From 127fd4553a6f7a13ebb461cf0e6cc5d5768b6167 Mon Sep 17 00:00:00 2001 From: Philippe Scorsolini Date: Wed, 11 Jun 2025 16:24:26 +0200 Subject: [PATCH 1/2] release notes spaces 1.12.0 and 1.13.1 Signed-off-by: Philippe Scorsolini --- content/reference/rel-notes/spaces-v1.13.1.md | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 content/reference/rel-notes/spaces-v1.13.1.md diff --git a/content/reference/rel-notes/spaces-v1.13.1.md b/content/reference/rel-notes/spaces-v1.13.1.md new file mode 100644 index 000000000..0520cdc4a --- /dev/null +++ b/content/reference/rel-notes/spaces-v1.13.1.md @@ -0,0 +1,55 @@ +--- +title: "Spaces v1.13.1" +version: "v1.13.1" +date: 2025-11-06 +tocHidden: true +product: "spaces" +version_sort_key: "0001.0013.0001" +--- + + +> [!WARNING] +> Latest Crossplane version supported is now 1.20, this means the oldest supported version is 1.18, so if you have Controlplanes pinned to `1.17.x`, please update them before upgrading, otherwise they'll be set as degraded. + +## Important changes + +- Bump UXP supported version to 1.20. +- The ESO version we use for SharedSecretStore feature is updated to `v0.16.2` and with this version bumps the `ExternalSecret`, `ClusterSecretStore` and all External Secrets provider versions to `v1`. +- SharedSecrets is now considered GA and enabled by default. +- SharedTelemetry - removed control plane system components(Spaces internals, etcd...) telemetry from SharedTelemetry. Self-hosted Spaces admins can still turn it back on by setting the `observability.collectors.includeSystemTelemetry` flag to true. ([#2620] +(https://github.com/upbound/spaces/pull/2620), [@lsviben](https://github.com/lsviben)) + +### Vcluster changes +VCluster has been upgraded from v0.22.3 to v0.24.1. There are no API changes introduced through this upgrade. + +Control Plane vCluster memory limits are now unset. In v1.12 release, we bumped the vCluster version and that caused the 3 vcluster system pods (syncer, api-server, and controller) to merge into just one pod. Previously, we used to not memory limit the api-server and use the autoscaler to manage its memory requests. With 1.12, as all the vCluster components were running in 1 pod, 1 container, we limited the memory + and had the autoscaler also manage the memory limits, based on the number of CRDs in the control plane. + + In the meantime, we noticed that if there is a sudden surge of CRDs, the vCluster pod can run out of memory(including the api-server) before the autoscaler can react to the rise of CRDs, thus making it unable to get the CRD number and autoscale. + + This is why we are now unsetting the vCluster memory limits and will monitor further vCluster improvements. + +## Features + +- Added the `externalTLS` Helm parameter tree to facilitate easier configuration for a custom external certificate. +- Allow control-plane editors and admins to delete pods. +- Expose runtime latest versions information in crossplane-versions-public configmap. +- Moved CoreDNS out of the control plane and onto the host cluster +- Moved mxp-gateway and xgql out of the control plane and onto the host cluster +- Upbound controllers package metadata and the ControllerRuntimeConfig spec now support Go text templating. The "ingressHost" template variable is substituted with the Spaces ingress hostname, "controlPlaneName" and "controlPlaneNamespace" are substituted with the associated control plane's name and group name, respectively. ([#2528](https://github.com/upbound/spaces/pull/2528), [@ulucinar](https://github.com/ulucin +ar)) + + +## Bugs + +- Added validation to ensure the control plane name does not exceed 63 characters. +- Fixed a bug in how the envoy within spaces-router was configured that could result in non-deterministic behavior. Now envoy will allocate workers based on the CPU limits it is provided. +- Spaces-controller now runs with leader-election enabled even if it's not configured in HA mode with multiple replicas. + +## Chores + +- Dropped `controlPlanes.api`, `controlPlanes.controller` and `controlPlanes.syncer` parameter trees in the helm chart interface and introduced `controlPlanes.vcluster` to align with the latest vcluster version's combined pod architecture. +- Mxp-bootstrapper is now removed. +- Removed the mxp-gateway component to simplify the communication architecture. + + From a5fecc78dffb69bf92f357e77711d4ca0f368234 Mon Sep 17 00:00:00 2001 From: Philippe Scorsolini Date: Wed, 11 Jun 2025 16:29:50 +0200 Subject: [PATCH 2/2] adhere to standard Signed-off-by: Philippe Scorsolini --- content/reference/rel-notes/spaces-v1.13.1.md | 55 +++++++++---------- 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/content/reference/rel-notes/spaces-v1.13.1.md b/content/reference/rel-notes/spaces-v1.13.1.md index 0520cdc4a..8f79e31d6 100644 --- a/content/reference/rel-notes/spaces-v1.13.1.md +++ b/content/reference/rel-notes/spaces-v1.13.1.md @@ -8,48 +8,47 @@ version_sort_key: "0001.0013.0001" --- -> [!WARNING] -> Latest Crossplane version supported is now 1.20, this means the oldest supported version is 1.18, so if you have Controlplanes pinned to `1.17.x`, please update them before upgrading, otherwise they'll be set as degraded. +#### What's Changed -## Important changes +**Warning - Breaking changes** -- Bump UXP supported version to 1.20. -- The ESO version we use for SharedSecretStore feature is updated to `v0.16.2` and with this version bumps the `ExternalSecret`, `ClusterSecretStore` and all External Secrets provider versions to `v1`. -- SharedSecrets is now considered GA and enabled by default. -- SharedTelemetry - removed control plane system components(Spaces internals, etcd...) telemetry from SharedTelemetry. Self-hosted Spaces admins can