Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update hosting infrastructure #613

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update hosting infrastructure #613

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 10, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change Pending
devsec.hardening galaxy-collection minor 10.1.0 -> 10.2.0
external-secrets minor 0.10.7 -> 0.11.0 0.12.1
k3s-io/k3s patch v1.31.2+k3s1 -> v1.31.4+k3s1
traefik (source) minor 33.0.0 -> 33.2.1

Release Notes

dev-sec/ansible-collection-hardening (devsec.hardening)

v10.2.0

Compare Source

Full Changelog

Implemented enhancements:

Fixed bugs:

Merged pull requests:

external-secrets/external-secrets (external-secrets)

v0.11.0

Compare Source

Deprecation of OLM Releases

As of 0.11.0 is the last release available for OLM until further notice. Depending on the way this goes, we might still have OLM support (ideally with a properly built operator for that), but for sure in a different support scheme as to not overload maintainers anymore.
Also a valid note - you can still use 0.11.0 OLM release and the newest ESO images, you just need to set image.tag appropriately in your setup.

Kubernetes API load and significant decrease

A new way of reconciling external secrets has been added with pull request #​4086.

This significantly reduces the number of API calls that we make to the kubernetes API server.

  1. Memory usage might increase if you are not already using --enable-secrets-caching
    1. If you are using --enable-secrets-caching and want to decrease memory usage at the expense of slightly higher API usage, you can disable it and only enable --enable-managed-secrets-caching (which is the new default)
  2. In ALL cases (even when CreationPolicy is Merge), if a data key in the target Secret was created by the ExternalSecret, and it no longer exists in the template (or data/dataFrom), it will be removed from the target secret:
    1. This might cause some peoples secrets to be "cleaned of data keys" when updating to 0.11.
    2. Previously, the behaviour was undefined, and confusing because it was sort of broken when the template feature was added.
    3. The one exception is that ALL the data suddenly becomes empty and the DeletionPolicy is retain, in which case we will not even report and error, just change the SecretSynced message to explain that the secret was retained.
  3. When CreationPolicy is Owner, we now will NEVER retain any keys and fully calculate the "desired state" of the target secret each loop:
    1. This means that some peoples secrets might have keys removed when updating to 0.11.
Generators and ClusterGenerator

We added ClusterGenerators and Generator caching as well. This might create some problems in the way generators are defined now.

CRD Admission Restrictions

All of the CRDs now have proper kubebuilder markers for validation. This might surprise someone leaving out some data that was essentially actually required or expected in a certain format. This is now validated in #​4104.

Images

Image: ghcr.io/external-secrets/external-secrets:v0.11.0
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi-boringssl

What's Changed
New Contributors

Full Changelog: external-secrets/external-secrets@v0.10.7...v0.11.0

k3s-io/k3s (k3s-io/k3s)

v1.31.4+k3s1: v1.31.4+k3s1

Compare Source

This release updates Kubernetes to v1.31.4, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.31.3+k3s1:

  • Fix secrets-encrypt reencrypt timeout error (#​11442)
  • Remove experimental from embedded-registry flag (#​11444)
  • Rework loadbalancer server selection logic (#​11457)
    • The embedded client loadbalancer that handles connectivity to control-plane elements has been extensively reworked for improved performance, reliability, and observability.
  • Update coredns to 1.12.0 (#​11454)
  • Add node-internal-dns/node-external-dns address pass-through support … (#​11464)
  • Update to v1.31.4-k3s1 and Go 1.22.9 (#​11462)

Embedded Component Versions

Component Version
Kubernetes v1.31.4
Kine v0.13.5
SQLite 3.46.1
Etcd v3.5.16-k3s1
Containerd v1.7.23-k3s2
Runc v1.2.1
Flannel v0.25.7
Metrics-server v0.7.2
Traefik v2.11.10
CoreDNS v1.12.0
Helm-controller v0.16.5
Local-path-provisioner v0.0.30

