Release v1.23.3

Kubernetes Fury Distribution Release v1.23.3

Welcome to KFD release v1.23.3.

The distribution is maintained with ❤️ by the team SIGHUP, and is battle tested in production environments.

This release adds a bunch of new features and improvements to the core modules, adds a new core module auth and some package replacement/removals.

New Features since v1.23.2

Core Module Updates

• networking 📦 core module: v1.9.0 -> v1.10.0
  • Updated calico from 3.23.2 to 3.24.1.
  • Updated ip-masq-agent from 2.5.0 to 2.8.0.
  • Added Tigera operator package.
• monitoring 📦 core module: v1.14.2 -> v2.0.1
  • Updated alertmanager from 0.23.0 to 0.24.0.
  • Updated grafana from 8.3.3 to 8.5.5.
  • Updated kube-rbac-proxy from 0.11.0 to 0.12.0.
  • Updated kube-state-metrics from 2.3.0 to 2.5.0.
  • Updated prometheus-operator from 0.53.1 to 0.57.0.
  • Updated prometheus from 2.32.1 to 2.36.1.
  • Updated x509-exporter from 2.12.1 to 3.2.0.
  • Removed goldpinger package.
  • Removed metrics-server package.
  • Added blackbox-exporter package 0.21.0.
  • Added prometheus-adapter package 0.9.1.
• logging 📦 core module: v1.10.3 -> v3.0.1
  • Removed elasticsearch package.
  • Removed kibana package.
  • Removed fluentd package.
  • Removed curator package.
  • Added opensearch package 2.0.0.
  • Added opensearch-dashboards package 2.0.0.
  • Added logging-operator package 3.17.7.
  • Added loki-stack as tech preview package 2.4.2.
• ingress 📦 core module: v1.12.2 -> v1.13.1
  • Updated cert-manager from 1.6.1 to 1.10.0.
  • Updated forecastle from 1.0.75 to 1.0.103.
  • Removed nginx-ldap-auth package.
  • Removed nginx-ovh package.
  • Removed nginx-gke package.
  • Removed pomerium package.
  • Added external-dns package 0.10.2.
  • Added aws-cert-manager terraform module.
  • Added aws-external-dns terraform module.
• dr 📦 core module: v1.9.2 -> v1.10.1
  • Updated velero from 1.7.1 to 1.9.2.
  • Updated velero-plugin-for-aws from 1.3.0 to 1.5.1.
  • Updated velero-plugin-for-microsoft-azure from 1.3.1 to 1.5.1.
  • Updated velero-plugin-for-gcp from 1.3.0 to 1.5.1.
  • Updated velero-plugin-for-csi from 0.2.0 to 0.3.1.
• OPA 📦 core module: v1.6.2 -> v1.7.3
  • Updated gatekeeper from 3.7.0 to 3.9.2.
  • Updated gatekeeper-policy-manager from 0.5.1 to 1.0.2.
• auth 📦 core module: v0.0.2
  • Added pomerium package 0.15.8.
  • Added dex package 2.35.3.
  • Added gangway package 3.2.0.

Please refer the individual release notes for detailed information.

Upgrade procedure

Check the v1.23.2-to-v1.23.3 upgrade guide for the detailed procedure.

Breaking changes

Follow a summary of all the breaking changes introduced in this release, check each module for detailed information.

• Monitoring:
  • Removed goldpinger package, no replacement available.
  • Replaced metrics-server with prometheus-adapter.
  • kubectl --server-side apply is now required.
• Logging:
  • Removed elasticsearch and kibana packages, replaced by opensearch and opensearch-dashboards packages.
  • Removed self managed fluentd/fluentbit stack in favour of logging-operator.
• Ingress:
  • Removed support for annotations on NGINX ingress controller side.
  • Removed nginx-ldap-auth with no replacement available.
  • Moved pomerium to the new auth module.
  • Removed nginx-ovh and nginx-gke packages. The only thing they did was to patch the svc from the NGINX package to type LoadBalancer.
• Disaster Recovery:
  • Removed deprecated eks-velero in favour of velero-plugin-for-aws

New features 🌟

This release adds new features acrross all the core modules. Following is a list of the most interesting ones for each module.

• Networking

  • Added Tigera operator package, can be used to manage Calico (instead of installing it directly with calico package) or to enforce Network Policies on EKS-based clusters.

• Monitoring

  • Added blackbox-exporter package to monitor services external to the cluster.

