v0.8.0

🎉 Acorn v0.8.0 is now available! 🎉

The release focuses largely on improvements to existing functionality and stability. Check out the “What’s Changed” section below for a detailed list of fixes and enhancements.

New Features

CLI UX Improvements - We've reworked the output for many cli commands to be more intuitive and user-friendly.

Jobs Command - We've introduced the acorn jobs subcommand to give you the ability to list and restart acorn jobs. Run acorn jobs --help for more details.

Copy Command - We've introduced the acorn copy command to give you the ability to copy acorn images between remote registries. Run acorn copy --help for more details.

Custom metrics configuration - You can now define a metrics configuration for each of you containers. This will result in prometheus scrape annotations getting added to your workloads. Details here.

Depot.dev integration - Experimental support for using depot.dev to build acorn images. Details here.

Internal registry enhancements - Acorn's in-cluster registry is now backed by a persistent volume, allowing it to now survive upgrades and re-installs.

Known Issues and Considerations

While we've tested basic upgrade scenarios, upgrades won't be fully support until the projact reaches v1.0. The most predictable path forward is to do a clean install rather than try to upgrade. We've identified the following upgrade-related issues in this release:

• Because we've changed the in-cluster registry to be backed by a persistent volume, existing in-cluster acorn images will be lost on upgrade. You should publish any local acorn images to an external registry such as ghcr.io. This also results in the inability to stop running acorns that were deployed using a local image (or directly from an Acornfile). You can still delete those apps.
• This release is not backwards compatible. You must use a v0.8+ acorn cli to interact with a v0.8+ acorn server and a v0.8+ cli will not work properly with older versions of acorn server.

We've made the following change's to functionality:

• We've disabled network-policy integration by default. This isolated projects from each other. If you want that functionality, you must turn it on explicitly during installation.
• We've removed the ability for acorn to automatically provision Let's Encrypt certificates for custom domains. You should use a tool like cert-manager instead. Note: we still provision certs for acorn-provided FDQNs. This change only applies to custom domains.
• The targetNamespace field has been dropped from the App resource.

