Skip to content

1.0.0-beta-7
Compare
Choose a tag to compare
@github-actions github-actions released this 09 Jan 21:33
· 5 commits to develop since this release
1.0.0-beta-7
46f3523

Release 1.0.0-beta-7 (2025-01-08)

This release changes the default behavior for certificate management. The default option will now create a self-signed certificate created and managed by the chart itself. cert-manager is removed as a dependency.

Upgrade Steps

  • Update TLS preferences; preferences for the TLS certificate used by the ValidatingWebhookConfiguration configurations and webhook-server are now managed by the insightsController.tls section. See the README.md and values.yaml for configuration details.
    • If TLS preferences are set in the insightsController.server.tls or insightsController.webhooks.caBundle section(s), remove them and review the README.md and values.yaml for new options in the insightsController.tls section.
    • It is likely that no changes will need to be made, unless there is a preference for using an external cert-manager or externally created certificates.
  • If settings in the initJob field are set, rename the initJob field to initScrapeJob.

Breaking Changes

  • initJob field renamed to initScrapeJob.
  • insightsController.server.tls section is removed in favor of insightsController.tls.
  • tls.issuer and tls.certificate can no longer be individually toggled; instead, set insightsController.tls.useCertManager to toggle both the Issuer and Certificate resources at the same time.
  • insightsController.webhooks.caBundle is moved to insightsController.tls.caBundle.
  • cert-manager is removed as a dependency. The chart will no longer use cert-manager as a default for certificate management. If there is a preference to manage the TLS certificate with cert-manager, see the README.md for details.

New Features

  • Internal Certificate Creation: Previous versions of the beta agent attempted to deploy cert-manager and depended on cert-manager to provision and manage the TLS certificate used by the ValidatingWebhookConfiguration configurations and webhook-server. As of this beta version, the default behavior is changed such that the TLS certificate is created by the <RELEASE-NAME>-webhook-server-init-cert Job.
    • The ValidatingWebhookConfiguration resources and the Secret created to hold the TLS certificate information are automatically patched to use this certificate.

Improvements

  • Internal KSM Names Properly Prefixed: The internal KSM (cloudzero-state-metrics) managed by the chart now properly prefixes all created resources with the chart release name.

Other Changes

  • Expanded ClusterRole Permissions: The ClusterRole used by the agent now requires patch permissions on validatingwebhookconfigurations and secrets for the respective resources created by the chart.
Assets 2
Loading