Changelog - deployKF¶
This changelog lists releases of deployKF that are found in the deployKF/deployKF
repository.
Danger
Carefully review the "Upgrade Notes" and "Important Notes" before upgrading deployKF to a new version.
Also review the tool versions and version matrix pages.
Can I be notified of new releases?
Yes. Watch the deployKF/deployKF
repo on GitHub.
At the top right, click Watch
→ Custom
→ Releases
then confirm by selecting Apply
.
What about pre-releases?
For a changelog that includes pre-releases, see the full-changelog.
0.1.4 (2024-02-16)¶
Upgrade Notes
- There will be some downtime for Kubeflow Pipelines and users will be forced to re-authenticate.
- You MUST sync with pruning enabled, as we have changed a number of resources.
- If you are using our automated ArgoCD Sync Script:
- Update to the latest script version, found in the
main
branch. - Ensure you respond "yes" to all "Do you want to sync with PRUNING enabled?" prompts.
- To prevent the need to sync twice, please manually delete this
ClusterPolicy
using the following command BEFORE syncing:kubectl delete clusterpolicy "kubeflow-pipelines--generate-profile-resources"
- (otherwise, the first sync will time-out waiting for
kf-tools--pipelines
to be healthy)
- Update to the latest script version, found in the
Important Notes
- We no longer use Kyverno to generate resources in each profile for Kubeflow Pipelines, we now include these resources directly based on your profile values, this is due to Kyverno not scaling well for large numbers of profiles. However, we still use Kyverno for cloning Secrets across namespaces, triggering restarts of Deployments, and a few other things.
- We have resolved the compatibility issues with Azure AKS. To enable the Azure-specific fixes, please set the
kubernetes.azure.admissionsEnforcerFix
value totrue
. - There have been significant changes to how authentication is implemented. These changes should allow you to bring your own Istio Gateway Deployment (Pods) without having other services end up behind deployKF's authentication system. However, please note that deployKF still manages its own Gateway Resource (CRD).
- For those experiencing "route not found" issues when using an external proxy to terminate TLS, you can now disable "SNI Matching" on the Istio Gateway by setting the
deploykf_core.deploykf_istio_gateway.gateway.tls.matchSNI
value tofalse
.
What's Changed
Significant Changes
- feat: allow other istio gateways on ingress deployment by @thesuperzapper in #66
- feat: allow disabling SNI matching on gateway by @thesuperzapper in #83
- fix: issues preventing deployment on Azure AKS by @thesuperzapper in #85
- improve: stop using kyverno to provision kfp profile resources by @thesuperzapper in #102
New Features
- feat: disable default plugins and resource-quotas in specific profiles by @thesuperzapper in #67
- feat: allow custom external service ports by @thesuperzapper in #82
- feat: allow disabling HTTPS redirect by @thesuperzapper in #86
- feat: add pod-labels value for cert-manager controller by @thesuperzapper in #88
- feat: optional sign-in page to stop background request CSRF accumulation by @thesuperzapper in #100
Improvements
- improve: use
__Secure-
cookie prefix and remove domains config by @thesuperzapper in #87 - improve: increase kyverno resource limits and add values by @thesuperzapper in #93
- improve: use CRD-level "replace" for kyverno ArgoCD app by @thesuperzapper in #94
- improve: argocd sync script should only wait for app health once by @thesuperzapper in #104
Bug Fixes
- fix: prevent kyverno log spam on missing generate context by @thesuperzapper in #54
- fix: rstudio logo format for non-chrome browsers by @thesuperzapper in #56
- fix: using AWS IRSA with Kubeflow Pipelines by @thesuperzapper in #79
- fix: use 307 status for HTTP redirects by @thesuperzapper in #81
- fix: proxy protocol envoyfilter for istio gateway by @thesuperzapper in #80
- fix: disallow out-of-band KFP audience when disabled by @thesuperzapper in #89
- fix: support kyverno chart changes (but keep kyverno version) by @thesuperzapper in #92
- fix: annotate cloned imagePullSecrets to be ignored by ArgoCD by @dkhachyan in #90
- fix: add background filter to restart trigger policies by @thesuperzapper in #95
- fix: prevent CSRF cookie accumulation on auth expiry by @thesuperzapper in #99
Documentation
- docs: update example ArgoCD to 2.9.6 by @thesuperzapper in #91
0.1.3 (2023-10-31)¶
Important Notes
- For more information about using the new "browser login flow" with Kubeflow Pipelines SDK, please see the updated Access Kubeflow Pipelines API guide.
