Skip to content

v1.7.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 09 Jun 03:22
· 64 commits to main since this release
v1.7.0
97b2956
This commit was signed with the committer’s verified signature.
juliansommer Julian Sommer
SSH Key Fingerprint: Wv1a7Qkqz+r5RSPhgh6fUQCNTlZgGvx6sgyJNbLnNRU
Verified
Learn about vigilant mode.

What's Changed

Kubernetes (EKS)

  • New AWS-compatible managed Kubernetes service: full cluster lifecycle (CreateCluster -> ACTIVE, plus Describe/List/Delete) backed by a K3s control plane
  • Managed node groups (CreateNodegroup/UpdateNodegroupConfig/DeleteNodegroup) - workers auto-join the cluster on boot
  • IAM-authenticated kubectl: aws eks get-token resolves to AccessEntries and access policies, no aws-auth ConfigMap
  • IRSA: per-cluster OIDC provider with JWKS discovery, plus IAM OpenID Connect provider management
  • Managed add-ons API and public/private endpoint access (scoped by publicAccessCidrs)
  • Single spinifex-eks-node AMI for server and agent roles, installable with one spx admin images import

Identity (IAM/STS/IMDS)

  • IMDS v2: identity, metadata and IAM credentials over the standard link-local endpoint
  • STS: GetSessionToken for temporary session credentials
  • IAM: OpenID Connect provider CRUD for IRSA

Certificates (ACM)

  • New ACM-compatible service: ImportCertificate / DescribeCertificate / ListCertificates / DeleteCertificate for BYO certs, powering HTTPS load balancer listeners

Load Balancing (ELBv2)

  • Network Load Balancers: L4 data plane (TCP/UDP/TLS) on nginx with active per-target health checks
  • HTTPS listeners with TLS termination - ACM certificates and configurable SSL policies
  • New APIs: SetSubnets, SetSecurityGroups, SetIpAddressType, AddTags/RemoveTags, and listener-certificate management
  • Deletes are now idempotent on already-deleted resources (Terraform destroy-safe)
  • Resource Groups Tagging GetResources for AWS Load Balancer Controller discovery

Networking

  • ENI hot-plug now wires a real OVS tap with OVN binding - attach/detach a network interface on a running instance
  • Recycled Elastic IPs are reachable immediately (host neighbour priming + round-robin address allocation), so a just-released EIP no longer returns unreachable

Reliability

  • EKS cluster create/delete is crash-safe: partial-failure teardown leaks no NLBs, ENIs, or security groups, and reconcilers resume after a daemon restart
  • A control plane that never becomes healthy fails with a clear reason instead of hanging in CREATING
  • Load balancer microVM NIC fix (virtio_net dependency chain) and lb-agent nginx-start hang resolved - NLB targets no longer stall at 0/N
Assets 7
Loading