Armory Docs – Armory Continuous Deployment Release Notes

Continuous-Deployment: v2.36.9 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Wed, 01 Apr 2026 00:00:00 +0000

2026-04-01 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

Important

Armory Operator has been deprecated and is considered EOL. Please migrate to the Kustomize method of deployment.

To install, upgrade, or configure Armory CD 2.36.9, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Echo Filter enabled pipelines feature

Spinnaker OSS Version 1.31.0 introduced a feature to filter pipelines from front50, that was disabled by default. Version 1.35.0 enabled it by default, which is not recommended and can cause issues with automated triggers. In Armory CD 2.36.2 we recommend to explicitly disable this feature by setting the following configuration:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

Clouddriver: Redis scheduler configuration validation

Clouddriver now validates Redis scheduler configuration keys more strictly at startup:

Legacy scalar redis.scheduler is rejected.
Legacy redis.parallelism is rejected.
Use nested keys under redis.scheduler.*.

Before:

redis:
 scheduler: default
 parallelism: -1

After:

redis:
 scheduler:
 enabled: true
 type: default
 parallelism: -1

If redis.scheduler.type is missing or blank, Clouddriver defaults to default for compatibility.

Security hardening: URL restriction validation for artifacts and webhooks

This release includes fixes that improve validation around user-supplied Git repository inputs used by GitRepo artifacts.

This release tightens URL host validation for artifact accounts and Orca webhook URL restrictions:

Validation now uses parsed host handling (HttpUrl.host()) instead of authority fallback parsing.
This prevents authority/userinfo patterns from bypassing hostname checks.
URL handling for underscore hostnames and IPv6 input is stricter and more predictable.

If you use uncommon URL formats (for example userinfo segments, unbracketed IPv6 literals, or underscore-based hosts), test those paths after upgrade.

Clouddriver SQL cache: sharding-aware unknown-agent cleanup

SqlUnknownAgentCleanupAgent now respects shard ownership and includes additional safety controls to avoid cross-pod or startup-race cleanup behavior in SQL cache environments.

Key updates:

The cleanup agent remains opt-in and disabled by default.
The cleanup agent is only created when sql.read-only=false.
Cleanup skips when sharding state is uninitialized or misconfigured.
New controls include minRecordAgeSeconds, dryRun, and excludedDataTypes.

Configuration:

sql:
 unknown-agent-cleanup-agent:
 enabled: false
 pollIntervalSeconds: 120
 timeoutSeconds: 60
 minRecordAgeSeconds: 300
 deleteBatchSize: 100
 dryRun: false
 excludedDataTypes: []

HA deployment guidance

In HA mode, enable sql.unknown-agent-cleanup-agent.enabled: true only on Clouddriver caching pods.

For caching pods:

sql:
 unknown-agent-cleanup-agent:
 enabled: true

For all non-caching Clouddriver pods:

sql:
 unknown-agent-cleanup-agent:
 enabled: false

Clouddriver cache sharding: pluggable strategy and key extraction

Cache sharding now supports pluggable strategies and key extractors for Redis and SQL sharding observers:

strategy: modulo (default, preserves legacy ownership mapping)
strategy: canonical-modulo (canonical positive modulo)
strategy: jump (jump consistent hash, less key movement during scale events)
sharding-key: account | region | agent

Defaults remain strategy: modulo and sharding-key: account, so existing behavior is preserved unless you opt in to a different strategy/key.

Configuration:

cache-sharding:
 strategy: modulo
 sharding-key: account
 replica-ttl-seconds: 60
 heartbeat-interval-seconds: 30

SqlCachingPodsObserver also resets to a fail-open state on heartbeat/topology refresh failure to avoid stale routing decisions.

Clouddriver: Redis Priority Scheduler (opt-in)

A new Redis-based priority scheduler is available for Clouddriver caching agents.

Key points:

Uses Redis sorted sets and Lua scripts for atomic scheduling transitions.
Adds cleanup services (zombie/orphan), circuit breakers, and richer scheduler observability.
Requires Redis 6.2+ (ZMSCORE).

