- Updated our tests/unit to support
unittests
v0.5.1 (#414, #421) (by @jk464) - Migrate to kubeconform for k8s linting, as kubeval is now deprecated (#420) (by @jk464)
- Allow clusters that do not use kubeproxy to disable presleep. (#416) (by @cognifloyd)
- Fix syntax with ensure-packs-volumes-are-writable job (#403, #411) (by @skiedude)
- Add securityContext support to custom st2packs images, extra_hooks jobs; Also fallback to st2actionrunner securityContext for misc init container jobs and pods. (#410) (by @cognifloyd)
- Stop generating the DataStore Secret (#385) and checksum labels (#391) when existing secret provided or disabled (by @bmarick)
- Stop generating the checksum labels for Auth Secret (#392) when existing secret provided or disabled (by @bmarick)
- Use
image.pullPolicy
for all containers including init containers that useimage.utilityImage
. (#397) (by @jk464) - Add new
image.entrypoint
value to simplify using a custom entry point likedumb-init
orpid1
(if installed in the image). (#413) (by @cognifloyd) - Improve Deployments migration in
migrations/v1.0/standardize-labels.sh
by temporarily orphaning the old ReplicaSets. (#412) (by @cognifloyd)
- Bump to latest CircleCI orb versions ([email protected] and [email protected] by @ZoeLeah)
- Remove unsupported k8s Versions (1.24.x and 1.25.x by @ZoeLeah)
- Update and add new K8s versions (1.28.3, 1.27.7 and 1.26.10 by @ZoeLeah)
- Switch from ubuntu-2204:2022.10.2 to ubuntu-2204:current (by @ZoeLeah)
- Update K3s to v1.28.3+k3s1 (by @ZoeLeah)
- Increase helm install timeout to 15 minutes (by @ZoeLeah)
- Shift K3s and K8s versions forward. (by @mamercad)
- BREAKING: Use the standardized labels recommended in the Helm docs. You can use
migrations/v1.0/standardize-labels.sh
to prepare an existing cluster before runninghelm update
. (#351) (by @cognifloyd) - Drop support for
networking.k8s.io/v1beta1
which was removed in kubernetes v1.22 (EOL 2022-10-28) (#353) (by @cognifloyd) - Reduce duplication in label tests (#354) (by @cognifloyd)
- Add
st2canary
job as a Helm Hook that runs before install/upgrade to ensurest2.packs.volumes
is configured correctly (ifst2.packs.volumes.enabled
). (#323) (by @cognifloyd) - Enable using existing
st2-auth
secret. This allows users to manage this secret outside of the Helm process. (#359) (by @bmarick) - Add terminationGracePeriodSeconds to workflow and actionrunner pods to allow adjustment of grace period in k8 (#374) (by @guzzijones12)
- Fix st2 client config issue affecting addon jobs using jobs.extra_hooks (#371) (by @cars)
- Prevent duplicate init containers on helm upgrade (#375) (by @guzzijones12)
- Workaround kubeproxy+kubelet race: Add presleep for st2auth, st2web, st2api, st2stream (#382) (by @guzzijones12)
- Switch st2 to
v3.8
as a new default stable version (#347) - Cover the three most recent Kubernetes versions in Minikube and the single most recent in K3s. (#342) (by @mamercad)
- Update the GitHub badges. (#345) (by @mamercad)
- Reorganizing and renaming the CI workflows and jobs. (#344) (by @mamercad)
- Add support for providing
ingressClassName
. (#336) (by @mamercad) - Add an experimental GitHub/K3s Lint and End-to-End testing workflow. (#243) (by @mamercad)
- Set
st2client
resources byvalues.yaml
. (#337) (by @mamercad) - Switch to the official
bats
Docker image for e2e tests. (#338) - Temporary workaround for #311 to use previous bitnami index from: bitnami/charts#10539 (#312 #318) (by @0xhaven)
- Refactor label definitions to be more consistent by building labels and label selectors in partial helper templates. (#299) (by @cognifloyd)
- Use the correct
apiVersion
forIngress
to add support for Kubernetesv1.22
. (#301) (by @arms11) - Fix mounts for
jobs.preRegisterContentCommand
container to use the same mounts as the primary register-content container. (#322) (by @cognifloyd) - Add support for providing custom st2actionrunner-specific docker repository, image name, pull policy, and pull secret via
values.yaml
. (#141) (by @Sheshagiri) - Fix bug that hung an init container when
st2.packs.volumes.enabled
