v2.19.4 Armory Release (OSS Release 1.19.4)
04/15/20 Release Notes
Note: Do not upgrade to Armory 2.19.4 (this version). Instead, upgrade to Armory 2.19.7 or later.
Breaking Changes
Halyard
Armory 2.19.x requires Armory-extended Halyard 1.8.3 or later.
HTTP sessions for Gate
This version includes an upgrade to the Spring Boot dependency. This requires you to flush all the Gate sessions for your Spinnaker deployment. For more information, see Flushing Gate Sessions.
Known Issues
Dynamic Accounts for Kubernetes
Fixed in: 2.21
There is an issue with Dynamic Accounts for Kubernetes where the following issues occur:
- Agents get removed but still run on schedule.
- Force cache refresh times out.
- If you have the clean up agent setup, your data randomly disappears and reappears.
These issues do not occur immediately, and you may even see modified accounts appear.
Service Accounts using Fiat
There is an issue creating or updating service accounts. This causes the pipeline permissions feature to not work.
Affected versions: Armory 2.19.6, 2.19.5, and 2.19.4.
Fixed versions: Armory 2.19.7 and later
Highlighted Updates
Armory
Highlighted Updates describe some of the major changes in this release. Highlights specific to Armory for this release include:
Policy Engine
Armory’s Policy Engine for the SDLC now also performs Runtime validation on Spinnaker pipelines. This means that when a pipeline runs, the Policy Engine evaluates the pipeline. This validation only operates on tasks that you have explicitly created policies for. For more information, see Policy Engine.
CVEs
Addressed a number of CVEs found within the Spinnaker services.
Spinnaker Community Contributions
The following highlights describe some of the major changes from the Spinnaker community for version 1.19.x, which is included in this release of Armory 2.19:
Scheduled Removal of Kubernetes V1 Provider The Kubernetes V1 provider will be removed in Spinnaker 1.21. Please see the RFC for more details.
Breaking change: Kubernetes accounts with an unspecified providerVersion will now default to V2. Update your Halconfig to specify providerVersion: v1
for any Kubernetes accounts you are currently using with the V1 provider.
Java 11
The migration to Java 11 continues. This should not affect Spinnaker users. If you extend Spinnaker, this change may affect you.
The Java 11 JRE runs Spinnaker when deployed to a Kubernetes cluster using Halyard (or if you consume the official containers in some other way). If this causes problems, or your organization isn’t ready to run Java 11 in production, you can specify deploymentEnvironment.imageVariant: JAVA8 (or UBUNTU_JAVA8) in your Halyard config. Please notify sig-platform@spinnaker.io if you run into issues and decide to downgrade.
All users need to switch to a Java 11 JRE by Spinnaker 1.21, which is scheduled to be released in early July. Please see the RFC for the full schedule and more details. We encourage everyone to start testing Spinnaker under a Java 11 JRE now in preparation for the cutover. If you have any concerns about the migration timeline, please reach out to sig-platform@spinnaker.io.
IAM service-linked roles for ECS
The ECS provider now requires IAM service-linked roles for use with ECS and Application Auto Scaling. Deployments to AWS accounts that do not already have service-linked roles for these AWS services may see failed deployments after upgrading to Spinnaker 1.19. To create the required service-linked roles, run the following:
aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
aws iam create-service-linked-role --aws-service-name ecs.application-autoscaling.amazonaws.com
Visit the ECS service-linked role documentation and the Application Auto Scaling service-linked role documentation for information on the permissions in these roles.
Changes to default settings for non-Halyard users
In order to make default settings consistent whether deploying using Halyard or manually, the following properties of Orca and Clouddriver have had their defaults changed. This change does not affect users who deploy using Halyard, as Halyard was already setting these properties to the new values.
- Clouddriver
shutdown-wait-seconds
, which sets the number of seconds Clouddriver waits for outstanding work to complete when shutting down, will now default to 600 seconds.
- Orca
- Orca will no longer consider the environment variable
REDIS_URL
when setting the connection to Redis. - The setting
echo.enabled
now defaults totrue
. - The
bakery.extractBuildDetails
setting now defaults totrue
.
- Orca will no longer consider the environment variable
Detailed Updates
Bill of Materials
Here’s the bom for this version.
