v0.11.2

Full Changelog: v0.11.1...v0.11.2

v0.11.1

• VMSpecs.Memory in GiB and not MiB.

• Using notblank instead of notblank.required.

• Creating initial Velero and Sealed Secrets backups while bootstrapping a fresh cluster.

• Shifting from Syself's to HCloud's official CCM Helm chart.

v0.11.0

cluster bootstrap command support for HCloud

v0.10.0

Feat :

• Finished cluster recover command implementation for Azure.

• Persist general config in cluster dir in user's KubeAid config repo.

Fixes :

• Fixed downloadBlobContent function - adding YAML extension to the file where downloaded backed up Sealed Secrets keys are persisted.

• Using kubectl replace --force instead of kubectl apply to restore backed up Sealed Secrets keys.

• While recovering cluster, recover sealed secrets controller private keys and then install sealed secrets.

• Fixed AssertNotNil function.

• Adding external-snapshotter template.

• Not syncing all ArgoCD Apps at the end of BootstrapCluster if recovering a cluster.

• Upgrading Kubernetes API server endpoint in Cilium values file when recovering a cluster.

Chores :

• Extracting common node-group validation logic in validateNodeGroup function.

• Updated go mod dependencies.

v0.9.0

fix(azure) : changing scope to subscription level for velero UAMI | installing azuredisk-csi-driver and external-snapshotter ArgoCD Apps | minor changes here and there :

• Giving security events write permission to the Github Actions release Workflow.

• Installing external-snapshotter ArgoCD App.

• Ignoring replicas field for MachineDeployment type resource, when calculating sync status for the capi-cluster ArgoCD App.

Azure specific changes :

• Changing scope to subscription level for velero UAMI.

• Installing azuredisk-csi-driver ArgoCD App.

• Wrote function to download contents from Azure Blob Container (not tested).

feat(azure) : bringing support for ARM64 based nodes :

• Bringing support for ARM64 based nodes, in case of Azure.

• Fixed renovate JSON5 config file

• Fixed Azure CLI login issue (which popped up recently).

• Updated dependencies in nix flake.

• Moved disasterRecovery section under cloud, instead of it being in the cloud provider specific section.

• Not updating cluster specific directory in user's KubeAid config, when doing disaster recovery.

added support for specifying CA bundle for accessing customer's Git server.

v0.8.0

Azure support related :

• Validate PEM type SSH key-pair (used for external OpenID provider associated with the Workload Identity setup).

• Scale to / from zero support for node-groups.

• Deploying Velero to provisioned cluster.

• Deploying Sealed Secrets backuper CRONJob to provisioned cluster.

• High performance networking using Cilium.

  Not possible, since we need to have an BGP router to do cross subnet traffic routing.

Bug fixes :

• After doing clusterctl move, CAPZ and ASO weren't able to authenticate with Microsoft Entra. Fixed that.

• After doing clusterctl move, sealed secrets weren't getting updated (to being signed by the provisioned cluster's Sealed Secrets key) in KubeAid. Fixed that.

Developer experience and CI related :

• Added golangci-lint, trivy and renovate configuration files.

• Fix all lint errors.

• Write a Gitea Actions workflow file, to run lint tests for each PR.

• Update the Github release actions workflow file, to do vulnerability scanning using Trivy and upload the results as GitHub artifacts.

• Instead of directly fetching binaries like azwi and clusterawsadm, fetch the source repository and use buildGoModule to build the binary intead. This way, it's easier to support all the OS + CPU architecture combinations.

• Creating KubeAid Bootstrap Script overlay. So I can install the kubeaid-bootstrap-script binary along with its runtime dependencies, in KubeAid Agent, using KubeAid Agent's nix flake.

  Ditched the idea of building multi-arch container images using Nix.
  Not worth the time as of now.

**Related changes in KubeAid ** :

• added azure-workload-identity-webhook KubeAid chart

• consuming service account issuer keys from Kubernetes Secret

• removing root account password for each node

Signed-off-by: Archisman [email protected]

v0.7.2

• Currently we have a single config file : the KubeAid Bootstrap Script config file.

  And credentials get picked up, with this precedence order :
  CLI Flag > Environment Variable > KubeAid Bootstrap Script config file.

  A downside of specifying credentials via CLI flags / environment variables is that the credentials will stay in the shell history.

  We need to have a dedicated KubeAid Bootstrap Script secrets file. Any credentials will be specified there.

  We can later have a feature : of automatically backing up the secrets file in an S3 compatible storage, during the cluster bootstrap process.

  Or the user can just save the secrets file in passwordstore / 1password / other password management solutions.

  And the config file will be saved in the KubeAid config's cluster specific directory.

  If the user wants to reinstall / recover a cluster, the user can download the KubeAid Bootstrap Script config and secret files locally, update tokens and credentials (if required) and then use them to run the corresponding command.

• Also, hides this annoying ArgoCD port-forward error :

  E0403 16:48:33.891777   48128 portforward.go:391] "Unhandled Error" err="error copying from remote stream to local
  connection: readfrom tcp4 127.0.0.1:53214->127.0.0.1:53218: write tcp4 127.0.0.1:53214->127.0.0.1:53218: write: broken
  pipe" logger="UnhandledError"
  

• I ran the cluster upgrade aws command. The capi-cluster.values.yaml got weirdly and wrongly formatted : Archisman-Mridha/kubeaid-config@main...Archisman-Mridha:kubeaid-config:kubeaid-kubeaid-demo-aws-1740740791.

  I have to disable yq's formatting.

v0.7.1

• Implementing a custom slog handler which emits colorized logs.
• Using multiwriter to write to both os.Stdout and a log file.
• Disabled debug logs from the Helm SDK.
• Having a nice folder structure in the outputs directory.

v0.7.0

• When we push changes to the branch, go-git logs a message by default : it contains link to create PR against the upstream repository (Obmondo's kubeaid-config). I need to take a look at whether we can disable this or not.

• At the end of the cluster setup process, print out a help text for the user : containing command which the user can just copy paste and then visit localhost:8080 to access the ArgoCD dashboard.

• Have a flag, which can be used to make the script push changes directly to the main branch instead of going through the PR flow (this should be used while testing only).

• Have a --skip-monitoring-setup flag, to skip KubePrometheus installation.

• Use a dedicated K3D container image registry

• During cluster setup phase, install ArgoCD and Sealed Secrets using KubeAid's charts and not direct upstream's charts

• ArgoCD App file name format changed from*.app.yaml to *.yaml.
  Helm chart values file name format changed from*.values.yaml to values-*.yaml.

• --debug flag works.

• time slog attribute will be present only in debug mode.

• Fix CI build failure by doing :

	// We need this, otherwise Github Actions CI run will fail with this error :
	// https://github.com/Obmondo/kubeaid-bootstrap-script/actions/runs/14102269130/job/39500847660#step:6:5993.
	// REFER : https://github.com/argoproj/argo-cd/issues/22007.
	github.com/cyphar/filepath-securejoin => github.com/cyphar/filepath-securejoin v0.3.6

• colored logger

Azure specific work done :

• Azure Workload Identity + ClusterAPI setup

  A small task is still remaining. I need to change a command, so az login can be done non-interactively.

v0.6.0

Features :

• Added a command to provision a local K3D cluster and setup KubeAid (for internal testing purposes).

• This is the priority of cloud credentials sources :
  CLI flags > Environment Variables > Config file > ~/.aws

• (aws) : add controlPlane.loadBalancerScheme option in config

• You can now specify the KubeAid tag you want to use, in the config file.

Fixes :

• retry locating chart on server misbehaviour error