What's Changed

• Fix acorn update so that it won't unexpectedly change the app image (#1738) by @g-linville in #1789
• Clarify project update validation message by @njhale in #1797
• Disable NetworkPolicies by default by @g-linville in #1785
• Update NetworkPolicy docs with new defaults info by @g-linville in #1801
• Remove direct lasso dependency by @ibuildthecloud in #1792
• Ensure logs -c CONTAINER_NAME only matches valid sidecars by @ibuildthecloud in #1793
• Update login command to not suggest a broken command by @tylerslaton in #1645
• Consistent json/yaml output no types by @ibuildthecloud in #1806
• Add readiness probe to acorn-controller by @thedadams in #1783
• Bump k3s to 1.27 in CI by @g-linville in #1804
• Put project region information on status by @thedadams in #1791
• Drop built-in http01 challenge, use cert-manager to issue certs for custom domain by @StrongMonkey in #1800
• Add support for metrics in containers and jobs (#830) by @g-linville in #1758
• Don't renew certs if no domain is set by @StrongMonkey in #1814
• Ensure that resource definition is completely stored in ETCD (#1744) by @thedadams in #1810
• Fix image interpolation for IDs that already contain the digest by @g-linville in #1816
• Split make test target by @njhale in #1820
• Add CPU/Memory request/limits and PriorityClasses for system components by @tylerslaton in #1811
• Refactor Resources struct and its helper functions by @tylerslaton in #1799
• Generalize event TTL logic by @njhale in #1822
• Up the memory/cpu req/limits by @tylerslaton in #1825
• Fix issue with TestJobDelete by @tylerslaton in #1827
• Add ignore-cleanup flag to rm command (#1753) by @thedadams in #1818
• Fix EKS test to actually run tests by @tylerslaton in #1829
• Add docs for metrics (#830) by @g-linville in #1830
• Use AppInstance instead of App for app subresouces that update (#1753) by @thedadams in #1828
• Raise builder limit even further by @tylerslaton in #1831
• Add PriorityClass support to ComputeClasses by @tylerslaton in #1815
• Rename to acorn-io/runtime by @thedadams in #1824
• Change goreleaser binary to acorn by @thedadams in #1837
• Ensure brew install is still acorn by @thedadams in #1840
• fix: cleanup acorn secrets reveal and general non-table output (#1812) by @iwilltry42 in #1833
• Prevent Acorn from assuming Docker Hub for auto-upgrade apps with no specified registry (#1427) by @g-linville in #1823
• Replace deprecated goreleaser flag by @njhale in #1841
• Don't hide inactive top level acorn by @ibuildthecloud in #1794
• Fix build cache issues by @ibuildthecloud in #1807
• fix: handle "image not allowed error" for both run and update (#1712) by @iwilltry42 in #1835
• Update mac-main-release to use BuildJet by @tylerslaton in #1852
• Add sudo to notarize script commands by @tylerslaton in #1856
• Temporarily disable signing and notarization for main releases by @tylerslaton in #1857
• Return early in notarize script temporarily by @tylerslaton in #1858
• Rename hub to manager by @thedadams in #1848
• Improve container port deduplication by @g-linville in #1847
• Add support for filtering events by source (#1802) by @njhale in #1846
• Update MacOS notarization to use app store connect API key by @tylerslaton in #1860
• Fix GenericMap.DeepCopyInto (#1844) by @njhale in #1850
• Improve linking docs (#1536) by @g-linville in #1862
• Output short hash with acorn ps if the tag no longer exists on the image by @g-linville in #1859
• Add critical EventSeverity by @njhale in #1864
• Fix output of acorn apps to show image names properly for Nested and Service Acorns (#1774) by @g-linville in #1851
• Add sudo to cp in notarize script by @tylerslaton in #1870
• Ensure acorn-controller doesn't restart on fresh install (#1868) by @thedadams in #1869
• Increase overhead for DMG to 30 megabytes by @tylerslaton in #1872
• Fix MacOS release name after rename by @tylerslaton in #1874
• Rename event severity warn to error and rm critical by @njhale in #1873
• Add examples to acorn update --help by @g-linville in #1871
• Fix notarize script typo and add logs by @tylerslaton in #1877
• Add new secrets to env for goreleaser by @tylerslaton in #1879
• Fix acorn update so that deployArgs are properly updated (#1826) by @g-linville in #1876
• Allow acorn rm --ignore-cleanup on services (#1795) by @g-linville in #1878
• Don't return multiple default services by @ibuildthecloud in #1882
• Use loglevel to dynamically change logrus' log level during runtime (#752) by @g-linville in #1861
• Add info about the shared image registry by @g-linville in #1885
