Changelog
kubara now supports packaging, versioning and publishing catalogs as artifacts to any registry just like helm. Allowing you to create a single delivery unit for your platforms. For this we introduced new commands kubara catalog login,package,pull,push. You can find out more about that here.
A new guide on how cross templating works has been published as well:
https://docs.kubara.io/latest-stable/2_concepts/catalog_templating/
As well as new commands for more easily adding spoke clusters using kubara cluster list and kubara cluster add <your-new-cluster>
Last but not least, we now only render the charts to the gitops repository that are actually used and automatically add the activated services for spoke clusters to ArgoCD in the hub cluster.
Breaking changes
We try to keep kubara backwards compatible as much as possible and have builtin migrations of existing config files for different scenarios but as kubara is still young breaking changes are unavoidable for certain changes. Therefore we try our best to keep you informed and bundle changes of that sort in a release such as this:
Migration steps
Changed Cluster Secret Store syntax for External Secrets:
If you have added a custom Cluster Secret Store in:
customer-service-catalog/helm/<cluster-name>/external-secrets/additional-values.yaml
You will have to migrate the list to a map like so:
clusterSecretStores:
- name: your-cluster-name
provider: ...
# after
clusterSecretStores:
your-cluster-name:
provider: ... Secret path layout
kubara so far expected the secrets to be stored at the root of your secret manager. We now introduced a better and more scalable structure:
Namespace-specific secrets now use:
<cluster-name>/<stage>/<namespace>/<secret>
Cluster-wide secrets now use:
<cluster-name>/<stage>/cluster_secrets/<secret>
If you use the STACKIT SKE terraform we provide as part of the general catalog. The secrets will be automatically migrated. Please check using terraform plan and apply the change using terraform apply before pushing a newly rendered state to your gitops repository.
Catalog versioning
If you already are using the catalog feature and have already created a catalog using the last version. You will be delighted to hear that we now support packaging and publishing catalogs as registry artifacts like helm. "Unfortunately" this means we had introduce versioning and you will have to add spec.version to your catalog like in this example:
apiVersion: kubara.io/v1alpha1
kind: Catalog
metadata:
name: your-catalog
spec:
version: 0.1.0
More about catalogs:
- f4a9901 feat!: add namespaced SecretStore support (stores now keyed by map) (#418)
- 5c18ee7 feat!: catalog versioning, packaging and caching (#372)
- c7047ff refactor!: standardize secret path layout (#416)
Features
- acd0b22 feat: add T Cloud Public OpenBao layer and platform Terraform wiring (#435)
- 19e7d7e feat: add T Cloud Public Terraform modules (#431)
- db41a8f feat: add T Cloud Public provider Helm values and Velero wiring (#436)
- b8b844c feat: add cluster management commands (#413)
- e4e04b7 feat: add kubara agents command for coding-agent onboarding (#434)
- aedff2c feat: catalog remote distribution (#430)
- b622759 feat: migration of loadbalancer ip fields from cluster to metallb config block (#433)
- e69e6a5 feat: refactor stackit edge cloud provisioning (#347)
Bug fixes
- 3b1e110 fix(renovate): align chart version bump with changelog on major dependency updates (#432)
- 8caba3d fix(tcloud): misaligned kubeconfig naming scheme for terraform (#457)
- 040733d fix: kubara init --local creates .env automatically instead of failing when .env is missing
- 2f86112 fix: migration of private load balancer ip by suffixing /32 subnet (#438)
Dependency updates
- 07b5910 chore(deps): update actions/cache action to v6 (#452)
- 7e5172e chore(deps): update actions/checkout action to v7 (#426)
- ac1ae7d chore(deps): update actions/setup-go action to v6.5.0 (#448)
- db09f33 chore(deps): update actions/setup-go digest to 924ae3a (#440)
- 16f3759 chore(deps): update dependency astral-sh/uv to v0.11.23 (#419)
- f0bf638 chore(deps): update dependency astral-sh/uv to v0.11.25 (#442)
- 7c7953b chore(deps): update ghcr.io/opentelekomcloud/external-dns-t-cloud-public-webhook docker tag to v1.1.3 (#443)
- cbaca8d chore(deps): update github.com/external-secrets/external-secrets/apis digest to 67a603d (#441)
- c6c73a5 chore(deps): update github.com/external-secrets/external-secrets/apis digest to ec9a121 (#412)
- 36c5dac chore(deps): update helm release argo-cd to v10 (#453)
- 5e5988e chore(deps): update helm release cert-manager to v1.20.3 (#444)
- 20f18a2 chore(deps): update helm release external-secrets to v2.7.0 (#449)
- 284ac74 chore(deps): update helm release kube-prometheus-stack to v87 (#427)
- 92e0f58 chore(deps): update helm release prometheus-blackbox-exporter to v11.13.0 (#424)
- 0c286e9 chore(deps): update helm release velero to v12.1.0 (#450)
- 79ee886 chore(deps): update module github.com/urfave/cli/v3 to v3.10.1 (#445)
- 17c81e4 chore(deps): update module oras.land/oras-go/v2 to v2.6.1 (#420)
- ec23246 chore(deps): update renovatebot/github-action action to v46.1.16 (#421)
- 5a46c88 chore(deps): update renovatebot/github-action action to v46.1.17 (#446)
- c2c97c9 chore(deps): update terraform stackit to v0.100.0 (#425)
- e22528f chore(deps): update terraform vault to v5.10.1 (#451)
- fc0cfe8 chore(deps): update traefik docker tag to v41 (#428)
- 649bcdb chore(deps): update velero/velero-plugin-for-aws docker tag to v1.14.2 (#447)
Documentation
- 22526c6 docs: add footer with privacy and imprint link as well as get rid of drawio and google fonts dependencies (#415)
- 7256b8a docs: added 'brew trust' to install guide (#429)
- 65ca3d9 docs: introduce new infrastructure presets section and new pages to clarify kubara's infrastructure requirements (#437)
- c033e5d docs: upgrade mkdocs dependencies