Enablement:

redis:
 scheduler:
 enabled: true
 type: priority
 agent:
 max-concurrent-agents: 100

Migration notes:

Legacy scalar redis.scheduler and legacy redis.parallelism are rejected.
redis.scheduler.parallelism is ignored in priority mode.
Use redis.agent.max-concurrent-agents to control concurrency for priority mode.
redis.agent.disabledAgents is ignored in priority mode; use redis.agent.disabled-pattern.

AWS JDBC Driver Update

The AWS JDBC driver has been updated from the deprecated aws-mysql-jdbc driver (version 1.0.0) to the AWS Advanced JDBC Wrapper.

This update adds support for IAM authentication with AWS Aurora Global Database endpoints. The previous driver did not support global database endpoint format (*.global.rds.amazonaws.com) when using IAM authentication, resulting in the error:

java.sql.SQLException: Unsupported AWS hostname '<hostname>.global.rds.amazonaws.com'.
Amazon domain name in format *.AWS-Region.rds.amazonaws.com is expected

Note: Standard database connections (without IAM authentication) continue to work as before and do not require any configuration changes.

Affected services: Front50, Orca, Clouddriver, Fiat

Configuration for IAM Authentication with Aurora Global Database

If you are using IAM authentication and want to connect to Aurora Global Database endpoints, update your JDBC connection string:

New JDBC URL format:

jdbc:aws-wrapper:mysql://<GLOBAL_ENDPOINT>:<PORT>/<DATABASE>?wrapperPlugins=iam&globalClusterInstanceHostPatterns=?.<CLUSTER_IDENTIFIER>.<REGION1>.rds.amazonaws.com,?.<CLUSTER_IDENTIFIER>.<REGION2>.rds.amazonaws.com&iamRegion=<CURRENT_REGION>

Example: If your Aurora Global Database has:

Global endpoint: mydb-global.global-xxxxx.global.rds.amazonaws.com
Primary (us-west-2): mydb.cluster-abc123.us-west-2.rds.amazonaws.com
Secondary (us-east-1): mydb.cluster-abc123.us-east-1.rds.amazonaws.com

Configure the JDBC URL as:

jdbc:aws-wrapper:mysql://mydb-global.global-xxxxx.global.rds.amazonaws.com:3306/front50?wrapperPlugins=iam&globalClusterInstanceHostPatterns=?.cluster-abc123.us-west-2.rds.amazonaws.com,?.cluster-abc123.us-east-1.rds.amazonaws.com&iamRegion=us-west-2

Observability Plugin Update

The Armory Observability plugin has been updated to version 1.6.1 to resolve compatibility issues with the new AWS JDBC wrapper.

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

Starting in Armory Continuous Deployment 2.36.6, we have enabled to capability to filter/restrict urls that can be accessed per artifact accounts. This feature provides a safeguard around user input of remote urls when artifact accounts are in used in the context of a pipeline execution.

An example configuration can be found below which can be added per artifact account (http, github, helm):

artifacts:
 http:
 enabled: true
 accounts:
 - name: http_account
 urlRestrictions:
 allowedDomains:
 - mydomain.com
 - raw.github.com
 - api.github.com
 rejectLocalhost: true #default value
 rejectLinkLocal: true #default value
 rejectVerbatimIps: true #default value
 rejectedIps: [] #default value

By default the configuration blocks any local CIDR ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), localhost, link local and raw IPs. For full configuration details please refer to this configuration class

Armory Continuous Deployment 2.36.2 onwards Docker images now based on Ubuntu

The Armory Continuous Deployment 2.36.2 Docker images have been updated to use Ubuntu as the base image, replacing the previous Alpine base. This change enhances compatibility with various libraries and tools, improving overall stability and performance. Additionally, the new images now include all the necessary dependencies for authentication on a Kebreros server.

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

In Spinnaker OSS release 1.35.0 Orca introduced a feature flag to reduce the execution size in nested pipelines by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When enabled, child pipeline execution ids are stored in sql instead of the entire child pipeline execution context.