withoutst2.packs.volumes.configs
. (#324) (by @rebrowning) - Add ability to create custom labels for service account.(#327)(by @SuganJoe)
- Fix bug that would not set the appropriate redis connection string when using
redis.password
andredis.usePassword
(#325) (by @rebrowning) - New Feature: Add
existingConfigSecret
. If this is defined, thest2.secrets.conf
key within this secret will be written as /etc/st2/st2.secrets.conf and added to the end of the command line arguments of all pods. (#289) (by @eric-al/@ericreeves) - New Feature: Add
extra_volumes
to all python-based st2 jobs. (#333) (by @bmarick)
- Switch st2 to
v3.7
as a new default stable version (#274) - Upgrade MongoDB
v4.0
->v4.4
as 4.0 has reached its EOL. (#304) - Migrate from
python 3.6
Ubuntu Bionic
topython 3.8
Ubuntu Focal
as a base StackStorm OS (StackStorm/st2-dockerfiles#54) - Add support for use of overrides that are available in
v3.7
of st2 via helm charts. (#306)
- Advanced Feature: Make securityContext (on Deployments/Jobs) and podSecurityContext (on Pods) configurable. This allows dropping all capabilities, for example. You can override the securityContext for
st2actionrunner
,st2sensorcontainer
, andst2client
if your actions or sensors need, for example, additional capabilites that the rest of StackStorm does not need. (#271) (by @cognifloyd) - Prefix template helpers with chart name and format helper comments as template comments. (#272) (by @cognifloyd)
- New feature: Add
extra_volumes
to all python-based st2 deployments. This can facilitate changing log levels by loading logging conf file(s) from a custom ConfigMap. (#276) (by @cognifloyd) - Initialize basic unittest infrastructure using
helm-unittest
. Added tests for labels, custom annotations, SecurityContext, pullSecrets, pullPolicy, Resources, nodeSelector, tolerations, affinity, dnsPolicy, dnsConfig, ServiceAccount attach, postStartScript, both sensor-modes, env, envFrom, st2.packs.images, and st2.packs.volumes. (#284, #288, #292) - Allow partitioning sensors using the hash_range strategy instead of one sensor per pod. (#218) (by @cognifloyd)
- New feature to include possibility for external services in st2api, st2stream and st2auth, setting default value for this services as
ClusterIP
andhostname: ""
. Also, added new entry for custom_annotations_test.yaml and created new unit test services_test.yaml. (by @sandesvitor) - Advanced Feature: Add extra Helm hook Jobs. This minimizes the boilerplate required to run stackstorm workflows at various helm hook stages: post-install, pre-upgrade, post-upgrade. (#265) (by @cognifloyd)
- Switch st2 to
v3.6
as a new default stable version (#274) - Explicitly differentiate sensor modes:
all-sensors-in-one-pod
vsone-sensor-per-pod
. Exposes the mode in newstackstorm/sensor-mode
annotation. (#222) (by @cognifloyd) - Allow adding custom env variables to any Deployment or Job. (#120) (by @AngryDeveloper)
- Template the contents of st2.config and the values in st2chatops.env. This allows adding secrets defined elsewhere in values. (#249) (by @cognifloyd)
- Set default/sample RBAC config files to "" (empty string) to prevent adding them. This is needed because they cannot be removed by overriding the roles/mappings values. (#247) (by @cognifloyd)
- Make configuring
stackstorm/sensor-mode=all-sensors-in-one-pod
more obvious by usingst2.packs.sensors
only forone-sensor-per-pod
.all-sensors-in-one-pod
mode now only uses values fromst2sensorcontainer
. (#246) (by @cognifloyd) - Use "--convert" when loading keys into datastore (in key-load Job) so that
st2.keyvalue[].value
can be any basic JSON data type. (#253) (by @cognifloyd) - New feature: Add
extra_volumes
tost2actionrunner
,st2client
,st2sensorcontainer
. This is useful for loading volumes to be used by actions or sensors. This might include secrets (like ssl certificates) and configuration (like system-wide ansible.cfg). (#254) (by @cognifloyd) - Some
helm upgrades
do not need to run all the jobs. An upgrade that only touches RBAC config, for example, does not need to run the register-content job. Use--set 'jobs.skip={apikey_load,key_load,register_content}'
