github akuity/kargo v1.0.0

latest releases: v1.1.0-rc.2, v1.1.0-rc.1, v1.0.3...
one month ago

💥 Kargo v1.0.0 (GA) is finally here!

🆕 What's New?

Not a lot. (Which is what you want in the GA release!) The main focus of v1.0.0 has been on stability and completing the pivot from rigid promotion mechanisms to flexible promotion steps that started with the v0.9.0 release.

Here's a short list of noteworthy new features and fixes:

🆕 General Improvements

  • Warehouses more consistently discover new Freight at the proper interval.

  • Promotions no longer pre-empt running or pending verification processes.

🪜 Promotion Step Improvements

  • Promotion steps will fail when obvious misconfigurations are detected.

  • Git-based promotion steps now support SSH authentication. (Warehouses already supported this.)

  • The kustomize-build promotion step now supports Helm chart inflation.

🖥️ UI Improvements

  • The detailed Stage view now includes a timeline of the Stage's Freight history.

  • Running and pending Promotions can now be aborted directly from the UI.

  • Promotion workflows can be composed in the UI without writing YAML.

🛡️ Security Improvements

  • The official Kargo container image is now distroless. With a much smaller footprint overall, Kargo's attackable surface is reduced and maintainers will be able to more quickly respond to critical CVEs.

  • Kargo controllers (which may run on clusters other than the Kargo control plane) no longer require cluster-wide read access to Secrets. Instead, the management controller (a control plane component) will dynamically expand and contract the scope of all other controllers' Secret access as Projects are created and deleted. (The management controller has already done this same thing for the API server for quite some time.)

‼️ Breaking Changes

If you have designated any namespaces as "global" credential stores by providing values to controller.globalCredentials.namespaces at install-time, please note that you will need to either:

  1. Provide your own RoleBindings to permit the Kargo controller(s) to read Secrets from each of those namespaces

OR

  1. ⚠️ Highly discouraged: Set controller.serviceAccount.clusterWideSecretReadingEnabled to true

Apart from this and the final removal of the legacy promotion mechanisms, which were deprecated in v0.9.0, there are no breaking changes in this release.

If you still rely on the legacy promotion mechanisms, we plan to continue releasing v0.9.x patches through the end of the year to ensure users have ample time to complete the migration.

🙏 New Contributors

Thank you to the following community members whose first contributions to Kargo were included in this release:

Full Changelog: v0.9.1...v1.0.0

Don't miss a new kargo release

NewReleases is sending notifications on new releases.