Port 0.42.0 (#2359)

Co-authored-by: anders-elastisys <[email protected]> Co-authored-by: Fredrik Liv <[email protected]> Co-authored-by: anders-elastisys <[email protected]>
elastisys · Nov 28, 2024 · b1a8fc7 · b1a8fc7
1 parent 874485f
commit b1a8fc7
Show file tree

Hide file tree

Showing 8 changed files with 179 additions and 85 deletions.
diff --git a/.github/ISSUE_TEMPLATE/release.md b/.github/ISSUE_TEMPLATE/release.md
diff --git a/bin/diagnostics.bash b/bin/diagnostics.bash
@@ -64,10 +64,12 @@ if [ -z "${CK8S_PGP_FP:-}" ]; then
 
     echo -e "\tIf in doubt, contact [email protected]." 1>&2
 
-    log_warning_no_newline "Do you want to continue anyway? (y/N): "
-    read -r reply
-    if [[ ! "${reply}" =~ ^[yY]$ ]]; then
-        exit 1
+    if [[ "${CK8S_AUTO_APPROVE:-}" != true ]]; then
+        log_warning_no_newline "Do you want to continue anyway? (y/N): "
+        read -r reply
+        if [[ ! "${reply}" =~ ^[yY]$ ]]; then
+            exit 1
+        fi
     fi
 fi
 