to skip the other jobs. (#255) (by @cognifloyd) - Refactor deployments/jobs to inject st2 username/password via
envFrom
instead of viaenv
. (#257) (by @cognifloyd) - New feature: Add
envFromSecrets
tost2actionrunner
,st2client
,st2sensorcontainer
, and jobs. This is useful for adding custom secrets to the environment. This complements theextra_volumes
feature (loading secrets as files) to facilitate loading secrets that are not easily injected via the filesystem. (#259) (by @cognifloyd) - New feature to include
nodeSelector
,affinity
andtolerations
tost2client
, allowing more flexibility to pod positioning. (#263) (by @sandesvitor) - Template
~/.st2/config
. This allows customizing the settings used by thest2client
and jobs pods for using the st2 apis. (#262) (by @cognifloyd) - Fix indent for lifecycle postStart hook of
st2web
pod. (#268) (by @cognifloyd) - Advanced Feature: Allow
st2web
to serve HTTPS when the ssl certs are provided viast2web.extra_volumes
. To enable this, addST2WEB_HTTPS: "1"
tost2web.env
in your values file. (#264) (by @cognifloyd) - Custom annotations now apply to deployments and jobs, not just pods. (#270) (by @cognifloyd)
- BREAKING CHANGE: Auto-generate
datastore_crypto_key
on install if not provided. This way all HA installs will have a datastore_crypto_key configured. This is only a breaking change for installations that do not want adatastore_crypto_key
. To disable setdatastore_crypto_key
todisable
instead of setting it to""
,null
, or leaving it unset. (#266) (by @cognifloyd)
- New feature: Shared packs volumes
st2.packs.volumes
. Allow using cluster-specific persistent volumes to store packs, virtualenvs, and (optionally) configs. This enables usingst2 pack install
. It even works withst2packs
images inst2.packs.images
. (#199) (by @cognifloyd) - Updated redis constant sentinel ID which will allow other sentinel peers to update to the new given IP in case of pod failure or worker node reboots. (#191) (by @manisha-tanwar)
- Removed reference to st2-license pullSecrets, which was missed when removing enterprise flags (#192) (by @cognifloyd)
- Add optional imagePullSecrets to ServiceAccount using
serviceAccount.pullSecret
from values.yaml. If pods do not have imagePullSecrets (eg withoutimage.pullSecret
in values.yaml), k8s populates them from the ServiceAccount. (#196 & #239) (by @cognifloyd) - Reformat some yaml strings so that single quotes wrap strings that include double quotes (#194) (by @cognifloyd)
- st2chatops change: If
st2chatops.env.ST2_API_KEY
is defined, do not setST2_AUTH_USERNAME
orST2_AUTH_PASSWORD
env vars any more. (#197) (by @cognifloyd) - Add image.tag overrides for all deployments. (#200) (by @cognifloyd)
- If your k8s cluster admin requires custom annotations (eg: to indicate mongo or rabbitmq usage), you can now add those to each set of pods. (#195) (by @cognifloyd)
- BREAKING CHANGE: Move secrets.st2.* values into st2.* (#203) (by @cognifloyd)
- Auto-generate password and ssh_key secrets. (#203) (by @cognifloyd)
- Add optional hubot-scripts volume to st2chatops pod. To add this, define
st2chatops.hubotScriptsVolume
. (#207) (by @cognifloyd) - Add advanced pod placment (nodeSelector, affinity, tolerations) to specs for batch Jobs pods. (#193) (by @cognifloyd)
- Allow adding dnsPolicy and/or dnsConfig to all pods. (#201) (by @cognifloyd)
- Move st2-config-vol volume definition and list of st2-config-vol volumeMounts to helpers to reduce duplication (#198) (by @cognifloyd)
- Fix permissions for /home/stanley/.ssh/stanley_rsa using the postStart lifecycle hook (#219) (by @cognifloyd)
- Make system_user configurable when using custom st2actionrunner images that do not provide stanley (#220) (by @cognifloyd)
- Allow providing scripts in values for use in lifecycle postStart hooks of all deployments. (#206) (by @cognifloyd)
- Add preRegisterContentCommand in an initContainer for register-content job to run last-minute content customizations (#213) (by @cognifloyd)
- Fix a bug when datastore cryto keys are not able to read by the rules engine.
