v0.6.0

What's Changed

The Kargo team is thrilled to announce the release of v0.6.0, packed with stability improvements, enhancements, and new features. While the list of improvements and additions is extensive, we have highlighted some features you can look forward to exploring.

If you are looking for a more complete list, please do consult the full changelog

Notes on Upgrading

There is a single breaking change: the "well-known" kargo-secret-manager ClusterRole has been renamed to kargo-project-admin. However, this release includes a built-in upgrade reconciler to ensure a seamless upgrade process by automatically changing any project-level bindings referencing the old name to reference the new one.

⚠️ Please note that if you are upgrading from a version older than v0.5.0, you first need to upgrade to v0.5.x before upgrading to v0.6.0. This is due to breaking changes introduced in v0.5.0, for which no upgrade aid exists in this release.

Role Management

Kargo will now create two roles in every Project: kargo-admin and kargo-viewer.

The Kargo UI and CLI further allow creating and managing additional roles to provide scoped access to Kargo resources in a Project, which can be mapped to OIDC emails, subjects, and groups.

Warehouse Filters

In v0.5.0, Warehouse subscription filters using regular expressions were introduced. Making it possible to, for instance, subscribe to a monorepo, but trigger the production of new Freight only when changes to relevant paths are detected.

In this release, this feature has been further enhanced to support glob patterns (using a glob: prefix) and exact paths to files or directories. Additionally, the filters now apply to all commit selection strategies (and not just NewestFromBranch).

For more detailed information, please take a look at the Kargo documentation.

Kubernetes Events

Kargo will now emit Kubernetes Events for noteworthy changes. For example, when a new Promotion is created or the verification of Freight in a Stage succeeded. These events can also be viewed in the newly introduced events tab in the Project dashboard of the Kargo UI.

GitLab Merge Requests

In v0.3.0, support for opening a GitHub pull request was added to Git-based promotion mechanisms. With the help of @PhilippParis, this has now been expanded to support GitLab merge requests.

UI Improvements

• Project settings and AnalysisTemplate resources can now be managed through the UI.
• Variety of bug fixes and other stability improvements.

Other Notable Features

• Credentials can now include descriptions, which are displayed in the UI for informational purposes. We plan to expand this feature to more Kargo resource types in the future.
• kargo get commands now support a --no-headers flag, which will avoid printing the column headers when provided.
• kargo promote can now wait for a Promotion to finish using --wait.
• Kargo can now be configured (via the chart configuration) to sign commits with a GPG key.
• Arbitrary volumes can be mounted to the optional Dex server (via the chart configuration) to support more complex connector configurations. This can for example be useful to configure Dex's google connector to get additional Google Groups information from your users, allowing you to assign permissions to members of a Google Group.

New Contributors

Last, but certainly not least, Kargo would be nothing without its community, so we'd like to take a moment to thank community members whose first contributions to the project are included in this release:

• @blakepettersson
• @ed-boykin
• @PhilippParis
• @vavdoshka
• @zkhvan

v0.6.0-rc.2

chore: bulk backporting of recent changes from main (#1953)

Signed-off-by: Maksim Stankevic <maksim.stankevic1@gmail.com>
Signed-off-by: Kent Rancourt <kent.rancourt@gmail.com>
Signed-off-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Maksim Stankevic <maksim.stankevic1@gmail.com>
Co-authored-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Hidde Beydals <hiddeco@users.noreply.github.com>

v0.5.2

fix: pin to pnpm 9.0.3 anywhere it is used (#1928)

Signed-off-by: Kent Rancourt <kent.rancourt@gmail.com>

v0.6.0-rc.1

fix(promotions): only check revision match sync result if found (#1923)

Signed-off-by: Hidde Beydals <hidde@hhh.computer>

v0.5.1

chore: backport recent prs to release-0.5 (#1801)

