Prerelease v1.28.2-rc.1

Kubernetes Fury Distribution Release v1.28.2

Welcome to KFD release v1.28.2.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.28.1

Installer Updates

• on-premises 📦 installer: v1.29.3-rev.2
  • Added support for HAProxy monitoring
  • Added support for containerd mirror without authentication
  • Fixed OIDC override settings for the APIserver
• eks 📦 installer: v3.1.2
  • Introduced iam role name override
  • Added volume_type variable for node pools

Module updates

• monitoring 📦 core module: v3.2.0
  • mimir: set unlimited max_global_series_per_user
  • haproxy: add rules and dashboard
  • prometheus-operated: enable scrapeConfigs
  • grafana: use dynamic datasource in fury-cluster-overview dashboard
• logging 📦 core module: v3.4.1
  • fix: keep k8s labels for ingress-flow
• ingress 📦 core module: v2.3.2
  • fix: prometheus rule on nginx to check certificate expiration
• auth 📦 core module: v0.3.0
  • gangplank: update to v1.1.0
  • dex: add custom Fury branding
• aws 📦 module: v4.2.1
  • added override on the names of the IAM roles in the terraform modules

New features 🌟

• Certificates renewal command: Added to the OnPremises provider a command on furyctl to renew all the cluster certificates: furyctl renew certificates.
• DR configurable schedules: Now the cron for the velero schedules on the DR module can be changed, they can also be disabled altogether. An example configuration:

  ...
      dr:
        velero:
          schedules:
            install: true
            cron:
              manifests: "*/15 * * * *"
              full: "0 1 * * *"
  ...

• PKI can now be generated with furyctl: Added a command on furyctl to generate the PKI needed for the OnPremises provider: furyctl create pki.
• New hubble ingress: By default, when using Cilium, an ingress for the Hubble component will be deployed.
• Prometheus Agent mode: The Agent mode optimizes Prometheus for the remote write use case. It disables querying, alerting, and local storage, and replaces it with a customized TSDB WAL. Everything else stays the same: scraping logic, service discovery and related configuration. It can be used as a drop-in replacement for Prometheus if you want to just forward your data to a remote Prometheus server or any other Remote-Write-compliant project. See more information on the PR.
• Log type customOutputs: This is a set of changes that introduce a new customOutputs logging type that allows configuring the Logging stack to ship the logs to a custom (remote or not) server instead of sending them to a local OpenSearch or Loki deployment. See more information on the PR.
• Improved SSO configurations: With auth provider type SSO, Pomerium and Grafana integration is now enhanced by disabling Grafana's basic auth when Pomerium authentication is active. Pomerium configuration now includes under .spec.distribution.modules.auth.pomerium a routes field to allow custom routes, a defaultRoutesPolicy field to allow customization of the policies for default routes, and a SIGNING_KEY under secrets. New Grafana settings under .spec.distribution.modules.monitoring.grafana include usersRoleAttributePath to use JMESPath expressions for role mapping and basicAuthIngress to reactivate basic auth on a different ingress. An example configuration:

  ...
        monitoring:
          grafana:
            usersRoleAttributePath: contains(groups[*], 'editor') && 'Editor' || contains(groups[*], 'viewer') && 'Viewer'
            basicAuthIngress: false
        auth:
          pomerium:
            secrets:
              COOKIE_SECRET: xxxx
              IDP_CLIENT_SECRET: xxxx
              SHARED_SECRET: xxxx
              SIGNING_KEY: xxxx
            defaultRoutesPolicy:
              grafana:
                - allow:
                  and:
                    - authenticated_user: true
              prometheus:
                - allow:
                  and:
                    - authenticated_user: true
              alertmanager:
                - allow:
                  and:
                    - authenticated_user: true
            routes:
              - from: https://some-url.ext
                to: http://service.namespace.svc.cluster.local
  ...

