/
README.md
68 lines (31 loc) · 3.07 KB
/
README.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# :zap: Giant Swarm Release v18.4.0 for AWS :zap:
This release contains changes that address several vulnerabilities and overall improvements. Most important change is extending the IRSA trust policy for external-dns IAM role so it can be used by multiple external-dns in your workload clusters with IRSA enabled.
This release also adds a new component `cilium-prerequisites` that installs `CiliumNetworkPolicy` CRDs towards the easier and downtime-free Cilium migration. This application can also be installed from the catalog.
***Important for IRSA***
When upgrading to AWS Release `v18.4.0` you can additionally set a annotation on AWSCluster CR `alpha.aws.giantswarm.io/enable-cloudfront-alias: ""` to enable the usage of the Cloudfront alternate domain name before v19 where it will be a default. This is useful if you want to take immeditately actions replacing `Kiam`.
***IAM Permissions Requirements***
The minimal requirement for the IAM permissions is [Version 3.1.0](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/blob/master/CHANGELOG.md#310---2023-04-27) of [giantswarm-aws-account-prerequisites](https://github.com/giantswarm/giantswarm-aws-account-prerequisites/) repository.
## Change details
### aws-operator [14.13.1](https://github.com/giantswarm/aws-operator/releases/tag/v14.13.1)
#### Fixed
- Allow to enable ACLs for a S3 buckets.
### containerlinux [3374.2.5](https://www.flatcar-linux.org/releases/#release-3374.2.5)
_Changes since **Stable 3374.2.4**_
#### Security fixes:
- Linux ([CVE-2022-4129](https://nvd.nist.gov/vuln/detail/CVE-2022-4129), [CVE-2022-4382](https://nvd.nist.gov/vuln/detail/CVE-2022-4382), [CVE-2022-4842](https://nvd.nist.gov/vuln/detail/CVE-2022-4842), [CVE-2023-1073](https://nvd.nist.gov/vuln/detail/CVE-2023-1073), [CVE-2023-1074](https://nvd.nist.gov/vuln/detail/CVE-2023-1074), [CVE-2023-23559](https://nvd.nist.gov/vuln/detail/CVE-2023-23559))
#### Bug fixes:
- Excluded the special Kubernetes network interfaces `nodelocaldns` and `kube-ipvs0` from being managed with systemd-networkd which interfered with the setup ([init#89](https://github.com/flatcar/init/pull/89)).
#### Updates:
- Linux ([5.15.92](https://lwn.net/Articles/922340) (includes [5.15.91](https://lwn.net/Articles/921851), [5.15.90](https://lwn.net/Articles/921029)))
### cilium-prerequisites [0.1.1](https://github.com/giantswarm/cilium-prerequisites/releases/tag/v0.1.1)
#### Fixed
- Fixed kube-linter.
### observability-bundle [0.4.2](https://github.com/giantswarm/observability-bundle/releases/tag/v0.4.2)
#### Changed
- Upgrade `prometheus-agent-app` to 0.4.1.
### vertical-pod-autoscaler [3.4.2](https://github.com/giantswarm/vertical-pod-autoscaler-app/releases/tag/v3.4.2)
#### Changed
- Remove circleci job for pushing to shared app collection
### vertical-pod-autoscaler-crd [2.0.1](https://github.com/giantswarm/vertical-pod-autoscaler-crd/releases/tag/v2.0.1)
#### Changed
- in [#59](https://github.com/giantswarm/vertical-pod-autoscaler-crd/pull/59) removed duplicate resources for the CRDs definition causing errors during mc-bootstrap