• Switch to use a zip instead of a DMG by @tylerslaton in #1880
• Autoupgrade fixes by @g-linville in #1845
• Add image granted permissions by @ibuildthecloud in #1890
• feat: Set defaults for empty basic secrets (#347) by @pratikjagrut in #1808
• Remove auto-upgrade from help that was erroneously added by @ibuildthecloud in #1891
• Add "completed" to the appStatus by @ibuildthecloud in #1895
• Wait for the service to be ready and delete by @thedadams in #1896
• Ensure that delete jobs run when projects are deleted (#1893) by @thedadams in #1886
• Make the project namespace check configurable by @thedadams in #1900
• Remove image lookups from acorn ps by @g-linville in #1888
• Add full project name and CLI default to the acorn project json output by @ibuildthecloud in #1899
• Fix regression in assigning devMode profile at runtime by @ibuildthecloud in #1901
• Don't assign permissions to projects managed by acorn identity by @ibuildthecloud in #1902
• Always set AutoUpgrade if it is implied (#1459) by @tylerslaton in #1881
• Add --profile and component resources flags by @tylerslaton in #1863
• Always return event details (#1906) by @njhale in #1908
• Add acorn copy command (#1809) by @g-linville in #1883
• add: ImageAllowRules Prompt for autoupgrade patterns (#1698) by @iwilltry42 in #1905
• Ensure uninstall even if the runtime is unable to process objects (#1909) by @thedadams in #1910
• Drop details flag from acorn events subcommand (#1906) by @njhale in #1913
• Use z for pointer literals by @njhale in #1912
• Use rcodesign's release page instead of cargo by @tylerslaton in #1915
• Switch to creating a single wildcard record per install by @tylerslaton in #1889
• Fix issue with DNS svc and Ingress not being created by @tylerslaton in #1916
• Use a public name strategy for volumes (#1892) by @g-linville in #1903
• Submit nightly eks tests to datadog by @tylerslaton in #1917
• Remove needs from datadog step by @tylerslaton in #1918
• Address more GHA yaml quirks by @tylerslaton in #1921
• Fix: Add image tag validation prior to building the image (#1875) by @pratikjagrut in #1894
• fix: supress unimportant error level log after abort singal(ctrl + c) by @pratikjagrut in #1922
• Use credentials when checking to see if an image is remote by @g-linville in #1923
• Remove custom event name validation by @njhale in #1924
• Add AutoUpgrade status field to replace API Server validation by @tylerslaton in #1925
• Add updatepsa to acorn-system to be compatible with Rancher by @ibuildthecloud in #1928
• Add server-side defaults for event fields by @njhale in #1927
• Enable filtering acorn events output to a given time span by @njhale in #1920
• Bump z by @njhale in #1933
• Remove -A from almost all commands (#1897) by @g-linville in #1907
• Fix bad handshake by @tylerslaton in #1935
• Add support for multiple build contexts in Dockerfile builds by @ibuildthecloud in #1938
• Add client-side defaulting for event actor by @njhale in #1937
• Fix test flake when project doesn't support region by @thedadams in #1939
• Add top-level app field to events by @njhale in #1932
• Fix a possible panic from occuring in buildclient.Stream by @tylerslaton in #1941
• Rename event source to "resource" by @njhale in #1930
• Add an init function for logserver by @g-linville in #1943
• Stop using init package for logserver by @g-linville in #1946
• Error early if manager token has already been used by @tylerslaton in #1914
• Disable CNAME lookup during DNS-01 challenge by @ibuildthecloud in #1947
• Add the hidden acorn install --dev flag by @ibuildthecloud in #1948
• Change logserver to only print an error log if it fails by @g-linville in #1944
• Respect -j when -A is also specified (acorn ps) (#1897) by @g-linville in #1945
• Stop waiting for credentials forever by @thedadams in #1931
• Update kubernetes packages to v0.27.3 by @renovate in #1853
• Update golang by @renovate in #887
• Add @{acorn.externalID} by @ibuildthecloud in #1929
• Stop setting original image annotation on auto-upgrade apps (#1774) by @g-linville in #1953
• Fix RBAC and local image resolution for acorn copy by @g-linville in #1950
• Fix secret binding to support public names (#1472) by @g-linville in #1940
• Add hidden kube command by @ibuildthecloud in #1958
• Bump aml dependency by @ibuildthecloud in #1959
• Refactor rm by @ibuildthecloud in #1962
• Let job fail three times before breaking the watch in acorn run by @g-linville in #1960
• Change ps output to have the git commit and auto upgrade setting by @ibuildthecloud in #1963