Signed-off-by: Remington Breeze <remington@breeze.software>
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Co-authored-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Hidde Beydals <hiddeco@users.noreply.github.com>

v0.5.1-rc.2

chore: backport recent prs to release-0.5 (#1801)

Signed-off-by: Remington Breeze <remington@breeze.software>
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Co-authored-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Hidde Beydals <hiddeco@users.noreply.github.com>

v0.5.1-rc.1

feat: backport analysistemplate and analysisrun views to release-0.5 …

…(#1782)

Signed-off-by: Rafal Pelczar <rafal@akuity.io>
Signed-off-by: Kent Rancourt <kent.rancourt@gmail.com>
Co-authored-by: Rafal <rafal@akuity.io>

v0.5.0

💥  The Kargo v0.5.0 release is here and wow! -- it's a big one!

So much has gone into this release that it's been really difficult narrowing the release notes down to just a few highlights. Here are some of the most noteworthy features and fixes. If you're looking for a more complete list, please do consult the full changelog.

Upgrade Path

If you read only one section of the release notes, let this be this one.

If you are upgrading from v0.4.x to v0.5.0, you should run this script first to ensure a smooth upgrade of Kargo's CRDs. If you do not run the script, you will likely see errors in your controllers, but it will not be too late to run it and re-attempt the upgrade.

Future CRD upgrades will be less onerous for reasons discussed in the Chart Improvements section.

All other breaking changes should be well-accounted for by specialized upgrade reconcilers that are included in this release, but are not present in our main branch. (i.e. They will be gone in v0.6.0.) They will make small changes to:

• Status of existing Stage resources
• Ownership references on existing Freight resources
• Labels and format of credentials (specially-formatted Secret resources)

If you manage your Kargo projects using Argo CD, you may find that the last change (to credentials) brings your projects out of sync with your Applications. Should that occur, please consult the Managing Credentials section of the Kargo documentation for details about the new format.

There is no upgrade path from versions prior to v0.4.0.

All New CLI

⚠️  Breaking Change

The CLI has been virtually rewritten from the ground up. Up until now it wasn't an area of the project that had received the attention it deserved and we knew its UX needed quite a bit of work. All that has changed with this release!

The updated CLI should feel more intuitive across the board, behavior and help text should be more consistent from one command to the next, and we've added quite a bit of new functionality as well. 🆕  Especially notable is that credentials can now be managed and verification processes re-run or even aborted via CLI.

If you upgrade Kargo's cluster-side components, you must also upgrade the CLI (if you use it).

New Path Filtering Rules

🆕  New Feature

A frequently requested feature has been the ability to narrow a Warehouse resource's subscriptions to Git repositories to include or exclude changes to certain paths. This feature has now been implemented and makes it possible to, for instance, subscribe to a monorepo, but trigger the production of new Freight only when changes to relevant paths are detected.

The Kargo team wishes to specifically thank @maksimstankevic for their extensive work on this feature. To date, this is the largest feature contributed by a non-maintainer and we are very grateful for both the effort and the quality of the work.

Credential Storage

⚠️  Breaking Change

Repository credential storage has been significantly refactored in this release. The strategy previously employed closely emulated Argo CD -- and this included idiosyncrasies that existed in Argo CD for legacy reasons, but could stand to be improved in Kargo. With this change, the capability of "borrowing" credentials from Argo CD has also been completely removed.

The new strategy is considerably more straightforward.

As indicated in the Upgrade Path section, Kargo v0.5.0 will automatically update the format of existing repository credentials. If any difficulties are encountered, please do consult the Managing Credentials section of the Kargo documentation.

Chart Improvements

• 🔧  Kargo CRDs can now be upgraded via the chart. This was not possible before because we took advantage of Helm's support for a dedicated crds/ directory. A limitation of that approach is that upgrades to a Kargo installation did not upgrade the CRDs. (Read more about this here.) This limitation has been overcome by moving the CRDs into the chart's templates/ directory instead.

