Releases: StackStorm/stackstorm-k8s
Releases · StackStorm/stackstorm-k8s
v1.1.0
New Features / Enhancements
- Add
securityContext
support to customst2packs
images,extra_hooks
jobs; Also fallback to st2actionrunner securityContext for misc init container jobs and pods. by @cognifloyd in #410 - Stop generating the DataStore Secret (#385) and checksum labels when existing secret provided or disabled by @bmarick in #391
- Stop generating the checksum labels for Auth Secret when existing secret provided by @bmarick in #392
- Use
image.pullPolicy
for all containers including init containers that useimage.utilityImage
by @jk464 in #398 - Add
image.entrypoint
value to simplify using a custom entry point likedumb-init
orpid1
by @cognifloyd in #413
Bugfixes
Other Misc Changes
- Update README.md to fix mispelling of volumes by @FileMagic in #404
- Improve Deployments migration in
migrations/1.0/standardize-labels.sh
by temporarily orphaning the old ReplicaSets by @cognifloyd in #412
New Contributors
- @skiedude made their first contribution in #403
- @FileMagic made their first contribution in #404
- @jk464 made their first contribution in #398
Full Changelog: v1.0.0...v1.1.0
v1.0.0
The first stable release! 🎉
Breaking Changes
- Use the standardized labels recommended in the Helm docs. You can use
migrations/v1.0/standardize-labels.sh
to prepare an existing cluster before running helm update. by @cognifloyd in #351 - Drop support for
networking.k8s.io/v1beta1
which was removed in kubernetes v1.22 (EOL 2022-10-28) by @cognifloyd in #353
New features
- Add
st2canary
job as a Helm Hook that runs before install/upgrade to ensurest2.packs.volumes
is configured correctly (ifst2.packs.volumes.enabled
). by @cognifloyd in #323 - Configurable
utilityImage
+clusterDomain
by @guzzijones in #356 - Enable using existing st2-auth secret. This allows users to manage this secret outside of the Helm process. by @bmarick in #359
- Add external secret for datastore encryption by @guzzijones in #366
- Add
terminationGracePeriodSeconds
to workflow and actionrunner pods to allow adjustment of grace period in k8s by @guzzijones in #374
Bugfixes
- Increase default db timeouts to avoid replicaset timeout by @guzzijones in #356
- PVC should use
claimName
key by @fuhrmannb in #369 - Remove redundant
[credentials]
header by @cars in #371 - Prevent duplicate init containers on helm upgrade by @guzzijones in #375
- Workaround kubeproxy+kubelet race: Add presleep for st2auth, st2web, st2api, st2stream by @guzzijones in #382
- Secret DataStore Crypto Key should not be created when existing provided by @bmarick in #385
Other Misc Changes
- Reduce duplication in label tests by @cognifloyd in #354
- CI: Shift K3s and K8s versions forward by @mamercad in #358
- Update K8s to latest version by @ZoeLeah in #379
- Update the Chart Maintainers - the StackStorm Authors by @armab in #383
- Create
v1.0.0
and add "Releasing information" by @mamercad in #389
New Contributors
- @guzzijones made their first contribution in #356
- @fuhrmannb made their first contribution in #369
- @cars made their first contribution in #371
- @ZoeLeah made their first contribution in #379
- @armab made their first contribution in #383
Full Changelog: v0.110.0...v1.0.0
v0.110.0
This release, v0.110.0, is the last of the v0.* releases. The next release will be v1.0.0.
This release installs StackStorm v3.8
as the new stable version (#347). Other updates are listed below.
Breaking Changes
None
Community Contributions (THANKS!)