• Logging

  • Introduced logging operator to manage all the logging stack and logging configs in a dynamic way.
  • Added Grafana Loki stack as tech preview.
  • Swtiched from ElasticSearch to OpenSearch.

• Ingress

  • Added ExternalDNS package to manage DNS records for services exposed through Ingress.
  • Added Terraform modules to manage IAM roles on AWS for cert-manager and external-dns.
  • Added Validating Webhook on NGINX ingress controller to validate the Ingress resources and prevent invalid configurations.
  • Forecastle now is Fury branded.

• Disaster Recovery

  • Added a Prometheus alert for when there are no successful backups in the last 24 hours for the included schedules.

• OPA

  • Major overhaul for Gatekeeper Policy Manager that is now released as a v1.0.2.
  • A set of custom Prometheus alerts that get triggered when the Gatekeeper webhooks are misbehaving for more than 5 min has been added.
  • Gatekeeper now has mutating capabilities in addition to just validating.

• Auth

  • Module was introduced as core module.
  • Pomerium, Dex and Gangway packages are available.

Release v1.22.1

Kubernetes Fury Distribution Release v1.22.1

Welcome to KFD release v1.22.1.

The distribution is maintained with ❤️ by the team SIGHUP, and is battle tested in production environments.

This release adds a bunch of new features and improvements to the core modules, adds a new core module auth and some package replacement/removals.

New Features since v1.22.0

Core Module Updates

• networking 📦 core module: v1.9.0 -> v1.10.0
  • Updated calico from 3.23.2 to 3.24.1.
  • Updated ip-masq-agent from 2.5.0 to 2.8.0.
  • Added Tigera operator package.
• monitoring 📦 core module: v1.14.2 -> v2.0.1
  • Updated alertmanager from 0.23.0 to 0.24.0.
  • Updated grafana from 8.3.3 to 8.5.5.
  • Updated kube-rbac-proxy from 0.11.0 to 0.12.0.
  • Updated kube-state-metrics from 2.3.0 to 2.5.0.
  • Updated prometheus-operator from 0.53.1 to 0.57.0.
  • Updated prometheus from 2.32.1 to 2.36.1.
  • Updated x509-exporter from 2.12.1 to 3.2.0.
  • Removed goldpinger package.
  • Removed metrics-server package.
  • Added blackbox-exporter package 0.21.0.
  • Added prometheus-adapter package 0.9.1.
• logging 📦 core module: v1.10.3 -> v3.0.1
  • Removed elasticsearch package.
  • Removed kibana package.
  • Removed fluentd package.
  • Removed curator package.
  • Added opensearch package 2.0.0.
  • Added opensearch-dashboards package 2.0.0.
  • Added logging-operator package 3.17.7.
  • Added loki-stack as tech preview package 2.4.2.
• ingress 📦 core module: v1.12.2 -> v1.13.1
  • Updated cert-manager from 1.6.1 to 1.10.0.
  • Updated forecastle from 1.0.75 to 1.0.103.
  • Removed nginx-ldap-auth package.
  • Removed nginx-ovh package.
  • Removed nginx-gke package.
  • Removed pomerium package.
  • Added external-dns package 0.10.2.
  • Added aws-cert-manager terraform module.
  • Added aws-external-dns terraform module.
• dr 📦 core module: v1.9.2 -> v1.10.1
  • Updated velero from 1.7.1 to 1.9.2.
  • Updated velero-plugin-for-aws from 1.3.0 to 1.5.1.
  • Updated velero-plugin-for-microsoft-azure from 1.3.1 to 1.5.1.
  • Updated velero-plugin-for-gcp from 1.3.0 to 1.5.1.
  • Updated velero-plugin-for-csi from 0.2.0 to 0.3.1.
• OPA 📦 core module: v1.6.2 -> v1.7.3
  • Updated gatekeeper from 3.7.0 to 3.9.2.
  • Updated gatekeeper-policy-manager from 0.5.1 to 1.0.2.
• auth 📦 core module: v0.0.2
  • Added pomerium package 0.15.8.
  • Added dex package 2.35.3.
  • Added gangway package 3.2.0.

Please refer the individual release notes for detailed information.

Upgrade procedure

Check the v1.22.0-to-v1.22.1 upgrade guide for the detailed procedure.

Breaking changes

Follow a summary of all the breaking changes introduced in this release, check each module for detailed information.