• Fix openapi schema generation for event fields by @njhale in #1961
• fix: properly translate acorn run/update errors (#1698 + #1712) by @iwilltry42 in #1964
• change: make acorn exec -c flag work for jobs and sidecars as well (#1798) by @iwilltry42 in #1965
• Change default auto-upgrade interval to 1m by @cjellick in #1926
• Add default context to CLI config by @ibuildthecloud in #1967
• Introduce a login retry when a user's token is expired by @thedadams in #1955
• Add create perms for events to edit role by @njhale in #1971
• Only implicity set default context for default manager address by @ibuildthecloud in #1972
• Remove pod CIDR restrictions from NetPols for published TCP ports by @g-linville in #1975
• Add TCP protocol to published UDP ports for healthchecks to pass by @g-linville in #1978
• Fix volume class determination when binding an existing volume by @g-linville in #1966
• Check for production acorn dns serves by @StrongMonkey in #1980
• Fix setting LEGO_DISABLE_CNAME_SUPPORT during install by @ibuildthecloud in #1981
• Fix parsing for event time bounds (#1805) by @njhale in #1983
• Fix regression causing event tail option to be ignored by @njhale in #1982
• expand testing on acorn run input edge cases (#1942) by @keyallis in #1977
• Wait for all parent apps to be deleted before deleting children by @thedadams in #1979
• Bump baaah for multi-client support by @thedadams in #1973
• Break validate, unit and integration tests into seperate jobs by @tylerslaton in #1936
• Don't require an API connection for render on a file by @ibuildthecloud in #1990
• Remove non-HTTP ports from ExternalName Services by @g-linville in #1991
• fix: properly handle image-not-allowed errors for normal tags and autoupgrade patterns (#1698 + #1970 + #1409) by @iwilltry42 in #1984
• change: if default storage class exists use 10Gi PVC for registry (#1974) by @iwilltry42 in #1985
• Add an optional ServiceName field to event schema by @njhale in #1987
• Nested acorn validation support for acorn update --confirm-upgrade (#1726) by @keyallis in #1995
• Use buildjet's cache for Golang dependencies by @tylerslaton in #1994
• Adjust validation for new project paradigms by @thedadams in #1997
• acorn log works through deletion period (#1887) by @keyallis in #1998
• Redact sensitive info before logging build messages by @njhale in #2003
• Update Fits logic with Unlimited and fix bug with comparison logic of resources by @tylerslaton in #2004
• Add external aliasas for internal runtime event helper types by @njhale in #2005
• Adjust image lookup logic to deal with more dynamic situations by @ibuildthecloud in #2001
• Update auto-upgrade logic to have less assumptions by @tylerslaton in #2002
• Fix image lookup logic by @ibuildthecloud in #2009
• Propagate ports from main container service to additional services for the same container by @g-linville in #2006
• add: Sign and Verify Images from the CLI (#2043) by @iwilltry42 in #1796
• Pass proper profiles when looking up the image details by @ibuildthecloud in #2012
• Bump mink dependency by @g-linville in #2011
• Revert a very Istio-specific fix that does not behave very well by @g-linville in #2015
• Bump mink dependency by @g-linville in #2016
• Add name, description, readme, info fields by @ibuildthecloud in #1999
• ECR is returning 401 when would expect 404 by @ibuildthecloud in #2019
• Don't send index.docker.io auth for local image references by @ibuildthecloud in #2020
• Move log message to debug by @ibuildthecloud in #2021
• Store icon with suffix in acorn image by @ibuildthecloud in #2025
• Make devsession region specific for cleanup to work properly by @ibuildthecloud in #2024
• Stop recording events on app image pull (#2032) by @njhale in #2032
• change: properly use local auth when signing/verifying images and getting signatures in imagedetails by @iwilltry42 in #2027
• Add Cilium proxy visibility annotations to pods by @g-linville in #2034
• Fix validation error message to be more specific by @ibuildthecloud in #2035
• Revert "Add Cilium proxy visibility annotations to pods (#2034)" by @thedadams in #2036
• Allow create of app with no name to do generated name by @ibuildthecloud in #2040
• Ensure proper deletion of child apps that have child apps by @thedadams in #2037
• Add imageName to ImageDetail command to support wildcards by @ibuildthecloud in #2041
• Add "acorn dashboard" command by @ibuildthecloud in #2038
• Add copy of the corev1.Container/ContainerStatus to ContainerReplica by @ibuildthecloud in #2039