What's Changed
Significant Changes
- feat: browser-based KFP SDK auth by @thesuperzapper in #45
New Features
- feat: update oauth2-proxy to 7.5.1 by @thesuperzapper in #44
- feat: kyverno policy for image-pull-secrets by @thesuperzapper in #47
- feat: add values for kyverno replicas by @thesuperzapper in #50
Improvements
- improve: limit trigger operations for kyverno policies by @thesuperzapper in #49
Bug Fixes
- fix: don't mount trust bundles with own cert-manager by @thesuperzapper in #46
- fix: ensure kyverno has permission to manage PodDefaults by @thesuperzapper in #51
Documentation
- docs: update sync script to force update kyverno policies by @thesuperzapper in #40
- docs: add requirement checks to argocd sync script by @thesuperzapper in #42
- docs: update reference argocd version to 2.8.5 by @thesuperzapper in #52
Miscellaneous
- refactor: always use
v1
kyverno resources by @thesuperzapper in #48
0.1.2 (2023-09-22)¶
Important Notes
- If you are using the
deployKF ArgoCD Plugin
, you MUST update to the latest version of the plugin BEFORE upgrading to this version (see: #29).
What's Changed
Significant Changes
- docs: add reference
sync_argocd_apps.sh
script by @thesuperzapper in #38
Bug Fixes
- fix: set kyverno webhook failure policy to ignore (fix uninstall deadlock) by @thesuperzapper in #26
- fix: resolve cert-manager race conditions by @thesuperzapper in #28
- fix: argocd plugin with "file://" dependencies (needed for helm forks) by @thesuperzapper in #29
- fix: create separate namespaces app, if destination is remote by @thesuperzapper in #30
- fix: ensure namespaces are never deleted or pruned by @thesuperzapper in #31
- fix: add sync waves to argocd apps (fix deletion) by @thesuperzapper in #32
- fix: resolve profile generator race condition by @thesuperzapper in #33
- fix: resolve race conditions with cloned secrets by @thesuperzapper in #34
- fix: app-of-apps should always target argocd cluster by @thesuperzapper in #35
Documentation
- docs: move guides to website by @thesuperzapper in #20
- docs: improve example app-of-apps for plugin by @thesuperzapper in #37
- docs: improve sample values, add reference overrides by @thesuperzapper in #36
0.1.1 (2023-08-08)¶
What's Changed
Significant Changes
- feat: create argocd plugin by @thesuperzapper in #16
New Features
- feat: allow custom documentation links in dashboard by @yankcrime in #12
- feat: allow a single ArgoCD to manage deployKF across multiple clusters by @thesuperzapper in #17
Bug Fixes
- fix: set
securityContext.fsGroup
on minio pods by @thesuperzapper in #14 - fix: minio-console user permissions (update minio) by @thesuperzapper in #18
Documentation
- docs: improve getting started formatting by @thesuperzapper in #8
- docs: add links to important values in readme by @thesuperzapper in #9
- docs: improve getting started guide by @thesuperzapper in #11
- docs: add link to youtube demo by @thesuperzapper in #13
0.1.0 (2023-07-10)¶
What's Changed
Significant Changes
- initial release 🎉 🎉 🎉
Last update: 2024-05-10
Created: 2024-05-10
Created: 2024-05-10