akuity/kargo v0.3.0

on GitHub

The Kargo team is pleased to present a feature-packed v0.3.0 release!

⚠️  Be warned that with Kargo still in its early stages, and the team still learning what works and what doesn't, this release is packed with breaking changes. There is no supported upgrade path to v0.3.0 from previous releases.

What's New

PR-Based Promotions

Git-based promotion mechanisms may now, optionally, open a pull request instead of committing directly to a branch. Such promotions remain in a running state until the pull request is merged or closed. This exciting new capability gives teams the option to utilize code review as an implicit approval process.

This feature is currently only supported for GitHub repositories.

Verifications

After a successful promotion, Stage resources now enter a Verifying phase. Once such a Stage has cleared any applicable health checks, an optional, user-defined verification process is executed.

Some users may be familiar with Argo Rollouts AnalysisTemplate resources (and the AnalysisRun resources that are spawned from them). These were intentionally built to be re-usable in contexts other than Argo Rollouts. Kargo's user-defined verification processes, therefore, take the form of one or more references to AnalysisTemplate resources that reside in the same project/namespace as the Stage resource, which grants those processes all the benefits of this rich and battle-tested feature of Argo Rollouts.

SSO Improvements

Kargo is typically configured to support single-sign-on (SSO) using an external identity provider that implements the OpenID Connect protocol.

Kargo also implements authorization of all user actions using pure Kubernetes RBAC. i.e. Permission to perform various actions on various Kargo resources is therefore granted via RoleBinding resources that associate users or ServiceAccount resources with Role resources.

Because Kargo users log into the Kargo CLI or UI via SSO, their identifies are unknown to Kargo's underlying Kubernetes cluster. This represents an impediment to using Kubernetes RBAC to authorize the actions of such users. Kargo now answers this challenge through a scheme that permits users to be mapped to zero or more Kubernetes ServiceAccount resources.

Please, refer to the documentation for more details.

Freight Improvements

Aliases

If you've tried Kargo before, you may have noticed that each Freight resource's ID is a SHA-1 hash of that Freight resource's contents. Deriving the ID deterministically from the contents provides numerous technical benefits, but working with SHA-1 hashes is, to say the least, cumbersome for human users.

To that end, new Freight resources are now labeled with whimsical, system-generated aliases that are each guaranteed to be unique within the project/namespace. Unlike a Freight resource's ID, its alias is mutable, meaning users may optionally confer meaningful aliases on important pieces of Freight, such as a likely release candidate.

Updating Freight aliases is currently available via the Kargo CLI only. i.e. This feature is not yet present in the UI.

Manual Approvals

One bit of feedback we've heard a lot of is that a stringent requirement that a new piece of Freight traverses an entire delivery pipeline to reach production is too restrictive when the need for hotfix occasionally arises. To that end, Freight resources may now be manually approved for promotion to any Stage, thereby enabling that Freight to bypass deployment and verification in any number of intermediate Stages.

Manual Freight approval is currently available via the Kargo UI only. i.e. This feature is not yet present in the CLI.

Miscellaneous Improvements

• Warehouse resources now perform shallow, single-branch clones of the Git repositories they subscribe to.

• Freight references to container images now include digests as well as tags and digests can even be used in promotion processes in place of tags for a higher degree of determinism.

• Much as with kubectl, Kargo CLI users may now configure a default project/namespace.

• Numerous devx improvements.

• Too many UI improvements and bug fixes to enumerate here!

New Contributors

Last, but certainly not least, Kargo would be nothing without its community, so we'd like to take a moment to thank community members whose first contributions to the project are included in this release:

• @paulliwog made their first contribution in #1135
• @Juneezee made their first contribution in #1142
• @lrotim made their first contribution in #1041
• @Tchoupinax made their first contribution in #1223
• @Brightside56 made their first contribution in #1288
• @snooyen made their first contribution in #1277

Full Changelog: v0.2.1...v0.3.0