In Armory CD 2.36.2 this functionality is now extended to make the in-memory representation of the pipelines aware of the pipeline reference and to not load in-memory a full representation of the pipeline context. To enable this feature in Deck add the following in settings-local.js:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.pipelineRefEnabled = true;
 ... 

Orca PR 4842 Deck PR 10164

New pipeline stage configuration `backOffPeriodMs`

A new configuration option backOffPeriodMs has been added to the pipeline stage configuration. This option allows users to specify a back-off period in milliseconds for stages that may need to retry operations after a failure. Before this, pipeline authors had no control over the backoff period. It came from either spinnaker configuration properties or implementations of RetryableTask.getDynamicBackoffPeriod.

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks.global.backOffPeriod:
 tasks.<cloud provider>.backOffPeriod:
 tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Java upgrades

Java 17 is now the default source and target. Java 11 support has been removed entirely. Please note you may need to add the following JAVA_OPTS options: --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED to clouddriver if using GCP accounts due to credentials parsing of certificates. These can set in the service-settings config . These configs are likely to be added to the defaults in all future releases

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

These enhancements significantly reduce pipeline execution time, with the most notable gains observed in dense pipeline graphs. For example, in the ComplexPipeline.kt test scenario, execution time improved from not completing at all to approximately 160ms.

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

Adds a new enpdoint, POST /pipelines/bulksave, which can take a list of pipeline configurations to save. The endpoint will return a response that indicates how many of the saves were successful, how many failed, and what the failures are. The structure is

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

There are a few config knobs which control some bulk save functionality. The gate endpoint invokes an orca asynchronous process to manage saving the pipelines and polls until the orca operations are complete.

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

The Orca PR 4788 introduced a new CheckIfApplicationExists task that is added to various pipeline stages to check if the application defined in the pipeline stage context is known to front50 and/or clouddriver. The following config knobs are provided so that all of these stages can be individually configured to not perform this check if needed. Default value is set to false for all of them.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

Separate config knobs are also provided at the AbstractCheckIfApplicationExistsTask level to determine if clouddriver needs to be queried for the application or not. It is by default set to true, so it is an opt-out capability. the config property is:

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

This feature runs in audit mode by default which means if checkIfApplicationExistsTask finds no application, a warning message is logged. But when audit mode is disabled through the following property, pipelines fail if application is not found:

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

Batch update operation in front50 is now atomic. Deserialization issues are addressed. Configurable controls are added to decide whether cache should be refreshed while checking for duplicate pipelines:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

Armory CD 2.36.9 tracks the latest published upstream 1.36.x patch line.

Upstream references:

Notable upstream changes:

Clouddriver: improved ECS target-group health evaluation and several AWS/GCP reliability fixes.
Gate/Echo: SAML signing behavior fix and duplicate manual-judgment notification fix.
Clouddriver (Google): async operation retry/status polling to prevent progressing pipeline tasks before cloud operations settle.
Clouddriver (GitRepo artifacts): validation fixes around user input and repository URL handling (backports #7542, #7564).

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.36.9
timestamp: 2026-04-01
services:
clouddriver:
version: 2.36.9
commit: 6deeb3c2a0f57149a595698ba3f2b83a2be8e36f
deck:
version: 2.36.9
commit: 54a2aada8cb187554536daeb8b8b2858714d1afe
dinghy:
version: 2.36.9
commit: d36fdf5b496b18212275686d4c9069d72c9dbeb1
echo:
version: 2.36.9
commit: 9ff1559a08ed6851c036ff1f51bde20e1eb36248
fiat:
version: 2.36.9
commit: e77853e0322014f3b3f8911d9d6f2431830c192c
front50:
version: 2.36.9
commit: 5f8f39172e88b3abe49bab28e2fcb786b8653bf0
gate:
version: 2.36.9
commit: f99a459232f70e19a719a1962f7c6fcee9218750
igor:
version: 2.36.9
commit: 30cab7aaabdfe08c05c37146ab644555cf413513
kayenta:
version: 2.36.9
commit: 2ce818eed3873004412758a0f731cf8420df8594
orca:
version: 2.36.9
commit: 178d4b576e7b8136c42e0baa108cbf2730f6cec8
rosco:
version: 2.36.9
commit: 8e35f1c3560b3b8f7de6fc4a35718b4aee98a47c
terraformer:
version: 2.36.9
commit: 8453d42107fda5f0c315c8459f523e9182805832
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Clouddriver - 2.36.8…2.36.9

fix(validation): Fixes some validation around user inputs (upstream #7542)
fix(gitrepo): Fix git repo with some odd character combinations (upstream #7564)

