kubecost/cost-analyzer-helm-chart v2.3.5

on GitHub

Fixes

• Reduced memory footprint.
• Fix an issue blocking settings page because of core count limit.
• Fix an issue with Cloud costs page not leveraging cloud account mappings.
• Fix an issue with higher than normal numbers in gcp cloud costs.
• Fix an issue with aggregating by label on right-sizing.
• Fix an issue with request-sizing sort by field causing an api error.
• Fix an issue with scheduled reports not sending.
• Fix an issue with collections adding cloud cost with custom labels.
• Fix an issue with external costs not getting ingested properly.
• Fix an issue with asset budgets getting an api error using service workload type.
• Fix an issue with budgets page resetting weekly send 1-7 from 0-6.
• Fix an issue in budgets collection selector not showing selected value.
• Fix an issue causing prometheus query error in local storage queries.
• Fix an issue creating cloud cost reports via helm chart.
• Fix an issue with trial status disappearing on upgrade of eks optimized.
• Fix an issue with slow queries on cluster status api.
• Fix an issue with invalid provider name in the cluster list and cluster detail.
• Fix error visible in aggregator logs “append row Failure: acquiring max concurrency semaphore: context canceled” resulting in hung api responses.
• Fix an issue with allocation top line matching allocation summary api.
• Fix an issue with assets not matching allocation summary api.
• Fix an issue with adjustments when no cloud integration or custom pricing is enabled.
• Fix an issue with auth loops when OIDC values are set.
• Fix an issue with azure costs being lower in kubecost than azure.

Helm Fixes

• #3595 Fix okta redirect loop.
• #3600 Reduce Memory usage.

Security Updates

• #3618 Bump kubecost-modeling to v0.1.15 to fix CVE-2024-7592
• #3609 Bump kubecost-modeling to v0.1.14 to fix CVE-2024-4603, CVE-2024-5535, CVE-2024-4603, CVE-2024-5535, CVE-2024-6923, CVE-2024-37891
• #3594 Bump cluster-controller to 0.16.8 to fix CVE-2024-41110
• #3603 Bump Grafana for CVE-2024-21490 CVE-2024-24557

Known issues:

• prom/prometheus v2.53.1 in our helm chart has a known critical CVE-2024-41110 that has not been resolved upstream. Once this is resolved we will patch again.
• redhat/ubi9 has a known high CVE-2024-6345 that has not been resolved upstream. We are working for alternate resolutions here as ubi9 has left this open for some time. Will patch a resolution for this when we have a verified and tested solution.