New feature contributions
- Add support for providing custom st2actionrunner-specific docker repository, image name, pull policy, and pull secret via
values.yaml
. (#141) (by @Sheshagiri) - Add
existingConfigSecret
. If this is defined, thest2.secrets.conf
key within this secret will be written as /etc/st2/st2.secrets.conf and added to the end of the command line arguments of all pods. (#289) (by @eric-al/@ericreeves) - Add
extra_volumes
to all python-based st2 jobs. (#333) (by @bmarick) - Add ability to create custom labels for service account. (#327) (by @SuganJoe)
- Add support for providing
ingressClassName
. (#336) (by @mamercad) - Set st2client resources by values.yaml. (#339) (by @mamercad)
Bugfix contributions
- Temporary workaround for #311 to use previous bitnami index from: bitnami/charts#10539 (#312 #318) (by @0xhaven)
- Use the correct
apiVersion
forIngress
to add support for Kubernetesv1.22
. (#301) (by @arms11) - Fix bug that hung an init container when
st2.packs.volumes.enabled
withoutst2.packs.volumes.configs
. (#324) (by @rebrowning) - Fix bug that would not set the appropriate redis connection string when using redis.password and redis.usePassword (#325) (by @rebrowning)
Other Misc contributions
- Switch to the official bats Docker image for e2e tests. (#338) (by @mamercad)
- Cover the three most recent Kubernetes versions in Minikube and the single most recent in K3s. (#342) (by @mamercad)
- Update the GitHub badges. (#345) (by @mamercad)
- Reorganizing and renaming the CI workflows and jobs. (#344) (by @mamercad)
- Add an experimental GitHub/K3s Lint and End-to-End testing workflow. (#243) (by @mamercad)
Other Misc
- Refactor label definitions to be more consistent by building labels and label selectors in partial helper templates. (#299) (by @cognifloyd)
- Fix mounts for
jobs.preRegisterContentCommand
container to use the same mounts as the primary register-content container. (#322) (by @cognifloyd)
v0.100.0
Breaking Changes
None
Community Contributions (THANKS!)
- Migrate from
python 3.6
Ubuntu Bionic
topython 3.8
Ubuntu Focal
as a base StackStorm OS (StackStorm/st2-dockerfiles#54) (by @jstaph) - Add support for use of overrides that are available in
v3.7
of st2 via helm charts. (#306) (by @cwilson21)
Misc updates
v0.90.0
Breaking Changes
None
Community Contributions (THANKS!)
- New feature to include possibility for external services in st2api, st2stream and st2auth, setting default value for this services as
ClusterIP
andhostname: ""
. Also, added new entry for custom_annotations_test.yaml and created new unit test services_test.yaml. (by @sandesvitor)
Major Features
- Add
extra_volumes
to all python-based st2 deployments. This can facilitate changing log levels by loading logging conf file(s) from a custom ConfigMap. (#276) (by @cognifloyd) - Allow partitioning sensors using the hash_range strategy instead of one sensor per pod. (#218) (by @cognifloyd)
- Advanced Feature: Make securityContext (on Deployments/Jobs) and podSecurityContext (on Pods) configurable. This allows dropping all capabilities, for example. You can override the securityContext for
st2actionrunner
,st2sensorcontainer
, andst2client
if your actions or sensors need, for example, additional capabilites that the rest of StackStorm does not need. (#271) (by @cognifloyd) - Advanced Feature: Add extra Helm hook Jobs. This minimizes the boilerplate required to run stackstorm workflows at various helm hook stages: post-install, pre-upgrade, post-upgrade. (#265) (by @cognifloyd)
Everything Else
- Prefix template helpers with chart name and format helper comments as template comments. (#272) (by @cognifloyd)
- Initialize basic unittest infrastructure using
helm-unittest
. Added tests for labels, custom annotations, SecurityContext, pullSecrets, pullPolicy, Resources, nodeSelector, tolerations, affinity, dnsPolicy, dnsConfig, ServiceAccount attach, postStartScript, both sensor-modes, env, envFrom, st2.packs.images, and st2.packs.volumes. (#284, #288, #292)
v0.80.0
Breaking Changes
- Auto-generate
datastore_crypto_key
on install if not provided. This way all HA installs will have a datastore_crypto_key configured. This is only a breaking change for installations that do not want adatastore_crypto_key
. To disable setdatastore_crypto_key
todisable
instead of setting it to""
,null
, or leaving it unset. (#266)
Community Contributions (THANKS!)