• Monitoring:
  • Removed goldpinger package, no replacement available.
  • Replaced metrics-server with prometheus-adapter.
  • kubectl --server-side apply is now required.
• Logging:
  • Removed elasticsearch and kibana packages, replaced by opensearch and opensearch-dashboards packages.
  • Removed self managed fluentd/fluentbit stack in favour of logging-operator.
• Ingress:
  • Removed support for annotations on NGINX ingress controller side.
  • Removed nginx-ldap-auth with no replacement available.
  • Moved pomerium to the new auth module.
  • Removed nginx-ovh and nginx-gke packages. The only thing they did was to patch the svc from the NGINX package to type LoadBalancer.
• Disaster Recovery:
  • Removed deprecated eks-velero in favour of velero-plugin-for-aws

New features 🌟

This release adds new features acrross all the core modules. Following is a list of the most interesting ones for each module.

• Networking

  • Added Tigera operator package, can be used to manage Calico (instead of installing it directly with calico package) or to enforce Network Policies on EKS-based clusters.

• Monitoring

  • Added blackbox-exporter package to monitor services external to the cluster.

• Logging

  • Introduced logging operator to manage all the logging stack and logging configs in a dynamic way.
  • Added Grafana Loki stack as tech preview.
  • Swtiched from ElasticSearch to OpenSearch.

• Ingress

  • Added ExternalDNS package to manage DNS records for services exposed through Ingress.
  • Added Terraform modules to manage IAM roles on AWS for cert-manager and external-dns.
  • Added Validating Webhook on NGINX ingress controller to validate the Ingress resources and prevent invalid configurations.
  • Forecastle now is Fury branded.

• Disaster Recovery

  • Added a Prometheus alert for when there are no successful backups in the last 24 hours for the included schedules.

• OPA

  • Major overhaul for Gatekeeper Policy Manager that is now released as a v1.0.2.
  • A set of custom Prometheus alerts that get triggered when the Gatekeeper webhooks are misbehaving for more than 5 min has been added.
  • Gatekeeper now has mutating capabilities in addition to just validating.

• Auth

  • Module was introduced as core module.
  • Pomerium, Dex and Gangway packages are available.

Release v1.23.2

Kubernetes Fury Distribution Release v1.23.2

Welcome to the KFD release v1.23.2. This is a patch release fixing bugs in all the core modules.

The team has been working to make the release upgrade as simple as possible, so read carefully the upgrade path of each core module listed below along with the upgrade path of the distribution.

This distribution is maintained with ❤️ by the team SIGHUP, and is battle tested in production environments.

New Features since v1.23.1

Core Module Updates

• networking 📦 core module: v1.8.2 -> v1.9.0
  • Update [Calico] from version 3.21.3 to 3.23.2.
• monitoring 📦 core module: v1.14.1 -> v1.14.2
  • Bugfix on [x509-exporter]
• logging 📦 core module: v1.10.2 -> v1.10.3
  • Update [fluent-bit] from version 1.8.10 to 1.9.5.
• ingress 📦 core module: v1.12.2 -> v1.12.2
  • No updates
• dr 📦 core module: v1.9.2 -> v1.9.2
  • No updates
• OPA 📦 core module: v1.6.2 -> v1.6.2
  • No updates

Please refer the individual release notes for detailed information

Upgrade path

From this version, we are introducing the new versioning system, see the versioning documentation file to know more about the new versioning scheme of the distribution and the upgrade path.

Katalog Procedure

To upgrade the distribution from v1.22.x to v1.23.2, you need to download this new version, vendor the dependencies, finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during the upgrade process.

Release v1.22.0

Kubernetes Fury Distribution Release v1.22.0

Welcome to the KFD release v1.22.0. From this release on, Fury follows a
different versioning schema. KFD version now will closely follow the version of
the latest Kubernetes release that is supported by Fury. This release supports kubernetes runtime v1.22.x.

This distribution is maintained with ❤️ by the team SIGHUP,
and is battle tested in production environments.

This new release of KFD features a bundle of all the core modules supported by
Fury with enhancements and bug fixes.

New Features

Core Module Updates

• Kubernetes 1.22 compatibility on all modules
• networking 📦 core module: v1.9.0
  No update.
• monitoring 📦 core module: v1.14.2
  No update.
• logging 📦 core module: v1.10.3
  No update.
• ingress 📦 core module: v1.12.2
  No update.
• dr 📦 core module: v1.9.2
  No update.
• OPA 📦 core module: v1.6.2
  No update.

Please refer the individual release notes for detailed information

Upgrade path

From this version, we are introducing the new versioning system, see the versioning documentation file to know more about
the new versioning scheme of the distribution and the upgrade path.

