Adding CAPA v25.1.0 minor release

README.md

@@ -22,6 +22,8 @@ to all Giant Swarm installations.
 - v25
   - v25.0
     - [v25.0.0](https://github.com/giantswarm/releases/tree/master/capa/v25.0.0)
+  - v25.1.0
+    - [v25.1.0](https://github.com/giantswarm/releases/tree/master/capa/v25.1.0) 
 - v20
   - v20.1
     - [v20.1.4](https://github.com/giantswarm/releases/tree/master/aws/v20.1.4)

capa/kustomization.yaml

@@ -2,6 +2,7 @@ commonAnnotations:
   giantswarm.io/docs: https://docs.giantswarm.io/ui-api/management-api/crd/releases.release.giantswarm.io/
 resources:
 - v25.0.0
+- v25.1.0
 - v26.0.0
 - v27.0.0
 - v28.0.0

capa/v25.0.0/release.yaml

@@ -119,4 +119,4 @@ spec:
   - name: kubernetes
     version: 1.25.16
   date: "2024-06-20T18:00:00Z"
-  state: active
+  state: deprecated

capa/v25.1.0/README.md

@@ -0,0 +1,46 @@
+# :zap: Giant Swarm Release v25.1.0 for CAPA :zap:
+
+This release updates the components, keeping them upto date with Vintage AWS v20.1.x series. Several improvements for Vintage to CAPA migration have also been included.
+
+## Change details compared to CAPA 25.0.0
+
+### cluster-aws [1.1.0](https://github.com/giantswarm/cluster-aws/releases/tag/v1.1.0)
+
+### Fixed
+- Fixed China IRSA suffix
+
+#### Added
+- Add the Management Cluster name as a tag to the AWS resources created by CAPA.
+- Add the node pool name as a tag to the AWS resources associated with the node pool.
+
+#### Changed
+- Update cluster chart to 0.35.0
+
+
+### cert-manager [3.7.9](https://github.com/giantswarm/cert-manager-app/releases/tag/v3.7.9)
+
+#### Fix
+- Remove quotes from acme-http01-solver-image argument. The quotes are used when looking up the image which causes an error.
+
+#### Update
+- Improves container security by setting `runAsGroup` and `runAsUser` greater than zero for all deployments.
+
+### containerlinux [3815.2.5](https://www.flatcar-linux.org/releases/#release-3815.2.5)
+
+ _Changes since **Stable 3815.2.4**_
+
+#### Security fixes:
+
+ - openssh ([CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387))
+
+#### Updates:
+
+ - Linux ([6.1.96](https://lwn.net/Articles/979851))
+ - openssh ([9.7_p1](https://www.openssh.com/txt/release-9.7))
+
+### cilium [0.25.1](https://github.com/giantswarm/cilium-app/releases/tag/v0.25.1)
+
+#### Changed
+- Fix regression setting Policy BPF Max map policyMapMax back to 65536 from 16384.
+- Upgrade cilium to v1.15.6.
+

capa/v25.1.0/announcement.md

@@ -0,0 +1 @@
+**Workload cluster release v25.1.0 for CAPA is available**. This release updates the components, keeping them up to date with Vintage AWS v20.1.x series. Several improvements for Vintage to CAPA migration have also been included. Further details can be found in the [release notes](https://docs.giantswarm.io/changes/workload-cluster-releases-capa/releases/aws-25.1.0/).

capa/v25.1.0/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+- release.yaml

capa/v25.1.0/release.yaml

@@ -0,0 +1,122 @@
+apiVersion: release.giantswarm.io/v1alpha1
+kind: Release
+metadata:
+  name: aws-25.1.0
+spec:
+  apps:
+  - name: aws-ebs-csi-driver
+    version: 2.30.1
+    dependsOn:
+    - cloud-provider-aws
+  - name: aws-ebs-csi-driver-servicemonitors
+    version: 0.1.0
+    dependsOn:
+    - cert-manager
+  - name: aws-pod-identity-webhook
+    version: 1.16.0
+    dependsOn:
+    - cert-manager
+  - name: capi-node-labeler
+    version: 0.5.0
+  - name: cert-exporter
+    version: 2.9.0
+    dependsOn:
+    - kyverno
+  - name: cert-manager
+    version: 3.7.9 # aligning with Vintage, fixing bugs
+    dependsOn:
+    - prometheus-operator-crd
+  - name: chart-operator-extensions
+    version: 1.1.2
+    dependsOn:
+    - prometheus-operator-crd
+  - name: cilium
+    version: 0.25.1 # as per Cabbage request fixing bugs
+  - name: cilium-crossplane-resources
+    version: 0.1.0
+  - name: cilium-servicemonitors
+    version: 0.1.2
+    dependsOn:
+    - prometheus-operator-crd
+  - name: cloud-provider-aws
+    version: 1.25.14-gs3
+    dependsOn:
+    - vertical-pod-autoscaler-crd
+  - name: cluster-autoscaler
+    version: 1.27.3-gs9
+    dependsOn:
+    - kyverno
+  - name: coredns
+    version: 1.21.0
+    dependsOn:
+    - cilium
+  - name: etcd-k8s-res-count-exporter
+    version: 1.10.0
+    dependsOn:
+    - kyverno
+  - name: external-dns
+    version: 3.1.0
+    dependsOn:
+    - prometheus-operator-crd
+  - name: irsa-servicemonitors
+    version: 0.0.1
+    dependsOn:
+    - cert-manager
+  - name: k8s-audit-metrics
+    version: 0.9.0
+    dependsOn:
+    - kyverno
+  - name: k8s-dns-node-cache
+    version: 2.6.2
+    dependsOn:
+    - kyverno
+  - name: metrics-server
+    version: 2.4.2
+    dependsOn:
+    - kyverno
+  - name: net-exporter
+    version: 1.19.0
+    dependsOn:
+    - prometheus-operator-crd
+  - name: network-policies
+    version: 0.1.1
+    catalog: cluster
+    dependsOn:
+    - cilium
+  - name: node-exporter
+    version: 1.19.0
+    dependsOn:
+    - kyverno
+  - name: observability-bundle
+    version: 1.3.4
+    dependsOn:
+    - coredns
+  - name: prometheus-blackbox-exporter
+    version: 0.4.1
+    dependsOn:
+    - prometheus-operator-crd
+  - name: security-bundle
+    version: 1.7.0
+    catalog: giantswarm
+    dependsOn:
+    - prometheus-operator-crd
+  - name: teleport-kube-agent
+    version: 0.9.0
+  - name: vertical-pod-autoscaler
+    version: 5.2.2
+    dependsOn:
+    - prometheus-operator-crd
+  - name: vertical-pod-autoscaler-crd
+    version: 3.1.0
+  components:
+  - name: cluster-aws
+    catalog: cluster
+    version: 1.1.0
+  - name: flatcar
+    version: 3815.2.5 # CVEs OpenSSH fixed
+  - name: flatcar-variant
+    version: 1.0.0
+  - name: kubernetes
+    version: 1.25.16
+  date: "2024-07-03T18:00:00Z"
+  state: active