• Add soft cap for events (#1709) by @njhale in #2033
• Add consumer permissions by @ibuildthecloud in #2042
• Suppress acorn not installed warnings when listing projects by @keyallis in #2030
• Add --region to kube command by @ibuildthecloud in #2046
• Add -w to acorn kube to write kubeconfig to a file by @ibuildthecloud in #2049
• Remove reference .dev-kubeconfig by @ibuildthecloud in #2050
• Switch to new hello world image in docs by @cjellick in #2048
• Upload brew pre-releases temporarily by @cjellick in #2051
• Add config file location to client info by @cjellick in #1884
• Add qemu setup to release workflow by @cjellick in #2052
• Add back cosign.pub by @cjellick in #2053
• Make checkSARs idempotent by @ibuildthecloud in #2054
• Add debug logging to buildx action by @cjellick in #2055
• Pretty up status messages by @ibuildthecloud in #2056
• Handle image parse error by @ibuildthecloud in #2057
• send eks nightly failures to both ci-reports and engineering channels by @keyallis in #2047
• Add name to all resources in acornfile by @ibuildthecloud in #2058
• Take the default context into account when printing project information by @thedadams in #2060
• fix docs code block formatting by @keyallis in #2045
• fix: require images scope in IARs by @iwilltry42 in #2062
• Print local credential usage after builds (#2068) by @njhale in #2070
• Export function for object existence in a project region by @thedadams in #2044
• Add account id and project name as labels on pods by @ibuildthecloud in #2065
• Rename quota-allocated condition to be just quota by @tylerslaton in #2023
• Render project name with default context for every project output by @thedadams in #2071
• Add the ability to set the log level at startup (#2072) by @thedadams in #2073
• Add jobs command and jobs restart subcommand by @tylerslaton in #2022
• update workflow runner version to latest ubuntu supported by @keyallis in #2077
• Fix propagation of AWS permission for service consumer permissions by @ibuildthecloud in #2078
• chore: remove release jobs from repo by @drpebcak in #2083
• Use AppInstance type instead of App for get/list of Jobs by @tylerslaton in #2076
• Remove confusing "SIGN: 0" code by @tylerslaton in #2075
• Stop printing stack traces when buildkitd pod is deleted (#2081) by @thedadams in #2087
• Fix status messages for external secrets and services by @ibuildthecloud in #2079
• Bump baaah for klog/logrus integration by @ibuildthecloud in #2094
• Add a global acorn config option by @njhale in #2086
• Fix login/logout default and dashboard for beta by @ibuildthecloud in #2098
• Remove "remote images" by @ibuildthecloud in #2084
• Ensure image is always created, not just on change by @ibuildthecloud in #2100
• change: Improve Usage of ImageAllowRules (#2067 + #2064 + #2069) by @iwilltry42 in #2074
• fix/regression: don't rely on deprecated image.Remote when pruning signatures by @iwilltry42 in #2103
• Depot integration by @ibuildthecloud in #2105
• Add 409 conflict retry in subresource by @ibuildthecloud in #2107
• add: translate registry unauthorized error when running a private image (#2101) by @iwilltry42 in #2102
• Change: verification key reference should default to acorn:// if it's not a file by @iwilltry42 in #2112
• Don't print not found errors on event truncate by @njhale in #2097
• add: support OpenSSH format private keys for signing (#2063) by @iwilltry42 in #2088
• Add install opt to set annotations on acorn-api pods by @njhale in #2114
• Fix app info for top level acorns by @ibuildthecloud in #2117
• Improve acorn copy and move all code to CLI (#2096) by @g-linville in #2116
• Improve help and error messages for acorn copy (#2119) by @g-linville in #2120
• Hide image verify/sign subcommands and hide -s, -k, -a push flags by @tylerslaton in #2123
• Remove targetNamespace option by @tylerslaton in #2124
• Add class and mem to services and acorns by @ibuildthecloud in #2127
• Enable notarization for MacOS releases again by @tylerslaton in #2104
• Migrate legacy project namespaces (#2130) by @thedadams in #2132
• Remove looking up credentials from docker by @ibuildthecloud in #2131
• Pass through necessary env vars to .gorleaser.yml by @tylerslaton in #2134
• Switch from .dmg to .zip for extra release files by @tylerslaton in #2135
• Add --quiet to install by @cjellick in #2138
• Only include MacOS zip by @tylerslaton in #2136

New Contributors

• @pratikjagrut made their first contribution in #1808
• @keyallis made their first contribution in #1977

Full Changelog: v0.7.1...v0.8.0