Katalog Procedure

To upgrade the distribution from v1.21.x to v1.22.0, you need to download this new version, vendor the dependencies,
finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during
the upgrade process.

Release v1.21.0

Kubernetes Fury Distribution Release v1.21.0

Welcome to the KFD release v1.21.0.
From this release on, Fury follows a different versioning schema.
KFD version now will closely follow the version of the latest Kubernetes release that is supported by Fury.
This release supports kubernetes runtime v1.21.x.

This distribution is maintained with ❤️ by the team SIGHUP, and is battle tested in production environments.

This new release of KFD features a bundle of all the core modules supported by Fury with enhancements and bug fixes.

New Features

Core Module Updates

• Kubernetes 1.21 compatibility on all modules
• Updated documentation for every core module
• networking 📦 core module: v1.7.0 -> v1.9.0
  • Update [Calico] from version 3.19.2 to 3.23.2 and improvement to support
    the new version
• monitoring 📦 core module: v1.13.0 -> v1.14.2
  • Update [Prometheus Operator] from version 0.50.0 to 0.53.1.
  • Update [Prometheus] from version 2.29.1 to 2.32.1.
  • Update [Grafana] from version 8.1.2 to 8.3.3.
  • Update [x509-exporter] from version 2.11.0 to 2.12.1.
  • Update [thanos] from version 0.22.0 to 0.24.0.
  • Update [node-exporter] from version 1.2.2 to 1.3.1.
  • Updates to various prometheus monitoring rules syncing with kube-prometheus.
• logging 📦 core module: v1.9.1 -> v1.10.3
  • Update [fluentd] from version 1.14.0 to 1.14.2.
  • Update [fluent-bit] from version 1.8.2 to 1.9.5.
  • Update [elasticsearch] from version 7.13.3 to 7.16.2.
  • Update [kibana] from version 7.13.3 to 7.16.2.
  • Improve kibana index pattern injection via sidecar, remove readinessProbe
  • several bug fixes on fluentd
• ingress 📦 core module: v1.11.2 -> v1.12.2
  • Update cert-manager CRDs as per upstream, dropping support for versions < v1
  • Update [forecastle] from version 1.0.66 to 1.0.73.
  • Update [nginx] ingress controller from version 1.0.0 to 1.1.0.
  • Update [cert-manager] from version 1.5.3 to 1.6.1.
• dr 📦 core module: v1.8.0 -> v1.9.2
  • Deprecation to eks-velero module in favor of aws-velero
  • Update [Velero] from version 1.6.3 to 1.7.1.
    • Upgrade velero-plugin-for-aws from 1.2.1 to 1.3.0
    • Upgrade velero-plugin-for-microsoft-azure from 1.2.1 to 1.3.1
    • Upgrade velero-plugin-for-gcp from 1.2.1 to 1.3.0
    • Upgrade velero-plugin-for-csi from 0.1.2 to 0.2.0
• OPA 📦 core module: v1.5.0 -> v1.6.2
  • Add optional policy to protect accidental namespace deletion
  • Update [Gatekeeper] from version v3.6.0 to v3.7.0.
  • Update [Gatekeeper Policy Manager]. Version v0.5.1.

Please refer the individual release notes for detailed information

Upgrade path

From this version, we are introducing the new versioning system, see the versioning documentation file to know more about the new versioning scheme of the distribution and the upgrade path.

Katalog Procedure

⚠️: You can upgrade to this version only from a KFD v1.7.x cluster on top of a 1.21.x Kubernetes cluster due to Calico incompatibilities with Kubernetes v1.20.x.

To upgrade the distribution from v1.7.x to v1.21.0, you need to download this new version, vendor the dependencies, finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during the upgrade process.

Release v1.23.1

Kubernetes Fury Distribution Release v1.23.1

Welcome to the KFD release v1.23.1. This is a patch release
fixing bugs in all the core modules.

The team has been working to make the release upgrade as simple as possible, so read carefully the upgrade path of each
core module listed below along with the upgrade path of the distribution.

⚠️ If upgrading from v1.23.0, you must delete all the objects (StatefulSet, Deployment, DaemonSet, etc) as specified in the release notes of the modules
before upgrading to v1.23.1.

This distribution is maintained with ❤️ by the team SIGHUP,
and is battle tested in production environments.

