Releases: cloudfoundry/cf-for-k8s
v5.4.0
Notices
This release contains an update to Kpack, which provides more Cloud Native Buildpacks API compatibility range.
Highlights
- Bump Kpack to v0.5.0
- Bump Paketo Buildpacks to latest available versions
- Java Buildpack contains mitigation for Log4j vulnerability (CVE-2021-44228) impact on Cloud Foundry Products
Release Updates
| Release | Old Version | New Version |
|---|---|---|
| Kpack | v0.4.3 | v0.5.0 |
v5.3.1
Notices
Release Updates
| Release | Old Version | New Version |
|---|---|---|
| Kpack | v0.4.1 | v0.4.3 |
| UAA | 4810ecbe9911243d55a8a5dd74defa013bd8cad3 | c830865fce70f05f9540d6e19010ce46dc894d74 |
Contributors
Andrew Wittrock
Dave Walter
v5.3.0
Notices
cf-for-k8s now supports Kubernetes version 1.22! 🎉
use_first_party_jwt_tokens must be removed or set to false for K8s 1.22 and Istio 1.11.4 operability.
Highlights
- Increased cluster support range (1.19-1.22)
- Bumps to Kpack to support new buildpacks.
- Latest Istio patch.
PRs Merged
- Migrate apiregistration.k8s.io for 1.22 692
- Update Istio to 1.11.4 690
- Update to Kpack v0.4.1 689
- Bump eirini to v5.0.0 686
- Increased supported k8s cluster version to 1.22 682
Release Updates
| Release | Old Version | New Version |
|---|---|---|
| CF API | 9ff3688 | 1c12474 |
| Eirini | v4.0.0 | v5.0.0 |
| Istio | 1.11.1 | 1.11.4 |
| Kpack | v0.3.1 | v0.4.1 |
| Networking | b009c95 | d211c74 |
| UAA | f657bfcf8ccb01a57a47abe78fedb35b6cf574e0 | 4810ecbe9911243d55a8a5dd74defa013bd8cad3 |
Contributors
Andrew Wittrock
Danail Branekov
Giuseppe Capizzi
Kieron Browne
v5.2.0
Notices
Istio bump to 1.11.1 supports Kubernetes cluster range from 1.19. Removal of deprecated APIs in 1.22 necessitates maximum Kubernetes version support of 1.21 unless dependencies are updated for 1.22.
PRs Merged
- Update Istio to 1.11.1 680
Release Updates
| Release | Old Version | New Version |
|---|---|---|
| Istio | 1.10.2 | 1.11.1 |
Contributors
Andrew Wittrock
v5.1.1
Notices
No longer versioning the Istio ConfigMap since Istio now refreshes configuration directly. Kapp versioning here is incompatible with the mechanic Istio introduced. Thanks for reporting this @braunsonm.
Improved ConfigMaps to be read directly rather than from volume mounts. This improves the speed of updates and ensures that for external istiod installations that the configmaps are read from the config cluster. (Issue #31410)
PRs Merged
- Stop kapp versioning istio ConfigMap. 679
| Release | Old Version | New Version |
|---|---|---|
| CF API | d2e34ce | f2e1ee5 |
| Istio | 1.10.2 | 1.10.2 |
Contributors
Andrew Wittrock
Dave Walter
Contributors
Assets 2
v5.1.0
Notices
Istio Upgrade
⚠️ Istio does not support jump upgrades - cf-for-k8s must be v5.0.0 before upgrading to v5.1.0⚠️ Istio made changes to how the sidecar Envoy proxies forward traffic internally within a Pod. Previously, the sidecar proxies would redirect inbound traffic to the loopback (lo) interface. This is no longer the case by default, so processes that are bound only to the loopback will no longer receive traffic from outside their Pod. See this notice for more information and for mitigation suggestions.
Kubernetes Cluster Support
Supported cluster version range now 1.18-1.21.
Highlights
Istio 1.10.2 bump!
Cluster version range increased to include Kubernetes 1.21
PRs Merged
- Bump Istio to 1.10.2. 673
Release Updates
| Release | Old Version | New Version |
|---|---|---|
| CF API | 074b2db | d2e34ce |
| Istio | 1.9.5 | 1.10.2 |
| UAA | 5cefb028d72b00c042b0f0c2cabacd1887c5908d | f100c92f3d026c7cdf5a16781626a6c17e6d80ff |
Contributors
Andrew Wittrock
Dave Walter
v5.0.0
Notices
⚠️ Minimum Kubernetes cluster version is now 1.18. ⚠️
Kpack bump requires the minimum version change. This is considered a breaking changed in cf-for-k8s.
Highlights
Kpack v0.3.1 - Support for new buildpacks!
Issues Closed
- Demo App can't running because "OCI runtime create failed" 666
- CF does not rollout sidecar updates to internal workloads 663
Release Updates
| Release | Old Version | New Version |
|---|---|---|
| CF API | 3b575e0 | 074b2db |
| Kpack | v0.2.2 | v0.3.1 |
| Networking | 1370435 | b7b8af9 |
| UAA | 6a4c75bde4b5bfdce22e06ce35a23fd58cfef711 | 5cefb028d72b00c042b0f0c2cabacd1887c5908d |
Contributors
Akira Wong
Andrew Wittrock
Ashwin Krishna
Caitlyn Yu
Dave Walter
Tim Downey
v4.2.0
Notices
- Deployments, DaemonSets, and StatefulSets will roll when Istio upgrades to ensure the sidecar containers are properly synchronized.
- UAA templates have been extracted into another repository. They will follow UAA versioning again in future releases. For this release, the version is defined by a sha.
Highlights
- Upgrade to Istio 1.9.5 for CVE resolution.
PRs Merged
- ENH: Add an Istio version label to all system components 665
- Update the holdApplicationUntilProxyStarts Istio setting 664
Issues Closed
- ytt: Error: Overlaying data values on istio_static_ip 660
Release Updates
| Release | Old Version | New Version |
|---|---|---|
| CF API | cd2f314 | 3b575e0 |
| Istio | 1.9.4 | 1.9.5 |
| Networking | 35f3ed3 | 1370435 |
| UAA | v75.1.0 | 6a4c75b |
Contributors
Andrew Costa
Andrew Wittrock
Caitlyn Yu
Dave Walter
Matt Royal
Tim Downey
v4.1.0
v4.0.0
Notices
- The config block
resource_validator_certificatefor Eirini has been removed. It was introduced in v3.1.0 via the Eirini bump, so this is regarded as a breaking change. - This release supports mitigating the previously introduced interface change and preparation for an additional Istio update.
Configuration changes
- If upgrading from v3.0.0, no changes are necessary. If upgrading from v3.1.0, the
resource_validator_certificateblock should be removed.
PRs Merged
- Remove eirini-resource-validator 662
| Release | Old Version | New Version |
|---|---|---|
| CF API | dd6224d | cd2f314 |
Contributors
Andrew Wittrock
Caitlyn Yu
Matt Royal
relint-ci