diff --git a/changelog/0.42.md b/changelog/0.42.md
@@ -0,0 +1,78 @@
+# v0.42.0
+
+Released 2024-10-30
+
+> [!WARNING]
+> **Security Notice(s)**
+>
+> - Fixes [cve-2024-8118](https://grafana.com/blog/2024/09/26/grafana-security-release-medium-severity-fix-for-cve-2024-8118/)
+<!-- -->
+> [!IMPORTANT]
+> **Platform Administrator Notice(s)**
+>
+> - Add support for using predefined IP for the Load Balancer .
+> - The default network policies for cert-manager has changed in `dev` and `prod` flavours allowing all egress traffic on `53/tcp`, `53/udp`, `80/tcp`, and `443/tcp` to provide a better certificate management experience for application developers.
+<!-- -->
+> [!NOTE]
+> **Application Developer Notice(s)**
+>
+> - Angular plugins for Grafana dashboards are no longer supported by default. Please migrate any dashboards that contain panels that use Angular plugins (see [here](https://grafana.com/docs/grafana/latest/developers/angular_deprecation/) for more information).
+> - The default network policies for cert-manager has changed in `dev` and `prod` flavours allowing it to use most DNS-01 resolvers by default, and improving the experience when debugging HTTP-01 challenges.
+
+## Release highlights
+
+- Tolerations and Affinity can now be set for Blackbox expoter
+
+## Changes by kind
+
+### Feature(s)
+
+- [#2237](https://github.com/elastisys/compliantkubernetes-apps/pull/2237) - Added prometheus metrics to the diagnostics script [@Elias-elastisys](https://github.com/Elias-elastisys)
+
+### Improvement(s)
+
+- [ecab4f2](https://github.com/elastisys/compliantkubernetes-apps/commit/ecab4f206851dc0789dee4ac4b25efc6ea18f732) - Upgrade Grafana chart to v8.5.8 and image to v11.2.3+security-01 [@Xartos](https://github.com/Xartos)
+- [#2209](https://github.com/elastisys/compliantkubernetes-apps/pull/2209) - apps: Add support for ingress to use predefined ips [@lucianvlad](https://github.com/lucianvlad)
+- [#2242](https://github.com/elastisys/compliantkubernetes-apps/pull/2242) - Fix deprecated Grafana dashboards [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2245](https://github.com/elastisys/compliantkubernetes-apps/pull/2245) - Upgrade Grafana chart to v8.4.7 and image to v11.1.4 [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2269](https://github.com/elastisys/compliantkubernetes-apps/pull/2269) - Add Velero e2e tests [@simonklb](https://github.com/simonklb)
+- [#2273](https://github.com/elastisys/compliantkubernetes-apps/pull/2273) - config: Open cert-manager netpols by default [@aarnq](https://github.com/aarnq) [ADR](https://elastisys.io/compliantkubernetes/adr/0051-open-cert-manager-netpols/)
+- [#2275](https://github.com/elastisys/compliantkubernetes-apps/pull/2275) - Add extraconfig variable for nodelocaldns hostzone [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2277](https://github.com/elastisys/compliantkubernetes-apps/pull/2277) - Add instance type to kube_node_labels metric [@lunkan93](https://github.com/lunkan93)
+- [#2280](https://github.com/elastisys/compliantkubernetes-apps/pull/2280) - Upgrade Falco to v0.38.2, chart to v4.8.2 and falco-exporter chart to v0.12.1 [@Zash](https://github.com/Zash)
+- [#2286](https://github.com/elastisys/compliantkubernetes-apps/pull/2286) - Expose Tolerations and Affinity in config for blackbox exporter  [@robinAwallace](https://github.com/robinAwallace)
+  - Tolerations and Affinity can now be set for Blackbox expoter
+- [#2288](https://github.com/elastisys/compliantkubernetes-apps/pull/2288) - Expose affinity and tolerations for metrics-server [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2293](https://github.com/elastisys/compliantkubernetes-apps/pull/2293) - Upgrade grafana chart to v8.5.2 [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2296](https://github.com/elastisys/compliantkubernetes-apps/pull/2296) - Exclude Cluster API namespaces from Velero backups [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2302](https://github.com/elastisys/compliantkubernetes-apps/pull/2302) - bin: make update swift ip simpler [@robinAwallace](https://github.com/robinAwallace)
+- [#2307](https://github.com/elastisys/compliantkubernetes-apps/pull/2307) - apps sc: apply rclone namespace if sync or restore is enabled [@viktor-f](https://github.com/viktor-f)
+- [#2308](https://github.com/elastisys/compliantkubernetes-apps/pull/2308) - scripts: check for missing env variables in local-cluster script [@viktor-f](https://github.com/viktor-f)
+- [#2312](https://github.com/elastisys/compliantkubernetes-apps/pull/2312) - Add Falco exception for spilo-16 image [@lunkan93](https://github.com/lunkan93)
+- [#2313](https://github.com/elastisys/compliantkubernetes-apps/pull/2313) - apps: Falco rule updates [@aarnq](https://github.com/aarnq)
+- [#2316](https://github.com/elastisys/compliantkubernetes-apps/pull/2316) - Add tektonPipelines to config schema [@lunkan93](https://github.com/lunkan93)
+
+### Other(s)
+
+- [#2247](https://github.com/elastisys/compliantkubernetes-apps/pull/2247) - other: Add Fluentd metric for incoming records per tag [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2254](https://github.com/elastisys/compliantkubernetes-apps/pull/2254) - bug: Fix log-manager on Azure [@vomba](https://github.com/vomba)
+- [#2272](https://github.com/elastisys/compliantkubernetes-apps/pull/2272) - other: added documentation checklist for PR template [@AlbinB97](https://github.com/AlbinB97)
+- [#2274](https://github.com/elastisys/compliantkubernetes-apps/pull/2274) - other: Port 0.39.2 [@aarnq](https://github.com/aarnq)
+- [#2276](https://github.com/elastisys/compliantkubernetes-apps/pull/2276) - bug: Fix Slack customTemplate type [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2279](https://github.com/elastisys/compliantkubernetes-apps/pull/2279) - bug: apps: fix install-requirements [@Eliastisys](https://github.com/Eliastisys)
+- [#2281](https://github.com/elastisys/compliantkubernetes-apps/pull/2281) - clean-up: config: remove tls secret from kubeapi-metrics ingress template [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2282](https://github.com/elastisys/compliantkubernetes-apps/pull/2282) - bug: Add migration script to fix Grafana lookup volumeName issue [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2283](https://github.com/elastisys/compliantkubernetes-apps/pull/2283) - documentation: Port 0.40.1 [@Eliastisys](https://github.com/Eliastisys)
+- [#2285](https://github.com/elastisys/compliantkubernetes-apps/pull/2285) - bug: Fix rook-ceph alerts [@lunkan93](https://github.com/lunkan93)
+- [#2289](https://github.com/elastisys/compliantkubernetes-apps/pull/2289) - bug: Fix update-ips fetch swift url [@robinAwallace](https://github.com/robinAwallace)
+- [#2291](https://github.com/elastisys/compliantkubernetes-apps/pull/2291) - bug: tests: Fixed issue where collapsed sections couldn't be found [@Xartos](https://github.com/Xartos)
+- [#2292](https://github.com/elastisys/compliantkubernetes-apps/pull/2292) - documentation: docs: move cert-manager netpol migration step to v0.42 [@lunkan93](https://github.com/lunkan93)
+- [#2294](https://github.com/elastisys/compliantkubernetes-apps/pull/2294) - other: Port 0.41.0 [@Elias-elastisys](https://github.com/Elias-elastisys) [@lunkan93](https://github.com/lunkan93)
+- [#2295](https://github.com/elastisys/compliantkubernetes-apps/pull/2295) - clean-up: Move restore instructions and resources to /restore [@simonklb](https://github.com/simonklb)
+- [#2300](https://github.com/elastisys/compliantkubernetes-apps/pull/2300) - clean-up: Improve Harbor restore for Azure [@simonklb](https://github.com/simonklb)
+- [#2301](https://github.com/elastisys/compliantkubernetes-apps/pull/2301) - documentation: Link to schemas in Rclone restore instructions [@simonklb](https://github.com/simonklb)
+- [#2304](https://github.com/elastisys/compliantkubernetes-apps/pull/2304) - documentation: Add known issue restoring Harbor from S3 to Azure [@simonklb](https://github.com/simonklb)
+- [#2306](https://github.com/elastisys/compliantkubernetes-apps/pull/2306) - bug: config: change default destination sync type to azure for azure [@viktor-f](https://github.com/viktor-f)
+- [#2309](https://github.com/elastisys/compliantkubernetes-apps/pull/2309) - bug: Fix constraint for HNC user namespaces [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2314](https://github.com/elastisys/compliantkubernetes-apps/pull/2314) - bug: Fix grafana datasources and tests for multi wc [@Elias-elastisys](https://github.com/Elias-elastisys)
+- [#2326](https://github.com/elastisys/compliantkubernetes-apps/pull/2326) - bug: Fix: add label user-grafana pvc for velero [@robinAwallace](https://github.com/robinAwallace)
diff --git a/helmfile.d/charts/grafana-dashboards/files/welcome.md b/helmfile.d/charts/grafana-dashboards/files/welcome.md
@@ -4,15 +4,14 @@
 