still turn it back on by setting the `observability.collectors.includeSystemTelemetry` flag to true. ([#2620] -(https://github.com/upbound/spaces/pull/2620), [@lsviben](https://github.com/lsviben)) +- This release contains breaking changes related to the Universal Crossplane version support. The latest supported Crossplane version is now `1.20`, which means the oldest supported version is `1.18`. If you have control planes pinned to `1.17.x`, please update them before upgrading, otherwise they'll be set as degraded. +- The ESO version used for SharedSecretStore feature is updated to `v0.16.2` and with this version bumps the `ExternalSecret`, `ClusterSecretStore` and all External Secrets provider versions to `v1`. +- `controlPlanes.api`, `controlPlanes.controller` and `controlPlanes.syncer` parameter trees have been dropped from the Helm chart interface. The `controlPlanes.vcluster` parameter tree should be used instead to align with the latest vcluster version's combined pod architecture. +- Control plane vCluster memory limits are now unset. Previously, memory limits were set and managed by the autoscaler, but sudden surges of CRDs could cause the vCluster pod to run out of memory before the autoscaler could react. + +#### Features and Enhancements + +Spaces `v1.13.1` contains important bug fixes, security improvements, dependency updates and architectural simplifications. The latest supported Crossplane version is bumped to `1.20` and SharedSecrets is now considered GA and enabled by default. Several components including CoreDNS, mxp-gateway, and xgql have been moved out of the control plane and onto the host cluster for improved performance and reliability. -### Vcluster changes -VCluster has been upgraded from v0.22.3 to v0.24.1. There are no API changes introduced through this upgrade. +This release bumps the vcluster dependency to `v0.24.1` with no API changes introduced through this upgrade. The vCluster memory management approach has been revised to prevent out-of-memory issues during CRD surges by unsetting memory limits while continuing to monitor vCluster improvements. -Control Plane vCluster memory limits are now unset. In v1.12 release, we bumped the vCluster version and that caused the 3 vcluster system pods (syncer, api-server, and controller) to merge into just one pod. Previously, we used to not memory limit the api-server and use the autoscaler to manage its memory requests. With 1.12, as all the vCluster components were running in 1 pod, 1 container, we limited the memory - and had the autoscaler also manage the memory limits, based on the number of CRDs in the control plane. +**Universal Crossplane**: +- Bumped the latest supported Universal Crossplane minor version to v1.20. + +**SharedSecrets**: +- SharedSecrets is now considered GA and enabled by default. +- ESO version updated to `v0.16.2` with provider versions bumped to `v1`. - In the meantime, we noticed that if there is a sudden surge of CRDs, the vCluster pod can run out of memory(including the api-server) before the autoscaler can react to the rise of CRDs, thus making it unable to get the CRD number and autoscale. +**Upbound Controllers**: +- Upbound controllers package metadata and the ControllerRuntimeConfig spec now support Go text templating. The "ingressHost" template variable is substituted with the Spaces ingress hostname, "controlPlaneName" and "controlPlaneNamespace" are substituted with the associated control plane's name and group name, respectively. - This is why we are now unsetting the vCluster memory limits and will monitor further vCluster improvements. +**Observability**: +- SharedTelemetry - removed control plane system components (Spaces internals, etcd...) telemetry from SharedTelemetry. Self-hosted Spaces admins can still turn it back on by setting the `observability.collectors.includeSystemTelemetry` flag to true. -## Features +**Architecture Improvements**: +- Moved CoreDNS and xgql out of the control plane and onto the host cluster. +- Removed the mxp-gateway and mxp-bootstrapper to simplify the communication architecture. +**Other**: - Added the `externalTLS` Helm parameter tree to facilitate easier configuration for a custom external certificate. - Allow control-plane editors and admins to delete pods. - Expose runtime latest versions information in crossplane-versions-public configmap. -- Moved CoreDNS out of the control plane and onto the host cluster -- Moved mxp-gateway and xgql out of the control plane and onto the host cluster -- Upbound controllers package metadata and the ControllerRuntimeConfig spec now support Go text templating. The "ingressHost" template variable is substituted with the Spaces ingress hostname, "controlPlaneName" and "controlPlaneNamespace" are substituted with the associated control plane's name and group name, respectively. ([#2528](https://github.com/upbound/spaces/pull/2528), [@ulucinar](https://github.com/ulucin -ar)) - - -## Bugs +**Bug Fixes**: - Added validation to ensure the control plane name does not exceed 63 characters. - Fixed a bug in how the envoy within spaces-router was configured that could result in non-deterministic behavior. Now envoy will allocate workers based on the CPU limits it is provided. - Spaces-controller now runs with leader-election enabled even if it's not configured in HA mode with multiple replicas. -## Chores - -- Dropped `controlPlanes.api`, `controlPlanes.controller` and `controlPlanes.syncer` parameter trees in the helm chart interface and introduced `controlPlanes.vcluster` to align with the latest vcluster version's combined pod architecture. -- Mxp-bootstrapper is now removed. -- Removed the mxp-gateway component to simplify the communication architecture. - +