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

v1.31.4-rc1+k3s1: v1.31.4-rc1+k3s1

Compare Source

v1.31.3+k3s1: v1.31.3+k3s1

Compare Source

This release updates Kubernetes to v1.31.3, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.31.2+k3s1:

Embedded Component Versions

Component Version
Kubernetes v1.31.3
Kine v0.13.5
SQLite 3.46.1
Etcd v3.5.16-k3s1
Containerd v1.7.23-k3s2
Runc v1.2.1
Flannel v0.25.7
Metrics-server v0.7.2
Traefik v2.11.10
CoreDNS v1.11.3
Helm-controller v0.16.5
Local-path-provisioner v0.0.30

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

v1.31.3-rc2+k3s1: v1.31.3-rc2+k3s1

Compare Source

v1.31.3-rc1+k3s1: v1.31.3-rc1+k3s1

Compare Source

traefik/traefik-helm-chart (traefik)

v33.2.1

Compare Source

33.2.1 (2024-12-13)
Bug Fixes
  • Gateway API: CRDs should only be defined once (75f622f)

v33.2.0

Compare Source

Features
  • deps: update traefik docker tag to v3.2.2 (7076b78)
  • Gateway API: update sigs.k8s.io/gateway-api to v1.2.1 (f139bd9)
  • Traefik Proxy: 🎨 harmonize semverCompare calls (2aad522)
  • Traefik Proxy: add tracingparameters to helm chart values (b2c0628)
  • Traefik Proxy: support NativeLB option in GatewayAPI provider (9749d01)
Bug Fixes
  • Traefik Proxy: 🐛 abortOnPluginFailure not released yet (9ee6231)

New Contributors

v33.1.0

Compare Source

Upgrade Notes

Traefik Hub users should update the CRDs following UPGRADING instructions.

Features
  • deps: update traefik docker tag to v3.2.1 (8e991f3)
  • Traefik Hub: add APICatalogItem and ManagedSubscription support (6bfdd50)
  • Traefik Proxy: add abortOnPluginFailure field (b932958)
Bug Fixes
  • KubernetesCRD: 🐛 IngressClass should be readable even when kubernetesIngress is disabled (30012c0)
  • Traefik: support for entrypoint option on allowACMEByPass (18fcb8c)
  • 🐛 support specifying plugins storage (ae13d4b)
  • Traefik Hub: compatibility with Traefik Proxy v3.2 (40473e8)
  • Traefik Proxy: allowEmptyServices not disabled when set to false (4c2a65e)
Documentation
  • 📚️ fix typos in values and readme (d41869e)
  • Gateway API: detail upgrade instruction (218333c)
  • Plugins: 📝 detail behavior and expected values on plugin storage (9a5b396)

New Contributors

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from paulfantom December 10, 2024 17:27
github-actions[bot]
github-actions bot reviewed Dec 10, 2024
View reviewed changes
Copy link

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This pull request was validated by pint.

✔️ No problems found

Stats

Stat Value
Version 0.69.1
Number of rules parsed 329
Number of rules checked 329
Number of problems found 0
Number of offline checks 0
Number of online checks 0
Checks duration 14ms

Problems

No problems reported

@renovate renovate bot force-pushed the renovate/hosting-infrastructure branch from 2659c0b to 202fda0 Compare December 12, 2024 10:31
@renovate renovate bot changed the title chore(deps): update dependency k3s-io/k3s to v1.31.3+k3s1 chore(deps): update hosting infrastructure Dec 12, 2024
@renovate renovate bot force-pushed the renovate/hosting-infrastructure branch 3 times, most recently from 2671c10 to 69cd49a Compare December 23, 2024 13:55
@renovate renovate bot force-pushed the renovate/hosting-infrastructure branch from 69cd49a to 7b5684e Compare December 23, 2024 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@paulfantom paulfantom Awaiting requested review from paulfantom

Assignees

@paulfantom paulfantom

Labels
dependensies/base dependensies/hosting
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@paulfantom