v2.28.7 Armory Continuous Deployment LTS Release (Spinnaker™ v1.28.0)

Release notes for Armory Continuous Deployment v2.28.7

2023/09/13 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.28.7, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update kubectl to 1.20

Impact

With 2.28 of Spinnaker, we’ve updated the kubectl binary to a 1.20 release. You may have potential caching issues as a result due to certain resources in Kubernetes being removed and/or no longer supported. Look for failures in your log files and exclude resources that don’t match your target cluster. For example, adding “PodPreset” to the “omitKinds” on your Kubernetes account configs would cause Spinnaker to skip trying to cache resources that no longer be able to be cached in newer kubernetes releases.

Introduced in: Armory CD 2.28.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

PluginVersion
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin0.11.0
App Name0.2.0
AWS Lambda1.0.10
Evaluate Artifacts0.1.1
External Accounts0.3.0
Observability Plugin1.3.1
Policy Engine0.3.0

Known issues

Application Attributes section displays “This Application has not been configured”

There is a known issue that relates to the Application Attributes section under the Config menu. An application that was already created and configured in Spinnaker displays the message, “This application has not been configured.” While the information is missing, there is no functional impact.

Affected versions: Armory CD 2.28.0

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

  • 2.26.x and later

Known Affected providers in Clouddriver:

  • Kubernetes
  • Cloudfoundry
  • Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Pipelines-as-Code GitHub comments

There is a known issue where Pipelines-as-Code can generate hundreds of comments in a GitHub Pull Request (PR) when updates are made, such as when a module that is used by multiple dinghyfiles gets changed. These comments may prevent the GitHub UI from loading or related API calls may lead to rate limiting.

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

SpEL expressions and artifact binding

There is an issue where it appears that SpEL expressions are not being evaluated properly in artifact declarations (such as container images) for events such as the Deploy Manifest stage. What is actually happening is that an artifact binding is overriding the image value.

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

2.26.x or later: Change the artifact binding behavior in spec.spinnakerConfig.profiles.clouddriver (Operator) or clouddriver-local.yml (Halyard) to the following, which causes artifacts to only bind the version when the tag is missing:

kubernetes:
  artifact-binding:
    docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Early access features enabled by default

Automatically cancel Jenkins jobs

You now have the ability to cancel triggered Jenkins jobs when a Spinnaker pipeline is canceled, giving you more control over your full Jenkins workflow. Learn more about Jenkins + Spinnaker in this Spinnaker changelog.

Enhanced BitBucket Server pull request handling

Trigger Spinnaker pipelines natively when pull requests are opened in BitBucket with newly added events including PR opened, deleted, and declined. See Triggering pipelines with Bitbucket Server in the Spinnaker docs for details

Pipelines adapt to sub pipeline with manual judgment color

When a child/sub pipeline is running and requires a manual judgment, the parent pipeline provides a visual representation that the child pipeline has an manual judgement waiting. This Github pull request shows a visual representation of the feature in action.

Early access features enabled manually

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
  timeout:
    enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines-as-Code PR checks

This feature, when enabled, verifies if the author of a commit that changed app parameters has sufficient WRITE permission for that app. You can specify a list of authors whose permissions are not valid. This option’s purpose is to skip permissions checks for bots and tools.

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Now you can configure Pipeline-as-Code to pull Pipelines-as-Code files from multiple branches on the same repo. Cut out the tedious task of managing multiple repos; have a single repo for Spinnaker application pipelines. See Multiple branches for how to enable and configure this feature.

Terraform template fix

Armory fixed an issue with SpEL expression failures appearing while using Terraformer to serialize data from a Terraform Plan execution. With this feature flag fix enabled, you are able to use the Terraform template file provider. Open a support ticket if you need this fix.

Highlighted updates

Clouddriver

  • Addressed an issue where deploying to an ECS cluster with tags was failing

Orca

  • Fixed an issue where Blue/Green(Red/Black) in the non-default namespace for kubernetes was failing
  • Fixed an issue where a missing “namespace” attribute in a HTTP call was being sent while fetching manifest details from Clouddriver.