New Features

Core Module Updates

• Removed commonLabels from all the kustomize katalogs

• networking 📦 core module: v1.8.0 -> v1.8.2

  • No updates on the components of the module
  • commonLabels bugfix

• monitoring 📦 core module: v1.14.0 -> v1.14.1

  • No updates on the components of the module
  • commonLabels bugfix

• logging 📦 core module: v1.10.0 -> v1.10.2

  • No updates on the components of the module
  • commonLabels bugfix

• ingress 📦 core module: v1.12.0 -> v1.12.2

  • Update [forecastle] from version 1.0.73 to 1.0.75.
  • commonLabels bugfix

• dr 📦 core module: v1.9.0 -> v1.9.2

  • No updates on the components of the module
  • commonLabels bugfix

• OPA 📦 core module: v1.6.0 -> v1.6.2

  • Fixed an issue present only in v1.6.0 with a missing volume mount that broke the audit process (policy enforcement was unaffected)
  • commonLabels bugfix

Please refer the individual release notes for detailed information

Upgrade path

Katalog Procedure

To upgrade the distribution from v1.23.0 to v1.23.1 please follow the instructions written in the release notes of each core module.

To upgrade this distribution from v1.7.x to v1.23.1, you need to download this new version, vendor the dependencies,
finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during
the upgrade process.

Terraform Procedure

Test it

If you want to test the distribution in a test environment, spin up a
kind cluster, then deploy all rendered manifests.

$ kind version
kind v0.11.0 go1.16.4 darwin/amd64
$ curl -Ls https://github.com/sighupio/fury-distribution/releases/download/v1.23.1/katalog/tests/config/kind-config | kind create cluster --image registry.sighup.io/fury/kindest/node:v1.23.1 --config -
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.20.1) 🖼
 ✓ Preparing nodes 📦 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing StorageClass 💾
 ✓ Joining worker nodes 🚜
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂
$ kubectl apply -f https://github.com/sighupio/fury-distribution/releases/download/v1.23.1/fury-distribution-v1.23.1.yml
namespace/cert-manager created
namespace/gatekeeper-system created
namespace/ingress-nginx created
namespace/logging created
namespace/monitoring created
customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
<TRUNCATED OUTPUT>

NOTE: Run kubectl apply multiple times until you see no errors in the console

Release v1.23.0

❌ This release contains issues, please use the version v1.23.1 instead ❌

Kubernetes Fury Distribution Release v1.23.0

Welcome to the KFD release v1.23.0. From this release on, Fury follows a
different versioning schema. KFD version now will closely follow the version of
the latest Kubernetes release that is supported by Fury. So this is the first
release that supports kubernetes runtime v1.23.0.

This distribution is maintained with ❤️ by the team SIGHUP,
and is battle tested in production environments.

This new release of KFD features a bundle of all the core modules supported by
Fury with enhancements and bug fixes. Alongside, Fury gets a new face with this
release. We would like to introduce our brand new
documentation site with this release.

New Features

Core Module Updates

• Kubernetes 1.23 Tech preview on all modules

• All the core modules have added kubernetes labels to easily identify it to
  be a part of KFD

• Updated documentation for every core module

• Provision for automated canonical definition generation

• networking 📦 core module: v1.7.0 -> v1.8.0

  • Update [Calico] from version 3.19.2 to 3.21.3 and improvement to support
    the new version

• monitoring 📦 core module: v1.13.0 -> v1.14.0

  • Update [Prometheus Operator] from version 0.50.0 to 0.53.1.
  • Update [Prometheus] from version 2.29.1 to 2.32.1.
  • Update [Grafana] from version 8.1.2 to 8.3.3.
  • Update [x509-exporter] from version 2.11.0 to 2.12.1.
  • Update [thanos] from version 0.22.0 to 0.24.0.
  • Update [node-exporter] from version 1.2.2 to 1.3.1.
  • Updates to various prometheus monitoring rules synching with kube-prometheus.

• logging 📦 core module: v1.9.1 -> v1.10.0

  • Update [fluentd] from version 1.14.0 to 1.14.2.
  • Update [fluent-bit] from version 1.8.2 to 1.8.10.
  • Update [elasticsearch] from version 7.13.3 to 7.16.2.
  • Update [kibana] from version 7.13.3 to 7.16.2.
  • Improve kibana index pattern injection via sidecar, remove readinessProbe
  • several bug fixes on fluentd

• ingress 📦 core module: v1.11.2 -> v1.12.0

  • Update cert-manager CRDs as per upstream, dropping support for versions < v1
  • Update [forecastle] from version 1.0.66 to 1.0.73.
  • Update [nginx] ingress controller from version 1.0.0 to 1.1.0.
  • Update [cert-manager] from version 1.5.3 to 1.6.1.