- Allow adding custom env variables to any Deployment or Job. (#120) (by @angrydeveloper)
- Include
nodeSelector
,affinity
andtolerations
onst2client
to allow more flexibility in pod positioning. (#263) (by @sandesvitor)
Significant Fixes
- Set default/sample RBAC config files to "" (empty string) to prevent adding them. This is needed because they cannot be removed by overriding the roles/mappings values. (#247)
- Fix indent for lifecycle postStart hook of
st2web
pod. (#268)
Major Features
- Switch st2 to
v3.6
as a new default stable version (#274) - Advanced Feature: Allow
st2web
to serve HTTPS when the ssl certs are provided viast2web.extra_volumes
. To enable this, addST2WEB_HTTPS: "1"
tost2web.env
in your values file. (#264) - Add
extra_volumes
tost2actionrunner
,st2client
,st2sensorcontainer
. This is useful for loading volumes to be used by actions or sensors. This might include secrets (like ssl certificates) and configuration (like system-wide ansible.cfg). (#254) - Some
helm upgrades
do not need to run all the jobs. An upgrade that only touches RBAC config, for example, does not need to run the register-content job. Use--set 'jobs.skip={apikey_load,key_load,register_content}'
to skip the other jobs. (#255) - Add
envFromSecrets
tost2actionrunner
,st2client
,st2sensorcontainer
, and jobs. This is useful for adding custom secrets to the environment. This complements theextra_volumes
feature (loading secrets as files) to facilitate loading secrets that are not easily injected via the filesystem. (#259)
Everything Else
- Refactor deployments/jobs to inject st2 username/password via
envFrom
instead of viaenv
. (#257) - Use "--convert" when loading keys into datastore (in key-load Job) so that
st2.keyvalue[].value
can be any basic JSON data type. (#253) - Custom annotations now apply to deployments and jobs, not just pods. (#270)
- Template more values:
- Improve sensor handling:
- Explicitly differentiate sensor modes:
all-sensors-in-one-pod
vsone-sensor-per-pod
. Exposes the mode in newstackstorm/sensor-mode
annotation. (#222) - Make configuring
stackstorm/sensor-mode=all-sensors-in-one-pod
more obvious by usingst2.packs.sensors
only forone-sensor-per-pod
.all-sensors-in-one-pod
mode now only uses values fromst2sensorcontainer
. (#246)
- Explicitly differentiate sensor modes:
v0.70.0
Breaking Changes
- Move
secrets.st2.*
values intost2.*
(#203)
Community Contributions (THANKS!)
- Updated redis constant sentinel ID which will allow other sentinel peers to update to the new given IP in case of pod failure or worker node reboots. (#191) (by @manisha-tanwar)
- Fix a bug when datastore cryto keys are not able to read by the rules engine.
datastore_crypto_key
volume is now mounted on thest2rulesengine
pods (#223) (by @moti1992)
Significant Fixes
- Fix permissions for
/home/stanley/.ssh/stanley_rsa
using the postStart lifecycle hook (#219) - st2chatops change: If
st2chatops.env.ST2_API_KEY
is defined, do not setST2_AUTH_USERNAME
orST2_AUTH_PASSWORD
env vars any more. (#197)
Major Features
- Shared packs volumes
st2.packs.volumes
. Allow using cluster-specific persistent volumes to store packs, virtualenvs, and (optionally) configs. This enables usingst2 pack install
. It even works withst2packs
images inst2.packs.images
. (#199) - Add
image.tag
overrides for all deployments. (#200) - Auto-generate password and ssh_key secrets. (#203)
- Allow adding
dnsPolicy
and/ordnsConfig
to all pods. (#201) - Make
system_user
configurable when using custom st2actionrunner images that do not providestanley
(#220) - Allow providing scripts in values for use in lifecycle postStart hooks of all deployments. (#206)
- Add
preRegisterContentCommand
in aninitContainer
for register-content job to run last-minute content customizations (#213)
Everything Else
- Removed reference to st2-license pullSecrets, which was missed when removing enterprise flags (#192)
- Add optional imagePullSecrets to ServiceAccount using
serviceAccount.pullSecret
from values.yaml. If pods do not have imagePullSecrets (eg withoutimage.pullSecret
in values.yaml), k8s populates them from the ServiceAccount. (#196 & #239) - Reformat some yaml strings so that single quotes wrap strings that include double quotes (#194)
- If your k8s cluster admin requires custom annotations (eg: to indicate mongo or rabbitmq usage), you can now add those to each set of pods. (#195)
- Add optional hubot-scripts volume to st2chatops pod. To add this, define
st2chatops.hubotScriptsVolume
. (#207) - Add advanced pod placment (nodeSelector, affinity, tolerations) to specs for batch Jobs pods. (#193)
- Move st2-config-vol volume definition and list of st2-config-vol volumeMounts to helpers to reduce duplication (#198)
- Minimize required sensor config by using default values from st2sensorcontainer for each sensor in st2.packs.sensors (#221)
- Do not template rabbitmq secrets file unless rabbitmq subchart is enabled. (#242)
- Automatically stringify st2chatop.env values if needed. (#241)
v0.60.0
Warning!
Breaking change!
- Switch st2 version to
v3.5dev
as a new latest development version (#187) - Change st2packs definition to a list, to support multiple st2packs containers (#166) (by @moonrail)
- Enabled RBAC/LDAP configuration for OSS version, removed enterprise flags (#182) (by @hnanchahal)
- Fixed datastore_crypto_key secret name for rules engine (#188) (by @lordpengwin)