Armory Fiat - 2.36.8…2.36.9

Armory Front50 - 2.36.8…2.36.9

Armory Orca - 2.36.8…2.36.9

Armory Igor - 2.36.8…2.36.9

Terraformer™ - 2.36.8…2.36.9

Armory Rosco - 2.36.8…2.36.9

Armory Gate - 2.36.8…2.36.9

Armory Echo - 2.36.8…2.36.9

Armory Deck - 2.36.8…2.36.9

Armory Kayenta - 2.36.8…2.36.9

Dinghy™ - 2.36.8…2.36.9

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.36.8 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Thu, 05 Mar 2026 00:00:00 +0000

2026-03-05 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

Important

Armory Operator has been deprecated and is considered EOL. Please migrate to the Kustomize method of deployment.

To install, upgrade, or configure Armory CD 2.36.8, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Echo Filter enabled pipelines feature

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

Clouddriver: Redis scheduler configuration validation

Clouddriver now validates Redis scheduler configuration keys more strictly at startup:

Legacy scalar redis.scheduler is rejected.
Legacy redis.parallelism is rejected.
Use nested keys under redis.scheduler.*.

Before:

redis:
 scheduler: default
 parallelism: -1

After:

redis:
 scheduler:
 enabled: true
 type: default
 parallelism: -1

If redis.scheduler.type is missing or blank, Clouddriver defaults to default for compatibility.

Security hardening: URL restriction validation for artifacts and webhooks

This release tightens URL host validation for artifact accounts and Orca webhook URL restrictions:

Validation now uses parsed host handling (HttpUrl.host()) instead of authority fallback parsing.
This prevents authority/userinfo patterns from bypassing hostname checks.
URL handling for underscore hostnames and IPv6 input is stricter and more predictable.

If you use uncommon URL formats (for example userinfo segments, unbracketed IPv6 literals, or underscore-based hosts), test those paths after upgrade.

Clouddriver SQL cache: sharding-aware unknown-agent cleanup

SqlUnknownAgentCleanupAgent now respects shard ownership and includes additional safety controls to avoid cross-pod or startup-race cleanup behavior in SQL cache environments.

Key updates:

The cleanup agent remains opt-in and disabled by default.
The cleanup agent is only created when sql.read-only=false.
Cleanup skips when sharding state is uninitialized or misconfigured.
New controls include minRecordAgeSeconds, dryRun, and excludedDataTypes.

Configuration:

sql:
 unknown-agent-cleanup-agent:
 enabled: false
 pollIntervalSeconds: 120
 timeoutSeconds: 60
 minRecordAgeSeconds: 300
 deleteBatchSize: 100
 dryRun: false
 excludedDataTypes: []

HA deployment guidance

In HA mode, enable sql.unknown-agent-cleanup-agent.enabled: true only on Clouddriver caching pods.

For caching pods:

sql:
 unknown-agent-cleanup-agent:
 enabled: true

For all non-caching Clouddriver pods:

sql:
 unknown-agent-cleanup-agent:
 enabled: false

Clouddriver cache sharding: pluggable strategy and key extraction

Cache sharding now supports pluggable strategies and key extractors for Redis and SQL sharding observers:

strategy: modulo (default, preserves legacy ownership mapping)
strategy: canonical-modulo (canonical positive modulo)
strategy: jump (jump consistent hash, less key movement during scale events)
sharding-key: account | region | agent

Defaults remain strategy: modulo and sharding-key: account, so existing behavior is preserved unless you opt in to a different strategy/key.