Expand
version: 2.19.4-rc.12
timestamp: "2020-04-16 22:36:27"
services:
clouddriver:
commit: 07ce2a12
version: 2.19.6
echo:
commit: 9ac67cce
version: 2.19.7
fiat:
commit: a75473f4
version: 2.19.3
front50:
commit: 51451737
version: 2.19.4
gate:
commit: 771300da
version: 2.19.3
igor:
commit: 360d9491
version: 2.19.3
orca:
commit: 685ae010
version: 2.19.7
rosco:
commit: 6e6f34c3
version: 2.19.3
deck:
commit: 5c34e55b
version: 2.19.2
dinghy:
commit: e691b529
version: 2.19.4
terraformer:
commit: f498d00e
version: 1.0.5
kayenta:
commit: 527c4dc4
version: 2.19.3
monitoring-daemon:
version: 0.16.1-7d506f0-rc1
monitoring-third-party:
version: 0.16.1-7d506f0-rc1
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory
Armory
Dinghy™ - 16cebe7…e691b529
- feat(vendor): upgrade base dinghy, but don’t upgrade go-gitlab (#204) (#205)
- chore(build): update Dinghy (#201) (#202)
- fix(bump): Autobump armory commons and spinnaker release (#199) (#200)
- fix(templates): allow separate template orgs (#198)
- chore(build): fixing up some local build experience things (#193)
- fix(build): explicitly add dockerPush to Github Action release flows (#197)
- feat(builds): Revamped Build System (#196)
Terraformer™ - 4ed31a9…f498d00e
- fix(api/createJob): make sure to init a runner (bp #139) (#140)
- fix(api/createJob): handle when savePlanOutput is undefined/null… (#137)
- fix(bump): Autobump armory commons and spinnaker release (#133) (#134)
- feat(command): add savePlanOutput toggle (#131)
- fix(security): bump golang version
- fix(security): bump golang version
- fix(security): bump golang version (#132)
- feat(builds): Revamped Build System (#130)
Armory Clouddriver - 40c9a8c…07ce2a12
- fix(clouddriver.yaml): copied from 1.19.x (bp #94) (#95)
- fix(bump): Autobump armory commons and spinnaker release (#92) (#93)
- release(2.19.x): new release (#89)
- fix(dockerfile): reverting awscli version to 1.16.314 to fix integration tests (#87)
- chore(docker): update to python3 (#86)
- fix(cve): update awscli=1.18.13 so we can use PyYAML=5.3.1 (#85)
- chore(cve): Upgrading Spring version to fix critical CVE vulnerabilities (#83)
- release(java11): Java 11 now (#78)
- fix(jvm): Java 11 and gradle plugin update (#74) (#75)
- working on triggering a release
- feat(builds): Revamped Build System #63 (#64)
- fix(policyEngine): only call out to OPA for valid operation descr… (#68)
- fix(docker): Bump to Python3 for AWS CLI and Google SDK (#69)
- fix(policyEngine): only call out to OPA for valid operation descr… (#66)
- fix(policyEngine): don’t fail when OPA returns unknown JSON fields (#62)
- fix(policyEngine): don’t fail when OPA returns unknown JSON fields (#61)
- feat(policyEngine): add runtime validation features to release (#58)
- fix(policyEngine): fix logging (#56)
- feat(policyEngine): deployment validation call to opa (#55)
- feat(policyEngine): add base classes for deployment validation (#53)
- chore(release): bump versions for kork, armory-commons, oss service (#52)
- chore(release): bump versions for kork, armory-commons, oss service (#51)
- chore(release): bump versions for kork, armory-commons, oss service (#51)
- release(2.18.0): Initial release
Armory Deck - 367a2b6…5c34e55b
- fix(bump): Autobump armory commons and spinnaker release (#583) (#584)
- feat(terraformer): save output (#581)
- chore(terraform): fix broken link in help text (#580)
- feat(builds): Revamped Build System (#577)
- Delete main.yml (#579)
- chore(github-actions): adding workflow through ui
- feature(terraformer): removed SYSTEM_DEFINED option from Terraform version dropdown menu, and made the latest version selected by default (#573)
- feature(terraformer): added profile selection to the Terraformer stage (#576)
- chore(terraformer): merge terraformer features into release (#574)
- chore(plugins): removed old plugin code now that it is in OSS (#564)
- chore(UI): Update Terraformer UI text and help text (#572)
- feature(terraformer): added profile selection to the Terraformer stage form (#571)
Armory Echo - 925793f…9ac67cce
- feat(dinghy): Support for webhook secrets in dinghy (bp #138) (#145)