  One consequence of this change is that if you plan to upgrade to Kargo v0.5.0 from an older version, you will first need execute a script that adopts non-Helm-managed Kargo CRDs into your existing Kargo release.

• 🆕  Installation of the Kargo chart now includes kargo-admin and kargo-viewer ServiceAccounts, which can be mapped to specific API users via subject, email, or group OpenID Connect claims. This is useful for organizations that may wish to:

  • Grant broad (all Projects) read-only access to all authenticated users.

  • Grant broad (all Projects) administrative access to a small subset of specific users or users belonging to a specific group.

  • Install Kargo with the built-in admin user disabled (recommended).

  Additionally, the Kargo management controller will automatically expand and contract the permissions of the kargo-admin ServiceAccount to include credential-management (Secret-management) permissions as Project resources are created and deleted. This dynamic expansion and contraction of permission to access Secrets in individual namespaces prevents the kargo-admin ServiceAccount from requiring cluster-wide access to Secret resources.

Improved Garbage Collection

Garbage collection has been improved in a number of ways:

• 🆕  Argo Rollouts AnalysisRun resources used to verify Stage/Freight pairs are now owned by the relevant Freight. The result is that as old and unused Freight is itself garbage collected, so too are the associated AnalysisRun resources.

• 🆕  Freight is now being garbage collected -- it wasn't before. This is quite important to overall cluster health since Freight resources are quite likely to become extremely numerous over time. Of course, we never wish to garbage collect Freight that is still in use. By default, the garbage collector will, Project by Project, Warehouse by Warehouse, delete only Freight that are both more than 20 generations older than the oldest Freight still in use and also more than two weeks old.

• 🔧  Promotion resources are now being garbage collected more conservatively. Previously, the garbage collector would, Project by Project, delete the very oldest Promotion resources. This proved to be a mistake, as it is possible that some very old Promotions are still relevant, while newer ones are not. Such a situation can arise, for instance, if the last Promotion to production were in the distant past, while many Promotions to Stages upstream from production have occurred since. The improved garbage collection of Promotion resources now takes this into account by working Project by Project, and Stage by Stage, deleting only Promotion resources that are both more than 20 generations older than the oldest Promotion in a non-terminal phase and also more than two weeks old.

UI Improvements

• 🆕  The following can now be created and managed via the UI:

  • Projects
  • Warehouses
  • Credentials (specially-formatted Secrets)
  • AnalysisTemplates (used for verifications)

• 🔧  Warehouses with no subscribers are now displayed correctly.

• 🔧  Warehouses with multiple Stages subscribed directly to them are now displayed correctly.

• 🔧  Numerous layour tweaks

New Maintainer

We're pleased to have had @hiddeco join the team at Akuity as a new Kargo maintainer. His efforts were instrumental in making v0.5.0 our most feature-rich and stable release to date. We're excited that his addition to the team will both accelerate the pace of development and further improve the overall quality of the project!

New Community Contributors

Last, but certainly not least, Kargo would be nothing without its community, so we'd like to acknowledge community members whose first contributions are included in this release:

• @sennerholm
• @MPritsch
• @sthomson-wyn
• @ftmiro
• @michaelasper
• @Exchizz
• @jacobnguyenn

Thank you all for your contributions!

Full Changelog: v0.4.5...v0.5.0

v0.5.0-rc.4

chore: backport recent changes from main to release-0.5 (#1762)

Signed-off-by: Remington Breeze <remington@breeze.software>
Signed-off-by: Sunghoon Kang <hoon@akuity.io>
Signed-off-by: Kent Rancourt <kent.rancourt@gmail.com>
Co-authored-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Sunghoon Kang <hoon@akuity.io>

v0.5.0-rc.3

feat(ui): Individual freight view (#1741) (#1746)

Signed-off-by: Remington Breeze <remington@breeze.software>
Co-authored-by: Remington Breeze <remington@breeze.software>