• dr 📦 core module: v1.8.0 -> v1.9.0

  • Deprecation to eks-velero module in favor of aws-velero
  • Update [Velero] from version 1.6.3 to 1.7.1.
    • Upgrade velero-plugin-for-aws from 1.2.1 to 1.3.0
    • Upgrade velero-plugin-for-microsoft-azure from 1.2.1 to 1.3.1
    • Upgrade velero-plugin-for-gcp from 1.2.1 to 1.3.0
    • Upgrade velero-plugin-for-csi from 0.1.2 to 0.2.0

• OPA 📦 core module: v1.5.0 -> v1.6.0

  • Add optional policy to protect accidental namespace deletion
  • Update [Gatekeeper] from version v3.6.0 to v3.7.0.
  • Update [Gatekeeper Policy Manager]. Version v0.5.1.

Please refer the individual release notes for detailed information

Upgrade path

Katalog Procedure

To upgrade this distribution from v1.7.x to v1.23.0, you need to download this new version, vendor the dependencies,
finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during
the upgrade process.

Terraform Procedure

Test it

If you want to test the distribution in a test environment, spin up a
kind cluster, then deploy all rendered manifests.

$ kind version
kind v0.11.0 go1.16.4 darwin/amd6   4
$ curl -Ls https://github.com/sighupio/fury-distribution/releases/download/v1.23.0/katalog/tests/config/kind-config | kind create cluster --image registry.sighup.io/fury/kindest/node:v1.23.0 --config -
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.20.1) 🖼
 ✓ Preparing nodes 📦 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing StorageClass 💾
 ✓ Joining worker nodes 🚜
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂
$ kubectl apply -f https://github.com/sighupio/fury-distribution/releases/download/v1.23.0/fury-distribution-v1.23.0.yml
namespace/cert-manager created
namespace/gatekeeper-system created
namespace/ingress-nginx created
namespace/logging created
namespace/monitoring created
customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
<TRUNCATED OUTPUT>

NOTE: Run kubectl apply multiple times until you see no errors in the console

Release v1.7.1

Fury Distribution v1.7.1

Welcome to the Fury Distribution v1.7.1. This is a patch release
fixing bus in two associated KFD modules.

The team has been working to make the release upgrade as simple as possible, so read carefully the upgrade path of each
core module listed below along with the upgrade path of the distribution.

Changelog

The most important changes are listed below:

• logging 📦 core module: v1.9.0 -> v1.9.1
  • #53 Fixing leader election and RBAC permissions
• ingress 📦 core module: v1.11.1 -> v1.11.2
  • #48 Fix deprecated apiVersion usage for Role and RoleBinding

Upgrade path

Katalog Procedure

To upgrade this distribution from v1.7.0 to v1.7.1, you need to download this new version, vendor the dependencies,
finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during
the upgrade process.

Terraform Procedure

Test it

If you want to test the distribution in a test environment, spin up a
kind cluster, then deploy all rendered manifests.

$ kind version
kind v0.11.0 go1.16.4 darwin/amd64
$ curl -Ls https://github.com/sighupio/fury-distribution/releases/download/v1.7.1/katalog/tests/kind-config-v1.7.1 | kind create cluster --config -
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.20.1) 🖼
 ✓ Preparing nodes 📦 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing StorageClass 💾
 ✓ Joining worker nodes 🚜
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂
$ kubectl apply -f https://github.com/sighupio/fury-distribution/releases/download/v1.7.0/fury-distribution-v1.7.0.yml
namespace/cert-manager created
namespace/gatekeeper-system created
namespace/ingress-nginx created
namespace/logging created
namespace/monitoring created
customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
<TRUNCATED OUTPUT>

NOTE: Run kubectl apply multiple times until you see no errors in the console

Release v1.7.0

Kubernetes Fury Distribution v1.7.0

Welcome to the Fury Distribution v1.7.0. In this new version, we had addressed the update of multiples
packages that belong to the distribution. All of them have been pushed to the latest stable release of each.
It includes testing (as tech preview) against Kubernetes v1.22.0.

The team has been working to make the release upgrade as simple as possible, so read carefully the upgrade path of each
core module listed below along with the upgrade path of the distribution.