• Forecastle grouping when SSO enabled: Now, when using auth provider sso, forecastle will group the ingresses based on a logical grouping instead of using the namespace.
• Embedded yaml language server directive on default configs: Now, when creating a project from scratch generating a new furyctl.yaml file, a line containing the yaml-language-server directive will be added to make vscode and similar IDEs to validate the schema, and autocomplete fields.
• volume_type on EKSCluster provider: Now the volume_type can be choosen while using the EKSCluster provider on the node pools.
• EKSCluster cluster name length and iam role name override: Increased the maximum cluster name length from 19 to 56 characters and added the ability to override the IAM role names on the EKSCluster provider for the clusterAutoscaler, ebsCsiDriver and loadBalancerController modules under the respective keys .spec.distribution.modules.aws.clusterAutoscaler.overrides.iamRoleName, .spec.distribution.modules.aws.ebsCsiDriver.overrides.iamRoleName and .spec.distribution.modules.aws.loadBalancerController.overrides.iamRoleName.

Fixes 🐞

• DR module selectors: Now the common node selector and tolerations are honored on velero and minio deployment for the DR module.
• OIDC advanced parameters: Now the oidc advanced parameter are all fixed and working.
• Websocket support with SSO: The websocket of the applications behind ingresses protected by pomerium are now working.

Breaking changes 💔

• SIGNING_KEY required on pomerium: While using auth provider type SSO, the pomerium key SIGNING_KEY is now required. See more informations here.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.29.1

Kubernetes Fury Distribution Release v1.29.1

Welcome to KFD release v1.29.1.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.29.0

Installer Updates

• on-premises 📦 installer: v1.29.3-rev.1
  • Added support for airgap installations.

New features 🌟

• New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
  You can adjust the parameters using .spec.kubernetes.advanced.airGap: <object>. An example configuration is:

spec:
  kubernetes:
    advanced:
      airGap:
        containerdDownloadUrl: **url-to-containerd**
        runcDownloadUrl: **url-to-runc**
        runcChecksum: sha256: **runc-checksum**
        etcdDownloadUrl: **url-to-etcd**
        dependenciesOverride:
          apt:
            name: k8s-1.27
            repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
            gpg_key: **url-to-gpg-key**
            gpg_key_id: **gpg-key-id**
          yum:
            name: k8s-1.27
            repo: **yum-repo-url**
            gpg_key: **url-to-gpg-key**
            gpg_key_check: true
            repo_gpg_check: true

• New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using .spec.kubernetes.advancedAnsible.pythonInterpreter: <string>:

spec:
  kubernetes:
    advancedAnsible:
      pythonInterpreter: python3

Fixes 🐞

• Pomerium Logs: set log level to info by default, instead of debug.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.28.1

Kubernetes Fury Distribution Release v1.28.1

Welcome to KFD release v1.28.1.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.28.0

Core Module Updates

• networking 📦 core module: v1.17.0
  • Updated calico to 3.27.3.
  • Updated tigera operator to 1.32.7.

Installer Updates

• on-premises 📦 installer: v1.29.3-rev.1
  • Added support for airgap installations.

New features 🌟

• New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
  You can adjust the parameters using .spec.kubernetes.advanced.airGap: <object>. An example configuration is:

spec:
  kubernetes:
    advanced:
      airGap:
        containerdDownloadUrl: **url-to-containerd**
        runcDownloadUrl: **url-to-runc**
        runcChecksum: sha256: **runc-checksum**
        etcdDownloadUrl: **url-to-etcd**
        dependenciesOverride:
          apt:
            name: k8s-1.27
            repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
            gpg_key: **url-to-gpg-key**
            gpg_key_id: **gpg-key-id**
          yum:
            name: k8s-1.27
            repo: **yum-repo-url**
            gpg_key: **url-to-gpg-key**
            gpg_key_check: true
            repo_gpg_check: true

• New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using .spec.kubernetes.advancedAnsible.pythonInterpreter: <string>:

spec:
  kubernetes:
    advancedAnsible:
      pythonInterpreter: python3

Fixes 🐞

• Pomerium Logs: set log level to info by default, instead of debug.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.27.6

Kubernetes Fury Distribution Release v1.27.6

Welcome to KFD release v1.27.6.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.5

Core Module Updates

• networking 📦 core module: v1.17.0
  • Updated calico to 3.27.3.
  • Updated tigera operator to 1.32.7.

Installer Updates

• on-premises 📦 installer: v1.29.3-rev.1
  • Added support for airgap installations.