datastore_crypto_key
volume is now mounted on thest2rulesengine
pods (#223) (by @moti1992) - Minimize required sensor config by using default values from st2sensorcontainer for each sensor in st2.packs.sensors (#221) (by @cognifloyd)
- Do not template rabbitmq secrets file unless rabbitmq subchart is enabled. (#242) (by @cognifloyd)
- Automatically stringify st2chatop.env values if needed. (#241) (by @cognifloyd)
- Switch st2 version to
v3.5dev
as a new latest development version (#187) - Change st2packs definition to a list, to support multiple st2packs containers (#166) (by @moonrail)
- Enabled RBAC/LDAP configuration for OSS version, removed enterprise flags (#182) (by @hnanchahal)
- Fixed datastore_crypto_key secret name for rules engine (#188) (by @lordpengwin)
- Improve resource allocation and scheduling by adding resources requests cpu/memory values for st2 Pods (#179)
- Avoid cluster restart loop situations by making st2 Pod initContainers to wait for DB/MQ connection (#178)
- Add option to define config.js for st2web (#165) (by @moonrail)
- Added Redis with Sentinel to replace etcd as a coordination backend (#169)
- Drop Helm
v2
support and fully migrate to Helmv3
(#163) - Switch dependencies from deprecated
helm/charts
to new Bitnami Subcharts (#163)
- Fix Helm 2 repository location to a new working URL https://charts.helm.sh/stable (#164) (by @manisha-tanwar)
- Switch st2 version to
v3.4dev
as a new latest development version (#157) - Disable Enterprise testing in CI (#157)
- Change pullPolicy to "IfNotPresent", as Docker-Hub Ratelimits now (#159) (by @moonrail)
- Update
rabbitmq-ha
3rd party chart from1.44.1
to1.46.1
(#158) (by @moonrail) - Enable
rabbitmqErlangCookie
forrabbitmq-ha
by default, to ensure cluster-redeployments do not fail (#158) (by @moonrail) - Add
forceBoot
forrabbitmq-ha
by default, to ensure cluster-redeployments do not fail due to unclean exits (#158) (by @moonrail) - Add option to define pull secret for st2 images (#162) (by @moonrail)
- Fix a bug when datastore encrypted keys didn't work in scheduled rules. datastore_crypto_key is now shared with the
st2scheduler
pods (#148) (by @rahulshinde26) - Change NOTES.txt template for using ST2 CLI to include namespace argument in 'kubectl exec' command (#150) (by @rahulshinde26)
- Move the apiVersion
extensions/v1beta1
tonetworking.k8s.io/v1beta1
for ingress (#149) (by @jb-abbadie)
- Fix chart compatibility with Helm versions >=
2.16.8
by downgradingmongodb-replicaset
from3.14.0
to3.12.0
(#137) (by @AbhyudayaSharma) - Allow injection of datastore key in cluster (#115) (by @AngryDeveloper)
- Pin st2 version to
v3.3dev
as a new latest development version (#129) - Migrate from
py2
Ubuntu Xenial
topy3
Ubuntu Bionic
as a base StackStorm OS (StackStorm/st2-dockerfiles#16, #129) - Switch from MongoDB
3.4
to4.0
for the mongodb-ha Helm chart (#129) - Update
etcd-operator
3rd party chart from0.10.0
to latest0.10.3
(#129) - Update
rabbitmq-ha
3rd party chart from1.36.4
to1.44.1
(#129) - Update
mongodb-replicaset
3rd party chart from3.9.6
to3.14.0
(#129) - Update CI infrastructure env, run tests on updated Helm
v2.16.7
, latest minikubev1.10.1
and K8s1.18
(#129)
- Added support for custom image repository (#131) (by @ytjohn)
- Added support to toggle etcd-operator as a coordination backend (#127) (by @rrahman-nv)
- Added custom annotations to sensorcontainer and actionrunner Pods (#123) (by @stefangusa)
- Improve Helm values recommendations to configure 3rd party chart dependencies