Configuration:

cache-sharding:
 strategy: modulo
 sharding-key: account
 replica-ttl-seconds: 60
 heartbeat-interval-seconds: 30

SqlCachingPodsObserver also resets to a fail-open state on heartbeat/topology refresh failure to avoid stale routing decisions.

Clouddriver: Redis Priority Scheduler (opt-in)

A new Redis-based priority scheduler is available for Clouddriver caching agents.

Key points:

Uses Redis sorted sets and Lua scripts for atomic scheduling transitions.
Adds cleanup services (zombie/orphan), circuit breakers, and richer scheduler observability.
Requires Redis 6.2+ (ZMSCORE).

Enablement:

redis:
 scheduler:
 enabled: true
 type: priority
 agent:
 max-concurrent-agents: 100

Migration notes:

Legacy scalar redis.scheduler and legacy redis.parallelism are rejected.
redis.scheduler.parallelism is ignored in priority mode.
Use redis.agent.max-concurrent-agents to control concurrency for priority mode.
redis.agent.disabledAgents is ignored in priority mode; use redis.agent.disabled-pattern.

AWS JDBC Driver Update

The AWS JDBC driver has been updated from the deprecated aws-mysql-jdbc driver (version 1.0.0) to the AWS Advanced JDBC Wrapper.

java.sql.SQLException: Unsupported AWS hostname '<hostname>.global.rds.amazonaws.com'.
Amazon domain name in format *.AWS-Region.rds.amazonaws.com is expected

Note: Standard database connections (without IAM authentication) continue to work as before and do not require any configuration changes.

Affected services: Front50, Orca, Clouddriver, Fiat

Configuration for IAM Authentication with Aurora Global Database

If you are using IAM authentication and want to connect to Aurora Global Database endpoints, update your JDBC connection string:

New JDBC URL format:

jdbc:aws-wrapper:mysql://<GLOBAL_ENDPOINT>:<PORT>/<DATABASE>?wrapperPlugins=iam&globalClusterInstanceHostPatterns=?.<CLUSTER_IDENTIFIER>.<REGION1>.rds.amazonaws.com,?.<CLUSTER_IDENTIFIER>.<REGION2>.rds.amazonaws.com&iamRegion=<CURRENT_REGION>

Example: If your Aurora Global Database has:

Global endpoint: mydb-global.global-xxxxx.global.rds.amazonaws.com
Primary (us-west-2): mydb.cluster-abc123.us-west-2.rds.amazonaws.com
Secondary (us-east-1): mydb.cluster-abc123.us-east-1.rds.amazonaws.com

Configure the JDBC URL as:

jdbc:aws-wrapper:mysql://mydb-global.global-xxxxx.global.rds.amazonaws.com:3306/front50?wrapperPlugins=iam&globalClusterInstanceHostPatterns=?.cluster-abc123.us-west-2.rds.amazonaws.com,?.cluster-abc123.us-east-1.rds.amazonaws.com&iamRegion=us-west-2

Observability Plugin Update

The Armory Observability plugin has been updated to version 1.6.1 to resolve compatibility issues with the new AWS JDBC wrapper.

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

An example configuration can be found below which can be added per artifact account (http, github, helm):

artifacts:
 http:
 enabled: true
 accounts:
 - name: http_account
 urlRestrictions:
 allowedDomains:
 - mydomain.com
 - raw.github.com
 - api.github.com
 rejectLocalhost: true #default value
 rejectLinkLocal: true #default value
 rejectVerbatimIps: true #default value
 rejectedIps: [] #default value

Armory Continuous Deployment 2.36.2 onwards Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

In Spinnaker OSS release 1.35.0 Orca introduced a feature flag to reduce the execution size in nested pipelines by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When enabled, child pipeline execution ids are stored in sql instead of the entire child pipeline execution context.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.pipelineRefEnabled = true;
 ... 

Orca PR 4842 Deck PR 10164

New pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks.global.backOffPeriod:
 tasks.<cloud provider>.backOffPeriod:
 tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

Armory CD 2.36.8 tracks the latest published upstream 1.36.x patch line.