New features 🌟

• New Airgap support: This version introduces a feature for the OnPremises provider that allows installing the distribution in air-gapped environments.
  You can adjust the parameters using .spec.kubernetes.advanced.airGap: <object>. An example configuration is:

spec:
  kubernetes:
    advanced:
      airGap:
        containerdDownloadUrl: **url-to-containerd**
        runcDownloadUrl: **url-to-runc**
        runcChecksum: sha256: **runc-checksum**
        etcdDownloadUrl: **url-to-etcd**
        dependenciesOverride:
          apt:
            name: k8s-1.27
            repo: ** example deb https://pkgs.k8s.io/core:/stable:/v1.27/deb/ /**
            gpg_key: **url-to-gpg-key**
            gpg_key_id: **gpg-key-id**
          yum:
            name: k8s-1.27
            repo: **yum-repo-url**
            gpg_key: **url-to-gpg-key**
            gpg_key_check: true
            repo_gpg_check: true

• New field to specify python interpreter: This version introduces a new field to specify the python interpreter to be used by the ansible playbooks. You can adjust the parameter using .spec.kubernetes.advancedAnsible.pythonInterpreter: <string>:

spec:
  kubernetes:
    advancedAnsible:
      pythonInterpreter: python3

Fixes 🐞

• Pomerium Logs: set log level to info by default, instead of debug.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Prerelease v1.27.6-rc.0

Kubernetes Fury Distribution Release v1.27.6

Welcome to KFD release v1.27.6.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.5

This is a maintenance release with focus on improving the overall stability of the distribution:

• Added air gap support to OnPremises kind.
• Updated on-premises installer to version v1.29.3-rev.1-rc.0 to support the new air gap variables.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.29.0

Kubernetes Fury Distribution Release v1.29.0

Welcome to KFD release v1.29.0.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

This release adds compatibility with Kubernetes 1.29.

New Features since v1.28.0

Core Module Updates

• networking 📦 core module: v1.17.0
  • Updated calico to 3.27.3.
  • Updated tigera operator to 1.32.7.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.28.0

Kubernetes Fury Distribution Release v1.28.0

Welcome to KFD release v1.28.0.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

This release adds compatibility with Kubernetes 1.28.

New Features since v1.27.4

Core Module Updates

• networking 📦 core module: v1.16.0
  • Updated calico to 3.27.0.
  • Updated tigera operator to 1.32.3.
  • Updated cilium to 1.15.2.
• monitoring 📦 core module: v3.1.0
  • Updated thanos to v0.34.0.
  • Updated x509-exporter to v3.12.0.
  • Updated mimir to v2.11.0.
  • Updated minio-ha to RELEASE.2024-02-09T21-25-16Z.
• logging 📦 core module: v3.4.0
  • Removed cerebro.
  • Updated opensearch to 2.12.0.
  • Updated opensearch-dashboards to 2.12.0.
  • Updated logging-operator to 4.5.6.
• ingress 📦 core module: v2.3.0
  • Updated cert-manager to 1.14.2.
  • Updated external-dns to 0.14.0.
  • Updated forecastle to 1.0.136.
  • Updated nginx to 1.9.6.
• dr 📦 core module: v2.3.0
  • Updated velero to 1.13.0.
  • Updated all plugins to 1.9.0.
• OPA 📦 core module: v1.12.0
  • Updated gatekeeper to 3.15.1.
  • Updated gatekeeper-policy-manager to 1.0.10.
  • Updated kyverno to 1.11.4.
• auth 📦 core module: v0.2.0
  • Updated dex to 2.38.0.
  • Updated pomerium to 0.25.0.
• tracing 📦 core module: v1.0.3

Please refer the individual release notes for detailed information.

New features 🌟

This release add the following features:

• New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the encryption-provider-config parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using .spec.kubernetes.advanced.encryption.configuration: <string> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:

  apiVersion: apiserver.config.k8s.io/v1
  kind: EncryptionConfiguration
  resources:
    - resources:
      - secrets
      providers:
      - aescbc:
          keys:
          - name: key1
            # example base64 encode of "passwordpassword"
            secret: cGFzc3dvcmRwYXNzd29yZAo=
      # fallback to read non encrypted secrets
      - identity: {}

• New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added, .spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters, along with a manual restart of the ETCD service).

• Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:

  spec:
    distribution:
      customPatches:
        images:
          - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator
            newName: quay.io/prometheus-operator/prometheus-operator
            newTag: latest

• Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label node-role.kubernetes.io/{{ node_role }}= has been added.

• Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.

• Additional Static Clients on DEX: A new parameter, additionalStaticClients, on DEX configuration can now be configured:

  spec:
    distribution:
      modules:
        auth:
          dex: 
            connectors:
              - type: ldap
                ...
            additionalStaticClients:
              - id: test
                redirectURIs:
                  - https://argocd.test/auth/callback
                  - https://argocd.test/auth/login
                name: 'ArgoCD Login'
                secret: XXXXXX

Fixes

• Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
• Mimir max_global_series_per_user to Unlimited: We changed the default value of max_global_series_per_user to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.

Removals 🗑️

• Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.27.5

Kubernetes Fury Distribution Release v1.27.5

Welcome to KFD release v1.27.5.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.4

Core Module Updates

• networking 📦 core module: v1.16.0
  • Updated calico to 3.27.0.
  • Updated tigera operator to 1.32.3.
  • Updated cilium to 1.15.2.
• monitoring 📦 core module: v3.1.0
  • Updated thanos to v0.34.0.
  • Updated x509-exporter to v3.12.0.
  • Updated mimir to v2.11.0.
  • Updated minio-ha to RELEASE.2024-02-09T21-25-16Z.
• logging 📦 core module: v3.4.0
  • Removed cerebro.
  • Updated opensearch to 2.12.0.
  • Updated opensearch-dashboards to 2.12.0.
  • Updated logging-operator to 4.5.6.
• ingress 📦 core module: v2.3.0
  • Updated cert-manager to 1.14.2.
  • Updated external-dns to 0.14.0.
  • Updated forecastle to 1.0.136.
  • Updated nginx to 1.9.6.
• dr 📦 core module: v2.3.0
  • Updated velero to 1.13.0.
  • Updated all plugins to 1.9.0.
• OPA 📦 core module: v1.12.0
  • Updated gatekeeper to 3.15.1.
  • Updated gatekeeper-policy-manager to 1.0.10.
  • Updated kyverno to 1.11.4.
• auth 📦 core module: v0.2.0
  • Updated dex to 2.38.0.
  • Updated pomerium to 0.25.0.
• tracing 📦 core module: v1.0.3

Please refer the individual release notes for detailed information.

New features 🌟

This release add the following features:

• New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the encryption-provider-config parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using .spec.kubernetes.advanced.encryption.configuration: <string> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:

  apiVersion: apiserver.config.k8s.io/v1
  kind: EncryptionConfiguration
  resources:
    - resources:
      - secrets
      providers:
      - aescbc:
          keys:
          - name: key1
            # example base64 encode of "passwordpassword"
            secret: cGFzc3dvcmRwYXNzd29yZAo=
      # fallback to read non encrypted secrets
      - identity: {}

• New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added, .spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters, along with a manual restart of the ETCD service).

• Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:

  spec:
    distribution:
      customPatches:
        images:
          - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator
            newName: quay.io/prometheus-operator/prometheus-operator
            newTag: latest

• Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label node-role.kubernetes.io/{{ node_role }}= has been added.

• Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.

• Additional Static Clients on DEX: A new parameter, additionalStaticClients, on DEX configuration can now be configured:

  spec:
    distribution:
      modules:
        auth:
          dex: 
            connectors:
              - type: ldap
                ...
            additionalStaticClients:
              - id: test
                redirectURIs:
                  - https://argocd.test/auth/callback
                  - https://argocd.test/auth/login
                name: 'ArgoCD Login'
                secret: XXXXXX

Fixes

• Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
• Mimir max_global_series_per_user to Unlimited: We changed the default value of max_global_series_per_user to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.