rabbitmq-ha
andmongodb-ha
in prod (#125) (by @stefangusa)
- Change ingress name from
<release name>-ingress
to<release name>-st2web-ingress
, useful when usingstackstorm-ha
as a requirement for another chart. (#112) (by @erenatas) - Fix st2web ingress which should have been defined as an Integer instead of a String (#111) (by @erenatas)
- Add an option to inject hostAliases in the st2actionrunner containers (#114)
- Add support for Service Accounts (#117) (by @Vince-Chenal)
- Fix st2web ingress to use
/
path by default instead of/*
, useful for nginx ingress controller (#103) (by @erenatas) - Add ability of templating on
st2.keyvalue
in Helm Values (#108) (by @erenatas) - Update Ingress documentation in Helm values (#105) (by @AngryDeveloper)
- Add support for latest K8s version
1.16
, update e2e CI - Fix
StatefulSet
validation failure due to new K8s APIs, updaterabbitmq-ha
3rd party chart tov1.36.4
(#85)
- Add an option to pull custom st2packs image from private Docker repository (#87)
- Remove local 'docker-registry' dependency for hosting custom packs in-cluster that doesn't fit prod expectations (#88)
- Change etcd dependency from incubator/etcd to stable/etcd-operator (#81) (by @trstruth)
- Add option to disable MongoDB and RabbitMQ in-cluster deployment and configuration (#79) (by @trstruth)
- Compose multi-node connection string for MongoDB cluster instead of using loadbalancer single host (#80)
- Configure RabbitMQ Queue mirroring by default, see https://www.rabbitmq.com/ha.html (#78)
- Pin st2 to
v3.2dev
as a new latest development version (#77)
- Add chart e2e
helm test
with BATS. Run CI checks with minikube and CircleCI on every PR/push and nightly.
- st2web now uses HTTP by default (#72). We now recommend you rely on
LoadBalancer
orIngress
to add HTTPS layer on top of it.
- Add support for ingress (#68)
- Pin st2 version to
v3.1dev
as a new latest development version (#67)
- Mongodb authentication is enabled by default (#63) (by @Lomonosow)
- Move
st2web.annotations
tost2web.service.annotations
to matchvalues.yaml
(#66)
- Add st2chatops support (#55) (by @mosn, @rapittdev)
- Bump versions of all dependencies (#50)
- Allow st2sensorcontainer to be partitioned (#51)
- Replace single-node
etcd
coordination backend with 3-node etcd HA cluster, deployed as a Helm dependency (#52) - Fixed improper job load order for enterprise edition failing due to missing RBAC roles & assignments (#53)
- Add new Helm value setting
st2.apikeys
to allow importing predefined ST2 API keys (#36)
- Pin st2 version to
v3.0dev
as a new latest development version (#41)
- Switch st2 version from
v3.0dev
tov2.10dev
due to new release plans (#40)
- Fix LoadBalancer templating to utilize correct service endpoints in NOTES (#39)
- Ensure st2sensorcontainer is re-deployed on
st2.packs.configs
change (#37)
- Add ability to specify service type for st2web (#35)
- Fix st2web re-deployment is not triggered when updating SSL cert (#33)
- Add new Helm
st2.keyvalue
to import data into st2 K/V storage (#30) - Include new st2 component
st2scheduler
, introduced in st2v2.10
(#32)
- Add StackStorm FOSS (community version), make Enterprise install optional (#22)
- Rename chart
stackstorm-enterprise-ha
->stackstorm-ha
(#26)
- Move some of the defaults into original st2.conf
- Add st2packs, - a way to use custom st2 packs as a shareable Docker image via sidecar containers
- Initial public version, referencing StackStorm Enterprise HA as a Helm chart