Application lifecycle orchestration
💥 The Kargo v0.5.0 release is here and wow! -- it's a big one!
So much has gone into this release that it's been really difficult narrowing the release notes down to just a few highlights. Here are some of the most noteworthy features and fixes. If you're looking for a more complete list, please do consult the full changelog.
If you read only one section of the release notes, let this be this one.
If you are upgrading from v0.4.x to v0.5.0, you should run this script first to ensure a smooth upgrade of Kargo's CRDs. If you do not run the script, you will likely see errors in your controllers, but it will not be too late to run it and re-attempt the upgrade.
Future CRD upgrades will be less onerous for reasons discussed in the Chart Improvements section.
All other breaking changes should be well-accounted for by specialized upgrade reconcilers that are included in this release, but are not present in our main
branch. (i.e. They will be gone in v0.6.0.) They will make small changes to:
Stage
resourcesFreight
resourcesSecret
resources)If you manage your Kargo projects using Argo CD, you may find that the last change (to credentials) brings your projects out of sync with your Application
s. Should that occur, please consult the Managing Credentials section of the Kargo documentation for details about the new format.
There is no upgrade path from versions prior to v0.4.0.
⚠️ Breaking Change
The CLI has been virtually rewritten from the ground up. Up until now it wasn't an area of the project that had received the attention it deserved and we knew its UX needed quite a bit of work. All that has changed with this release!
The updated CLI should feel more intuitive across the board, behavior and help text should be more consistent from one command to the next, and we've added quite a bit of new functionality as well. 🆕 Especially notable is that credentials can now be managed and verification processes re-run or even aborted via CLI.
If you upgrade Kargo's cluster-side components, you must also upgrade the CLI (if you use it).
🆕 New Feature
A frequently requested feature has been the ability to narrow a Warehouse
resource's subscriptions to Git repositories to include or exclude changes to certain paths. This feature has now been implemented and makes it possible to, for instance, subscribe to a monorepo, but trigger the production of new Freight
only when changes to relevant paths are detected.
The Kargo team wishes to specifically thank @maksimstankevic for their extensive work on this feature. To date, this is the largest feature contributed by a non-maintainer and we are very grateful for both the effort and the quality of the work.
⚠️ Breaking Change
Repository credential storage has been significantly refactored in this release. The strategy previously employed closely emulated Argo CD -- and this included idiosyncrasies that existed in Argo CD for legacy reasons, but could stand to be improved in Kargo. With this change, the capability of "borrowing" credentials from Argo CD has also been completely removed.
The new strategy is considerably more straightforward.
As indicated in the Upgrade Path section, Kargo v0.5.0 will automatically update the format of existing repository credentials. If any difficulties are encountered, please do consult the Managing Credentials section of the Kargo documentation.
🔧 Kargo CRDs can now be upgraded via the chart. This was not possible before because we took advantage of Helm's support for a dedicated crds/
directory. A limitation of that approach is that upgrades to a Kargo installation did not upgrade the CRDs. (Read more about this here.) This limitation has been overcome by moving the CRDs into the chart's templates/
directory instead.
One consequence of this change is that if you plan to upgrade to Kargo v0.5.0 from an older version, you will first need execute a script that adopts non-Helm-managed Kargo CRDs into your existing Kargo release.
🆕 Installation of the Kargo chart now includes kargo-admin
and kargo-viewer
ServiceAccounts
, which can be mapped to specific API users via subject, email, or group OpenID Connect claims. This is useful for organizations that may wish to:
Grant broad (all Project
s) read-only access to all authenticated users.
Grant broad (all Project
s) administrative access to a small subset of specific users or users belonging to a specific group.
Install Kargo with the built-in admin user disabled (recommended).
Additionally, the Kargo management controller will automatically expand and contract the permissions of the kargo-admin
ServiceAccount
to include credential-management (Secret
-management) permissions as Project
resources are created and deleted. This dynamic expansion and contraction of permission to access Secret
s in individual namespaces prevents the kargo-admin
ServiceAccount
from requiring cluster-wide access to Secret
resources.
Garbage collection has been improved in a number of ways:
🆕 Argo Rollouts AnalysisRun
resources used to verify Stage
/Freight
pairs are now owned by the relevant Freight
. The result is that as old and unused Freight
is itself garbage collected, so too are the associated AnalysisRun
resources.
🆕 Freight
is now being garbage collected -- it wasn't before. This is quite important to overall cluster health since Freight
resources are quite likely to become extremely numerous over time. Of course, we never wish to garbage collect Freight
that is still in use. By default, the garbage collector will, Project
by Project
, Warehouse
by Warehouse
, delete only Freight
that are both more than 20 generations older than the oldest Freight
still in use and also more than two weeks old.
🔧 Promotion
resources are now being garbage collected more conservatively. Previously, the garbage collector would, Project
by Project
, delete the very oldest Promotion
resources. This proved to be a mistake, as it is possible that some very old Promotions
are still relevant, while newer ones are not. Such a situation can arise, for instance, if the last Promotion
to production were in the distant past, while many Promotions
to Stage
s upstream from production have occurred since. The improved garbage collection of Promotion
resources now takes this into account by working Project
by Project
, and Stage
by Stage
, deleting only Promotion
resources that are both more than 20 generations older than the oldest Promotion
in a non-terminal phase and also more than two weeks old.
🆕 The following can now be created and managed via the UI:
Project
sWarehouse
sSecret
s)AnalysisTemplate
s (used for verifications)🔧 Warehouse
s with no subscribers are now displayed correctly.
🔧 Warehouse
s with multiple Stage
s subscribed directly to them are now displayed correctly.
🔧 Numerous layour tweaks
We're pleased to have had @hiddeco join the team at Akuity as a new Kargo maintainer. His efforts were instrumental in making v0.5.0 our most feature-rich and stable release to date. We're excited that his addition to the team will both accelerate the pace of development and further improve the overall quality of the project!
Last, but certainly not least, Kargo would be nothing without its community, so we'd like to acknowledge community members whose first contributions are included in this release:
Thank you all for your contributions!
Full Changelog: v0.4.5...v0.5.0