 Here you can find the most relevant features and changes for the last couple of releases of Welkin
 
+- Upgraded Grafana to v11.2.3. **[v0.42]**
+  - Drops support for dashboards using Angular plugins. See [here](https://grafana.com/docs/grafana/latest/developers/angular_deprecation/) for more information.
+- Upgraded Falco to v0.38.2. **[v0.42]**
 - Updated Grafana dashboards containing deprecated panels. **[v0.41]**
 - Grafana was upgraded to v10.4.7. **[v0.41]**
 - Ingress-nginx was upgraded to v1.11.2. **[v0.41]**
   - Drops support for Kubernetes v1.25 and adds support for v1.30.
 - NodeLocal DNS was upgraded to v1.23.1. **[v0.41]**
-- Disabled kured alerts in WC. **[v0.40]**
-- Opensearch and Opensearch dashboards was upgraded to v2.15.0. **[v0.40]**
-- Harbor was upgraded to v2.11.0. **[v0.40]**
-- Dex was upgraded to v2.40.0. **[v0.40]**
 
 ## Public docs
 

diff --git a/helmfile.d/charts/opensearch/configurer/files/dashboards-resources/welcome.md b/helmfile.d/charts/opensearch/configurer/files/dashboards-resources/welcome.md
@@ -4,15 +4,14 @@
 
 Here you can find the most relevant features and changes for the last couple of releases of Welkin
 
+- Upgraded Grafana to v11.2.3. **[v0.42]**
+  - Drops support for dashboards using Angular plugins. See [here](https://grafana.com/docs/grafana/latest/developers/angular_deprecation/) for more information.
+- Upgraded Falco to v0.38.2. **[v0.42]**
 - Updated Grafana dashboards containing deprecated panels. **[v0.41]**
 - Grafana was upgraded to v10.4.7. **[v0.41]**
 - Ingress-nginx was upgraded to v1.11.2. **[v0.41]**
   - Drops support for Kubernetes v1.25 and adds support for v1.30.
 - NodeLocal DNS was upgraded to v1.23.1. **[v0.41]**
-- Disabled kured alerts in WC. **[v0.40]**
-- Opensearch and Opensearch dashboards was upgraded to v2.15.0. **[v0.40]**
-- Harbor was upgraded to v2.11.0. **[v0.40]**
-- Dex was upgraded to v2.40.0. **[v0.40]**
 
 ## Public docs
 

diff --git a/helmfile.d/upstream/grafana/grafana/Chart.yaml b/helmfile.d/upstream/grafana/grafana/Chart.yaml
@@ -6,7 +6,7 @@ annotations:
     - name: Upstream Project
       url: https://github.com/grafana/grafana
 apiVersion: v2
-appVersion: 11.3.0
+appVersion: 11.2.3-security-01
 description: The leading tool for querying and visualizing time series and metrics.
 home: https://grafana.com
 icon: https://artifacthub.io/image/b4fed1a7-6c8f-4945-b99d-096efa3e4116
@@ -32,4 +32,4 @@ sources:
 - https://github.com/grafana/grafana
 - https://github.com/grafana/helm-charts
 type: application
-version: 8.5.9
+version: 8.5.8
diff --git a/helmfile.d/upstream/index.yaml b/helmfile.d/upstream/index.yaml
@@ -46,7 +46,7 @@ charts:
 
   goharbor/harbor: 1.15.0
 
-  grafana/grafana: 8.5.9
+  grafana/grafana: 8.5.8
 
   jetstack/cert-manager: v1.12.8
 

diff --git a/tests/end-to-end/general/bin-diagnostics.bats b/tests/end-to-end/general/bin-diagnostics.bats
@@ -7,6 +7,8 @@ setup() {
   load_assert
   load_file
 
+  export CK8S_AUTO_APPROVE=true
+
   with_kubeconfig sc
 }