key1 # example base64 encode of "passwordpassword" secret: cGFzc3dvcmRwYXNzd29yZAo= # fallback to read non encrypted secrets - identity: {}
-
New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added,
.spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings>
(NOTE: For existing clusters, manual execution of the commandkubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml
is required on all masters, along with a manual restart of the ETCD service). -
Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:
spec: distribution: customPatches: images: - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator newName: quay.io/prometheus-operator/prometheus-operator newTag: latest
-
Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label
node-role.kubernetes.io/{{ node_role }}=
has been added. -
Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.
-
Additional Static Clients on DEX: A new parameter,
additionalStaticClients
, on DEX configuration can now be configured:spec: distribution: modules: auth: dex: connectors: - type: ldap ... additionalStaticClients: - id: test redirectURIs: - https://argocd.test/auth/callback - https://argocd.test/auth/login name: 'ArgoCD Login' secret: XXXXXX
Fixes
- Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
- Mimir max_global_series_per_user to Unlimited: We changed the default value of
max_global_series_per_user
to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.
Removals 🗑️
- Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Release v1.26.6
Kubernetes Fury Distribution Release v1.26.6
Welcome to KFD release v1.26.6
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.26.5
Core Module Updates
- networking 📦 core module: v1.16.0
- Updated calico to
3.27.0
. - Updated tigera operator to
1.32.3
. - Updated cilium to
1.15.2
.
- Updated calico to
- monitoring 📦 core module: v3.1.0
- Updated thanos to
v0.34.0
. - Updated x509-exporter to
v3.12.0
. - Updated mimir to
v2.11.0
. - Updated minio-ha to
RELEASE.2024-02-09T21-25-16Z
.
- Updated thanos to
- logging 📦 core module: v3.4.0
- Removed cerebro.
- Updated opensearch to
2.12.0
. - Updated opensearch-dashboards to
2.12.0
. - Updated logging-operator to
4.5.6
.
- ingress 📦 core module: v2.3.0
- Updated cert-manager to
1.14.2
. - Updated external-dns to
0.14.0
. - Updated forecastle to
1.0.136
. - Updated nginx to
1.9.6
.
- Updated cert-manager to
- dr 📦 core module: v2.3.0
- Updated velero to
1.13.0
. - Updated all plugins to
1.9.0
.
- Updated velero to
- OPA 📦 core module: v1.12.0
- Updated gatekeeper to
3.15.1
. - Updated gatekeeper-policy-manager to
1.0.10
. - Updated kyverno to
1.11.4
.
- Updated gatekeeper to
- auth 📦 core module: v0.2.0
- Updated dex to
2.38.0
. - Updated pomerium to
0.25.0
.
- Updated dex to
- tracing 📦 core module: v1.0.3
Please refer the individual release notes for detailed information.
New features 🌟
This release add the following features:
-
New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the
encryption-provider-config
parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using.spec.kubernetes.advanced.encryption.configuration: <string>
(NOTE: For existing clusters, manual execution of the commandkubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml
is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:apiVersion: apiserver.config.k8s.io/v1 kind: EncryptionConfiguration resources: - resources: - secrets providers: - aescbc: keys: - name: key1 # example base64 encode of "passwordpassword" secret: cGFzc3dvcmRwYXNzd29yZAo= # fallback to read non encrypted secrets - identity: {}
-
New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added,
.spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings>
(NOTE: For existing clusters, manual execution of the commandkubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml
is required on all masters, along with a manual restart of the ETCD service). -
Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:
spec: distribution: customPatches: images: - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator newName: quay.io/prometheus-operator/prometheus-operator newTag: latest
-
Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label
node-role.kubernetes.io/{{ node_role }}=
has been added. -
Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.
-
Additional Static Clients on DEX: A new parameter,
additionalStaticClients
, on DEX configuration can now be configured:spec: distribution: modules: auth: dex: connectors: - type: ldap ... additionalStaticClients: - id: test redirectURIs: - https://argocd.test/auth/callback - https://argocd.test/auth/login name: 'ArgoCD Login' secret: XXXXXX
Fixes
- Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
- Mimir max_global_series_per_user to Unlimited: We changed the default value of
max_global_series_per_user
to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.
Removals 🗑️
- Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Release v1.27.4
Kubernetes Fury Distribution Release v1.27.4
Welcome to KFD release v1.27.4
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.27.3
This is a maintenance release with focus on improving the overall stability of the distribution:
- Added
additionalStaticClients
configuration on dex options.
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Furyctl compatibility
Check Furyctl repository for more informations.
Release v1.27.3
Kubernetes Fury Distribution Release v1.27.3
Welcome to KFD release v1.27.3
.
The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.
New Features since v1.27.2
This is a maintenance release with focus on improving the overall stability of the distribution:
- Updated on-premises installer to version
v1.27.6-rev.2
that updates containerd tov1.7.13
and changes the behaviour of the keepalived service on the APIServer loadbalancer with unicast instead of multicast. - Improved speed of the e2e tests, thanks to @ralgozino.
- Add: support for the logsTypes field in the EKSCluster kind to select the log types to be collected by the cluster. The new supported field of the configuration file is:
.spec.kubernetes.logsTypes
Upgrade procedure
Check the upgrade docs for the detailed procedure.
Furyctl compatibility
Check Furyctl repository for more informations.