Changelog

The most important changes are listed below:

• networking 📦 core module: v1.6.0 -> v1.7.0
  • Kubernetes 1.22 Tech preview.
  • Update Calico from version 3.19.1 to 3.19.2.
• monitoring 📦 core module: v1.12.3 -> v1.13.0
  • Kubernetes 1.22 Tech preview.
  • Update Prometheus Operator from version 0.48.1 to 0.50.0.
  • Update Prometheus from version 2.27.1 to 2.29.1.
  • Update Grafana from version 7.5.7 to 8.1.2.
  • Update [x509-exporter] from version 2.9.2 to 2.11.0.
  • Update thanos from version 0.20.2 to 0.22.0.
  • Update kube-proxy-metrics from version 0.10.0 to 0.11.0.
  • Update node-exporter from version 1.1.2 to 1.2.2.
  • Add oauth2 field to prometheus CRDs to allow authentication with oauth2
  • Add podDisruptionBudget to alertmanager and prometheus.
  • Add alertmanager dashboard.
  • Fix dashboards to work with the latest grafana synching with kube-prometheus.
  • Updates to verious prometheus monitoring rules synching with kube-prometheus.
  • Remove CPUThrottlingHigh.
• logging 📦 core module: v1.8.0 -> v1.9.0
  • Kubernetes 1.22 Tech preview.
  • Update fluentd from version 1.12.3 to 1.14.0.
  • Update fluent-bit from version 1.7.7 to 1.8.2.
  • Update elasticsearch from version 7.13.0 to 7.13.3.
  • Update kibana from version 7.30.0 to 7.13.3.
  • Change Kibana rolling strategy to recreate and remove kibana cpu limits
  • Add startupProbe that creates index-patterns, reverting readinessProbe to the previous version
• ingress 📦 core module: v1.10.0 -> v1.11.1
  • Kubernetes 1.22 Tech preview.
  • Fix the apiVersion of Ingress and IngressClass to v1 to support 1.22
  • Adapt new spec.backend syntax for Ingress
  • Update cert-manager CRDs as per upstream
  • Update forecastle from version 1.0.61 to 1.0.66.
  • Update nginx ingress controller from version 0.46.0 to 1.0.0.
  • Update cert-manager from version 1.3.1 to 1.5.3.
  • Update [pomerium] from version 0.14.4 to 0.15.0.
• dr 📦 core module: v1.7.0 -> v1.8.0
  • Kubernetes 1.22 Tech preview.
  • Update Velero from version 1.6.0 to 1.6.3.
    • Upgrade velero-plugin-for-aws from 1.2.0 to 1.2.1
    • Upgrade velero-plugin-for-microsoft-azure from 1.2.0 to 1.2.1
    • Upgrade velero-plugin-for-gcp from 1.2.0 to 1.2.1
  • Adapt the CRDs to use apiextensions.k8s.io/v1 to support Kubernetes 1.22
• OPA 📦 core module: v1.4.0 -> v1.5.0
  • Kubernetes 1.22 Tech preview.
  • Update Gatekeeper from version v3.4.0 to v3.6.0.
    • Add v1 constraint template CRD to the module.
  • Adapt the CRDs to use apiextensions.k8s.io/v1 to support Kubernetes 1.22
  • Update Gatekeeper Policy Manager. Version v0.5.0.

Upgrade path

Katalog Procedure

To upgrade this distribution from v1.6.0 to v1.7.0, you need to download this new version, vendor the dependencies,
finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during
the upgrade process.

Terraform Procedure

Test it

If you want to test the distribution in a test environment, spin up a
kind cluster, then deploy all rendered manifests.

$ kind version
kind v0.11.0 go1.16.4 darwin/amd64
$ curl -Ls https://github.com/sighupio/fury-distribution/releases/download/v1.7.0/katalog/tests/kind-config-v1.7.0 | kind create cluster --config -
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.20.1) 🖼
 ✓ Preparing nodes 📦 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing StorageClass 💾
 ✓ Joining worker nodes 🚜
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂
$ kubectl apply -f https://github.com/sighupio/fury-distribution/releases/download/v1.7.0/fury-distribution-v1.7.0.yml
namespace/cert-manager created
namespace/gatekeeper-system created
namespace/ingress-nginx created
namespace/logging created
namespace/monitoring created
customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
<TRUNCATED OUTPUT>

NOTE: Run kubectl apply multiple times until you see no errors in the console

Release v1.6.0

Fury Distribution v1.6.0

Welcome to the Fury Distribution v1.6.0. In this new version, we had addressed the update of multiples
packages that belong to the distribution. All of them have been pushed to the latest stable release of each.
It includes testing (as tech preview) against Kubernetes v1.21.0.

The team has been working to make the release upgrade as simple as possible, so read carefully the upgrade path of each
core module listed below along with the upgrade path of the distribution.