Deck

  • Fixed some bugs related to Clone CX when instance types are incompatible. For full details, visit the Github PR

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.0 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand
artifactSources:
  dockerRegistry: docker.io/armory
dependencies:
  redis:
    commit: null
    version: 2:2.8.4-2
services:
  clouddriver:
    commit: 50b4f4881597a374a9ba85aac90c0c0b9b22cee5
    version: 2.28.7
  deck:
    commit: 5e7cef7a443e096cf8158c0c405c3ebbf8b97c35
    version: 2.28.7
  dinghy:
    commit: 912007004f7720b418cd133301c7fb20207e1f2f
    version: 2.28.7
  echo:
    commit: a602d9d5def0815cb52bdf6d695ca69cbf0abe3b
    version: 2.28.7
  fiat:
    commit: d0874307a60cbc457616569be910f4142c152586
    version: 2.28.7
  front50:
    commit: 3292cf2715a9e52bb4690601d4fd877407505ced
    version: 2.28.7
  gate:
    commit: c8058f4362f3f4ad108fa146d628a162445c7579
    version: 2.28.7
  igor:
    commit: 00998fa8b33acd6db5ffa8722e37593f608e9f64
    version: 2.28.7
  kayenta:
    commit: 3da923fd822202425b90a181c9734910c5c4a609
    version: 2.28.7
  monitoring-daemon:
    commit: null
    version: 2.26.0
  monitoring-third-party:
    commit: null
    version: 2.26.0
  orca:
    commit: 27a66c125270377772675b0e24d93566d878cfb9
    version: 2.28.7
  rosco:
    commit: 27d4a2b4a1d5f099b68471303d4fd14af156d46d
    version: 2.28.7
  terraformer:
    commit: ea9b0255b7d446bcbf0f0d4e03fc8699b7508431
    version: 2.28.7
timestamp: "2023-06-01 05:41:58"
version: 2.28.7

Armory

Armory Echo - 2.28.6…2.28.7

Armory Kayenta - 2.28.6…2.28.7

  • chore(cd): update base service version to kayenta:2023.06.01.03.10.17.release-1.28.x (#443)

Armory Igor - 2.28.6…2.28.7

  • chore(cd): update base service version to igor:2023.03.27.19.09.31.release-1.28.x (#426)
  • chore(cd): update armory-commons version to 3.11.5 (#450)
  • chore(cd): update armory-commons version to 3.11.6 (#453)

Armory Gate - 2.28.6…2.28.7

Armory Orca - 2.28.6…2.28.7

  • chore(cd): update base orca version to 2023.05.18.14.27.20.release-1.28.x (#645)

Armory Deck - 2.28.6…2.28.7

  • chore(cd): update base deck version to 2023.0.0-20230430115438.release-1.28.x (#1334)

Armory Fiat - 2.28.6…2.28.7

  • chore(cd): update armory-commons version to 3.11.5 (#472)
  • chore(cd): update armory-commons version to 3.11.6 (#476)

Armory Rosco - 2.28.6…2.28.7

Armory Front50 - 2.28.6…2.28.7

Terraformer™ - 2.28.6…2.28.7

Armory Clouddriver - 2.28.6…2.28.7

  • chore(cd): update base service version to clouddriver:2023.05.30.19.45.25.release-1.28.x (#880)

Dinghy™ - 2.28.6…2.28.7

Spinnaker

Spinnaker Echo - 1.28.0

Spinnaker Kayenta - 1.28.0

  • chore(dependencies): Autobump orcaVersion (#963)

Spinnaker Igor - 1.28.0

  • chore(dependencies): Autobump fiatVersion (#1101)

Spinnaker Gate - 1.28.0

Spinnaker Orca - 1.28.0

  • fix(deployment): fixed missing namespace while fetching manifest details from clouddriver (#4453) (#4455)

Spinnaker Deck - 1.28.0

  • fix(aws): Fixing bugs related to clone CX when instance types are incompatible with image/region (backport #9901) (#9975)

Spinnaker Fiat - 1.28.0

Spinnaker Rosco - 1.28.0

Spinnaker Front50 - 1.28.0

Spinnaker Clouddriver - 1.28.0

  • chore(dependencies): Autobump fiatVersion (#5916)

Last modified December 11, 2023: (a1805a70)