v0.12.1

Bug fixes :

• chore : creating the MoveFile function, which moves source file to destination, even when they are located in separate drives

• fix(bare-metal) : yubikey passthrough now works

v0.12.0

Features :

• Ensure that runtime-dependencies are installed (during command pre-run) | Initialize repository locally and create and push an empty commit, if KubeAid config repo is empty.

• Allow having 0 node-groups.

• Added support for bootstrapping cluster in Hetzner Bare Metal.

• Added support for bootstrapping and upgrading Bare Metal clusters (supports YubiKey authentication).

• Added support for bootstrapping a hybrid cluster in Hetzner : the control-plane will be in HCloud and node-groups will be in Hetzner Bare-Metal.

• Added cluster test command, which, for now, checks whether Cilium is installed and running properly or not.

• feat : command execution output is now streamed to the stdout

• feat : creating and setting up an ArgoCD account for KubeAid Agent, when customerID is set

Chores :

• Main cluster's name cannot contain any dot character.

• Writing guide docs for each provider.

And other chores and small bug fixes.

v0.11.2

Full Changelog: v0.11.1...v0.11.2

v0.11.1

• VMSpecs.Memory in GiB and not MiB.

• Using notblank instead of notblank.required.

• Creating initial Velero and Sealed Secrets backups while bootstrapping a fresh cluster.

• Shifting from Syself's to HCloud's official CCM Helm chart.

v0.11.0

cluster bootstrap command support for HCloud

v0.10.0

Feat :

• Finished cluster recover command implementation for Azure.

• Persist general config in cluster dir in user's KubeAid config repo.

Fixes :

• Fixed downloadBlobContent function - adding YAML extension to the file where downloaded backed up Sealed Secrets keys are persisted.

• Using kubectl replace --force instead of kubectl apply to restore backed up Sealed Secrets keys.

• While recovering cluster, recover sealed secrets controller private keys and then install sealed secrets.

• Fixed AssertNotNil function.

• Adding external-snapshotter template.

• Not syncing all ArgoCD Apps at the end of BootstrapCluster if recovering a cluster.

• Upgrading Kubernetes API server endpoint in Cilium values file when recovering a cluster.

Chores :

• Extracting common node-group validation logic in validateNodeGroup function.

• Updated go mod dependencies.

v0.9.0

fix(azure) : changing scope to subscription level for velero UAMI | installing azuredisk-csi-driver and external-snapshotter ArgoCD Apps | minor changes here and there :

• Giving security events write permission to the Github Actions release Workflow.

• Installing external-snapshotter ArgoCD App.

• Ignoring replicas field for MachineDeployment type resource, when calculating sync status for the capi-cluster ArgoCD App.

Azure specific changes :

• Changing scope to subscription level for velero UAMI.

• Installing azuredisk-csi-driver ArgoCD App.

• Wrote function to download contents from Azure Blob Container (not tested).

feat(azure) : bringing support for ARM64 based nodes :

• Bringing support for ARM64 based nodes, in case of Azure.

• Fixed renovate JSON5 config file

• Fixed Azure CLI login issue (which popped up recently).

• Updated dependencies in nix flake.

• Moved disasterRecovery section under cloud, instead of it being in the cloud provider specific section.

• Not updating cluster specific directory in user's KubeAid config, when doing disaster recovery.

added support for specifying CA bundle for accessing customer's Git server.

v0.8.0

Azure support related :

• Validate PEM type SSH key-pair (used for external OpenID provider associated with the Workload Identity setup).

• Scale to / from zero support for node-groups.

• Deploying Velero to provisioned cluster.

• Deploying Sealed Secrets backuper CRONJob to provisioned cluster.

• High performance networking using Cilium.

  Not possible, since we need to have an BGP router to do cross subnet traffic routing.

Bug fixes :

• After doing clusterctl move, CAPZ and ASO weren't able to authenticate with Microsoft Entra. Fixed that.

• After doing clusterctl move, sealed secrets weren't getting updated (to being signed by the provisioned cluster's Sealed Secrets key) in KubeAid. Fixed that.

Developer experience and CI related :

• Added golangci-lint, trivy and renovate configuration files.

• Fix all lint errors.

• Write a Gitea Actions workflow file, to run lint tests for each PR.

• Update the Github release actions workflow file, to do vulnerability scanning using Trivy and upload the results as GitHub artifacts.

• Instead of directly fetching binaries like azwi and clusterawsadm, fetch the source repository and use buildGoModule to build the binary intead. This way, it's easier to support all the OS + CPU architecture combinations.

• Creating KubeAid Bootstrap Script overlay. So I can install the kubeaid-bootstrap-script binary along with its runtime dependencies, in KubeAid Agent, using KubeAid Agent's nix flake.

  Ditched the idea of building multi-arch container images using Nix.
  Not worth the time as of now.

**Related changes in KubeAid ** :

• added azure-workload-identity-webhook KubeAid chart

• consuming service account issuer keys from Kubernetes Secret

• removing root account password for each node

Signed-off-by: Archisman archisman@obmondo.com

v0.7.2

• Currently we have a single config file : the KubeAid Bootstrap Script config file.

  And credentials get picked up, with this precedence order :
  CLI Flag > Environment Variable > KubeAid Bootstrap Script config file.

  A downside of specifying credentials via CLI flags / environment variables is that the credentials will stay in the shell history.

  We need to have a dedicated KubeAid Bootstrap Script secrets file. Any credentials will be specified there.

  We can later have a feature : of automatically backing up the secrets file in an S3 compatible storage, during the cluster bootstrap process.

  Or the user can just save the secrets file in passwordstore / 1password / other password management solutions.

  And the config file will be saved in the KubeAid config's cluster specific directory.

  If the user wants to reinstall / recover a cluster, the user can download the KubeAid Bootstrap Script config and secret files locally, update tokens and credentials (if required) and then use them to run the corresponding command.

• Also, hides this annoying ArgoCD port-forward error :

  E0403 16:48:33.891777   48128 portforward.go:391] "Unhandled Error" err="error copying from remote stream to local
  connection: readfrom tcp4 127.0.0.1:53214->127.0.0.1:53218: write tcp4 127.0.0.1:53214->127.0.0.1:53218: write: broken
  pipe" logger="UnhandledError"
  

• I ran the cluster upgrade aws command. The capi-cluster.values.yaml got weirdly and wrongly formatted : Archisman-Mridha/kubeaid-config@main...Archisman-Mridha:kubeaid-config:kubeaid-kubeaid-demo-aws-1740740791.

  I have to disable yq's formatting.

v0.7.1

• Implementing a custom slog handler which emits colorized logs.
• Using multiwriter to write to both os.Stdout and a log file.
• Disabled debug logs from the Helm SDK.
• Having a nice folder structure in the outputs directory.