Changelog

The most important changes are listed below:

• networking 📦 core module: v1.5.0 -> v1.6.0
  • Kubernetes 1.21 Tech preview.
  • Update Calico from version 3.17.1 to 3.19.1.
• monitoring 📦 core module: v1.11.0 -> v1.12.0
  • Kubernetes 1.21 Tech preview.
  • Update Prometheus Operator from version 0.44.1 to 0.48.1.
  • Update Prometheus from version 2.22.2 to 2.27.1.
  • Update Grafana from version 7.3.6 to 7.5.7.
  • Update metrics-server from version 0.4.1 to 0.5.0.
  • Update Alertmanager from version 0.21.0 to 0.22.2.
  • Update thanos from version 0.12.2 to 0.20.2.
    • Fixing thanos modules, missing namespace on components
  • Update kube-state-metrics from version 1.9.7 to 2.0.0.
    • Update all Alerts and Grafana Dashboards
    • Modify the alerts that track expiration of cluster certificates to fire within 30/7 days of expiration instead
      of 7/1 days. (kubeadm-k8s-rules, prometheus-k8s-rules)
  • Update kube-proxy-metrics
  • Update node-exporter from version 1.0.1 to 1.1.2.
  • Update goldpinger from version 3.0.0 to 3.2.0.
• logging 📦 core module: v1.7.0 -> v1.8.0
  • Kubernetes 1.21 Tech preview.
  • Update Cerebro from version 0.9.3 to 0.9.4.
  • Update fluentd from version 1.11.5 to 1.12.3.
  • Update fluent-bit from version 1.6.9 to 1.7.7.
  • Update elasticsearch from version 7.10.1 to 7.13.0.
  • Update kibana from version 7.10.1 to 7.13.0.
• ingress 📦 core module: v1.9.1 -> v1.10.0
  • Kubernetes 1.21 Tech preview.
  • Update forecastle from version 1.0.61 to 1.0.61.
  • Update nginx ingress controller from version 0.43.0 to 0.46.0.
  • Update cert-manager from version 1.1.0 to 1.3.1.
• dr 📦 core module: v1.6.0 -> v1.7.0
  • Kubernetes 1.21 Tech preview.
  • Update Velero from version 1.5.2 to 1.6.0.
  • Update Velero terraform module to use terraform 0.15.4
    • Simplying the terraform interface.
• OPA 📦 core module: v1.3.0 -> v1.4.0
  • Kubernetes 1.21 Tech preview.
  • Update Gatekeeper from version v3.2.2 to v3.4.0.
    • Add a missing template (unique_service_selector_template) to the template package.
  • Update Gatekeeper Policy Manager. Version v0.4.2.

Upgrade path

Katalog Procedure

To upgrade this distribution from v1.5.X to v1.6.0, you need to download this new version, vendor the dependencies,
finally applying the kustomize project.

furyctl vendor -H
kustomize build . | kubectl apply -f -

NOTE: The upgrade takes some minutes (depends on the cluster size), and you should expect some downtime during
the upgrade process.

Then, in order to clean up old resources:

kubectl delete clusterrolebinding cert-manager-cainjector-leaderelection cert-manager-leaderelection
kubectl delete clusterrole cert-manager-leaderelection

Terraform Procedure

It is important to read the
Disaster Recovery changelong to understand how
to move forward the terraform configuration of the Velero components.
Ensure you are running terraform 0.15.4.

Test it

If you want to test the distribution in a test environment, spin up a
kind cluster, then deploy all rendered manifests.

$ kind version
kind v0.11.0 go1.16.4 darwin/amd64
$ curl -Ls https://github.com/sighupio/fury-distribution/releases/download/v1.6.0/kind-config-v1.6.0.yml | kind create cluster --config -
Creating cluster "kind" ...
 ✓ Ensuring node image (kindest/node:v1.19.1) 🖼
 ✓ Preparing nodes 📦 📦
 ✓ Writing configuration 📜
 ✓ Starting control-plane 🕹️
 ✓ Installing StorageClass 💾
 ✓ Joining worker nodes 🚜
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/#community 🙂
$ kubectl apply -f https://github.com/sighupio/fury-distribution/releases/download/v1.6.0/fury-distribution-v1.6.0.yml
namespace/cert-manager created
namespace/gatekeeper-system created
namespace/ingress-nginx created
namespace/logging created
namespace/monitoring created
customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
<TRUNCATED OUTPUT>

NOTE: Run kubectl apply multiple times until you see no errors in the console