Releases: akuity/kargo
v1.0.2
What's Changed
- chore(backport release-1.0): chore: add redirect from akuity.kargo.io to kargo.io by @akuitybot in #2811
- chore(backport release-1.0): fix(chart): add patchs on promos to kargo-admin clusterrole by @akuitybot in #2810
- chore(backport release-1.0): refactor: move shard filtering to cache level by @akuitybot in #2817
Full Changelog: v1.0.1...v1.0.2
v1.0.1
What's Changed
- chore(backport release-1.0): fix(api): fix broken bearer token auth by @akuitybot in #2802
- chore(backport release-1.0): fix(controller): fix gitlab provider not found by @akuitybot in #2804
- chore(backport release-1.0): fix: don't let stages without verifications get stuck by @akuitybot in #2805
Full Changelog: v1.0.0...v1.0.1
v0.9.2
v1.0.0
💥 Kargo v1.0.0 (GA) is finally here!
🆕 What's New?
Not a lot. (Which is what you want in the GA release!) The main focus of v1.0.0 has been on stability and completing the pivot from rigid promotion mechanisms to flexible promotion steps that started with the v0.9.0 release.
Here's a short list of noteworthy new features and fixes:
🆕 General Improvements
-
Warehouses more consistently discover new Freight at the proper interval.
-
Promotions no longer pre-empt running or pending verification processes.
🪜 Promotion Step Improvements
-
Promotion steps will fail when obvious misconfigurations are detected.
-
Git-based promotion steps now support SSH authentication. (Warehouses already supported this.)
-
The
kustomize-build
promotion step now supports Helm chart inflation.
🖥️ UI Improvements
-
The detailed Stage view now includes a timeline of the Stage's Freight history.
-
Running and pending Promotions can now be aborted directly from the UI.
-
Promotion workflows can be composed in the UI without writing YAML.
🛡️ Security Improvements
-
The official Kargo container image is now distroless. With a much smaller footprint overall, Kargo's attackable surface is reduced and maintainers will be able to more quickly respond to critical CVEs.
-
Kargo controllers (which may run on clusters other than the Kargo control plane) no longer require cluster-wide read access to Secrets. Instead, the management controller (a control plane component) will dynamically expand and contract the scope of all other controllers' Secret access as Projects are created and deleted. (The management controller has already done this same thing for the API server for quite some time.)
‼️ Breaking Changes
If you have designated any namespaces as "global" credential stores by providing values to controller.globalCredentials.namespaces
at install-time, please note that you will need to either:
- Provide your own
RoleBinding
s to permit the Kargo controller(s) to readSecret
s from each of those namespaces
OR
⚠️ Highly discouraged: Setcontroller.serviceAccount.clusterWideSecretReadingEnabled
totrue
Apart from this and the final removal of the legacy promotion mechanisms, which were deprecated in v0.9.0, there are no breaking changes in this release.
If you still rely on the legacy promotion mechanisms, we plan to continue releasing v0.9.x patches through the end of the year to ensure users have ample time to complete the migration.
🙏 New Contributors
Thank you to the following community members whose first contributions to Kargo were included in this release:
Full Changelog: v0.9.1...v1.0.0
v1.0.0-rc.5
fix: fix for deciding to wait for verification or skip to next promo …
v1.0.0-rc.4
refactor(promotion): remove priority queue (#2779) Signed-off-by: Hidde Beydals <hidde@hhh.computer>
v1.0.0-rc.3
chore(deps/tools): bump github.com/bufbuild/buf from 1.44.0 to 1.45.0…
v1.0.0-rc.2
fix(release-process): fix container networking in release image build…
v1.0.0-rc.1
fix(directives): permit `helm-update-chart` access to Kargo client (#…