Removals 🗑️

• Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.26.6

Kubernetes Fury Distribution Release v1.26.6

Welcome to KFD release v1.26.6.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.26.5

Core Module Updates

• networking 📦 core module: v1.16.0
  • Updated calico to 3.27.0.
  • Updated tigera operator to 1.32.3.
  • Updated cilium to 1.15.2.
• monitoring 📦 core module: v3.1.0
  • Updated thanos to v0.34.0.
  • Updated x509-exporter to v3.12.0.
  • Updated mimir to v2.11.0.
  • Updated minio-ha to RELEASE.2024-02-09T21-25-16Z.
• logging 📦 core module: v3.4.0
  • Removed cerebro.
  • Updated opensearch to 2.12.0.
  • Updated opensearch-dashboards to 2.12.0.
  • Updated logging-operator to 4.5.6.
• ingress 📦 core module: v2.3.0
  • Updated cert-manager to 1.14.2.
  • Updated external-dns to 0.14.0.
  • Updated forecastle to 1.0.136.
  • Updated nginx to 1.9.6.
• dr 📦 core module: v2.3.0
  • Updated velero to 1.13.0.
  • Updated all plugins to 1.9.0.
• OPA 📦 core module: v1.12.0
  • Updated gatekeeper to 3.15.1.
  • Updated gatekeeper-policy-manager to 1.0.10.
  • Updated kyverno to 1.11.4.
• auth 📦 core module: v0.2.0
  • Updated dex to 2.38.0.
  • Updated pomerium to 0.25.0.
• tracing 📦 core module: v1.0.3

Please refer the individual release notes for detailed information.

New features 🌟

This release add the following features:

• New Encryption Feature on ETCD: This version introduces a feature for the OnPremises provider that allows inserting the encryption-provider-config parameter into the API server to enable encryption within the ETCD database. You can adjust the parameter using .spec.kubernetes.advanced.encryption.configuration: <string> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters). An example configuration to encrypt new secrets with fallback to plaintext is:

  apiVersion: apiserver.config.k8s.io/v1
  kind: EncryptionConfiguration
  resources:
    - resources:
      - secrets
      providers:
      - aescbc:
          keys:
          - name: key1
            # example base64 encode of "passwordpassword"
            secret: cGFzc3dvcmRwYXNzd29yZAo=
      # fallback to read non encrypted secrets
      - identity: {}

• New Encryption Parameters to Change TLS Cipher Suites in ETCD and API Server: A new parameter to customize the TLS cipher suites available in the API server and ETCD service has been added, .spec.kubernetes.advanced.encryption.tlsCipherSuites: <array of strings> (NOTE: For existing clusters, manual execution of the command kubeadm upgrade apply --config /etc/kubernetes/kubeadm.yml is required on all masters, along with a manual restart of the ETCD service).

• Image Directive on CustomPatches on All Providers: With this release, we added the possibility to customize the image using the following configuration:

  spec:
    distribution:
      customPatches:
        images:
          - name: registry.sighup.io/fury/prometheus-operator/prometheus-operator
            newName: quay.io/prometheus-operator/prometheus-operator
            newTag: latest

• Auto Role Setting on Workers for the OnPremises Provider: Automatic labeling of worker nodes with their name in the privileged label node-role.kubernetes.io/{{ node_role }}= has been added.

• Replaced Gangway with Gangplank: We created a fork, Gangplank, of the open-source Gangway project archived by VMware. This new fork updates all dependencies and revamps the UI.

• Additional Static Clients on DEX: A new parameter, additionalStaticClients, on DEX configuration can now be configured:

  spec:
    distribution:
      modules:
        auth:
          dex: 
            connectors:
              - type: ldap
                ...
            additionalStaticClients:
              - id: test
                redirectURIs:
                  - https://argocd.test/auth/callback
                  - https://argocd.test/auth/login
                name: 'ArgoCD Login'
                secret: XXXXXX

Fixes

• Mimir Tolerations and Selectors: Tolerations and selectors on the Mimir deployment were not being honored.
• Mimir max_global_series_per_user to Unlimited: We changed the default value of max_global_series_per_user to unlimited since Mimir, after the cluster was up and running for a while, was rejecting metrics from Prometheus.

Removals 🗑️

• Removed Cerebro: Cerebro is an unmaintained open-source project. Due to security reasons, we decided to remove it from the logging module without replacement.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Release v1.27.4

Kubernetes Fury Distribution Release v1.27.4

Welcome to KFD release v1.27.4.

The distribution is maintained with ❤️ by the team SIGHUP it is battle tested in production environments.

New Features since v1.27.3

This is a maintenance release with focus on improving the overall stability of the distribution:

• Added additionalStaticClients configuration on dex options.

Upgrade procedure

Check the upgrade docs for the detailed procedure.

Furyctl compatibility

Check Furyctl repository for more informations.