- fix(echo.yaml): copied from 1.19.x (#143) (#144)
- fix(bump): Autobump armory commons and spinnaker release (#141) (#142)
- release(2.19.x): Release 2.19.x (#137)
- fix(build): Restrict Hibernate validator to 6.1.x (#130) (#134)
- fix(cve): upgrade sprint, tomcat, jackson-databind (#131)
- chore(commons): Bump armory commons (#126) (#127)
- Readme
- feat(builds): Revamped Build System (#125)
- fix(build): change scope for rest config (#124)
- fix(compile): Fix build due to different scope for rest config (#123)
- chore(releaes): account for drift with 1.18.x (#122)
- fix(compile): Fix build due to different scope for rest config (#123)
- release(2_18): Initial release
Armory Fiat - 6bc50c7…a75473f4
- release(2.19.x): Release 2.19.x (#41)
- chore(commons): Armory commons bump (#36) (#37)
- chore(cve): upgrade spring, tomcat, jackson-databind, commons-collections deps (#39)
- feat(build): update project to new build system (#35)
- chore(release): bump versions for kork, armory-commons, oss service (#34)
- chore(release): bump versions for kork, armory-commons, oss service (#34)
- release(2_18): Initial release
Armory Front50 - ed17bd1…51451737
- fix(bump): Autobump armory commons and spinnaker release (#46) (#47)
- release(2.19.x): Release 2.19.x (#43)
- fix(dependencies): cve fixes (#41)
- armory commons updates (#38) (#39)
- feat(build): update project to new build system (#37)
- fix(policyEngine): don’t fail when OPA returns unknown JSON fields (#36)
- fix(policyEngine): don’t fail when OPA returns unknown JSON fields (#35)
- chore(opa): merge policy engine features into release (#34)
- chore(msgs): update policy engine msgs (#33)
- fix(opa): re-add log that was prev removed (#32)
Armory Gate - 23b4000…771300da
- fix(bump): Autobump armory commons and spinnaker release (#100) (#101)
- release(2.19.x): Release from master (#97)
- chore(cve): upgrade spring, tomcat, jackson-databind deps (#95)
- release(2.19.2): New release jdk 11 (#93)
- Removed jenkins from readme to trigger release
- feat(build): update project to new build system (#90)
- feature(terraformer-profiles): Added Terraformer profile proxy endpoint (#88) (#89)
- feature(terraformer-profiles): Added Terraformer profile proxy endpoint (#88)
Armory Igor - 2066eb2…360d9491
- fix(bump): Autobump armory commons and spinnaker release (#51) (#52)
- fix(bump): Autobump armory commons and spinnaker release (#46) (#47)
- fix(build): fixes CVE-2020-5398, CVE-2020-1938, CVE-2020-8840 (#45)
- feat(build): update project to new build system (#43)
- fix igor (#42)
- fix igor (#41)
Armory Kayenta - c02d436…527c4dc4
- fix(bump): Autobump armory commons and spinnaker release (#54) (#55)
- fix(bump): Autobump armory commons and spinnaker release (#50) (#51)
- chore(cve): upgrade spring, tomcat, jackson-databind deps (#49)
- feat(build): update project to new build system (#47)
Armory Orca - a0c169e…685ae010
- fix(terraformer): just pass through the var instead of setting it… (#87)
- fix(orca.yaml): copied from 1.19.x (bp #84) (#85)
- fix(bump): Autobump armory commons and spinnaker release (#82) (#83)
- chore(config): update default redis endpoint (#78) (#79)
- feat(terraformer): add save toggle config (#72) (#74)
- release(2.19.x): Release 2.19.x (#77)
- fix(dependencies): cve fixes (#75)
- feat(build): update project to new build system (#70)
- fix(orca): Missing library (#66) …Jaxb orca (#69)
- Fix for wrong library for distribution (#67)
- fix(orca): Missing library (#66)
- fix(runs): Orca was missing a lib with kotlin changes it seems (#65)
- fix(terraform): fix terraform monitor task (#64)
Armory Rosco - 8f59952…6e6f34c3
- fix(bump): Autobump armory commons and spinnaker release (#38) (#39)
- fix(bump): Autobump armory commons and spinnaker release (#35) (#36)
- chore(cve): upgrade spring, tomcat, jackson-databind deps (#34)
- feat(build): update project to new build system (#32)
Spinnaker Community Contributions
See the Open Source Spinnaker Release Notes for the versions included in this release:
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.