Upstream references:

Notable upstream changes:

Clouddriver: improved ECS target-group health evaluation and several AWS/GCP reliability fixes.
Gate/Echo: SAML signing behavior fix and duplicate manual-judgment notification fix.
Clouddriver (Google): async operation retry/status polling to prevent progressing pipeline tasks before cloud operations settle.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.36.8
timestamp: 2026-03-05
services:
clouddriver:
version: 2.36.8
commit: 9238966167d0036449c1cf1610d4e40d30a59a95
deck:
version: 2.36.8
commit: 54a2aada8cb187554536daeb8b8b2858714d1afe
dinghy:
version: 2.36.8
commit: d36fdf5b496b18212275686d4c9069d72c9dbeb1
echo:
version: 2.36.8
commit: c7a79f742083c508cd28330814925e8f3906d067
fiat:
version: 2.36.8
commit: e77853e0322014f3b3f8911d9d6f2431830c192c
front50:
version: 2.36.8
commit: 5f8f39172e88b3abe49bab28e2fcb786b8653bf0
gate:
version: 2.36.8
commit: f99a459232f70e19a719a1962f7c6fcee9218750
igor:
version: 2.36.8
commit: 30cab7aaabdfe08c05c37146ab644555cf413513
kayenta:
version: 2.36.8
commit: 2ce818eed3873004412758a0f731cf8420df8594
orca:
version: 2.36.8
commit: 178d4b576e7b8136c42e0baa108cbf2730f6cec8
rosco:
version: 2.36.8
commit: 8e35f1c3560b3b8f7de6fc4a35718b4aee98a47c
terraformer:
version: 2.36.8
commit: 8453d42107fda5f0c315c8459f523e9182805832
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Clouddriver - 2.36.7…2.36.8

fix(validation): URL validation hardening on underscore/authority handling (upstream #7428)
fix(cats-sql): make SqlUnknownAgentCleanupAgent sharding-aware (upstream #7431)
refactor(sharding): pluggable sharding strategy for caching pods (upstream #7432)
feat(scheduler): add Redis priority scheduler (upstream #7433)

Armory Fiat - 2.36.7…2.36.8

Armory Front50 - 2.36.7…2.36.8

Armory Orca - 2.36.7…2.36.8

fix(validation): URL restriction parsing/validation alignment for webhook restrictions (upstream #7428)

Armory Igor - 2.36.7…2.36.8

Terraformer™ - 2.36.7…2.36.8

Armory Rosco - 2.36.7…2.36.8

Armory Gate - 2.36.7…2.36.8

Armory Echo - 2.36.7…2.36.8

Armory Deck - 2.36.7…2.36.8

Armory Kayenta - 2.36.7…2.36.8

Dinghy™ - 2.36.7…2.36.8

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.36.7 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Tue, 20 Jan 2026 00:00:00 +0000

2026-01-20 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

Important

Armory Operator has been deprecated and will is considered EOL. Please migrate to the Kustomize method of deployment.

To install, upgrade, or configure Armory CD 2.36.7, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Echo Filter enabled pipelines feature

Spinnaker OSS Version 1.31.0 introduced a feature to filter pipelines from front50 , that was disabled by default. Version 1.35.0 enabled it by default , which is not recommended and can cause issues with automated triggers. In Armory CD 2.36.2 we recommend to explicitly disable this feature by setting the following configuration:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

AWS JDBC Driver Update

The AWS JDBC driver has been updated from the deprecated aws-mysql-jdbc driver (version 1.0.0) to the AWS Advanced JDBC Wrapper.

java.sql.SQLException: Unsupported AWS hostname '<hostname>.global.rds.amazonaws.com'.
Amazon domain name in format *.AWS-Region.rds.amazonaws.com is expected

Note: Standard database connections (without IAM authentication) continue to work as before and do not require any configuration changes.

Affected services: Front50, Orca, Clouddriver, Fiat

Configuration for IAM Authentication with Aurora Global Database

If you are using IAM authentication and want to connect to Aurora Global Database endpoints, update your JDBC connection string:

New JDBC URL format:

jdbc:aws-wrapper:mysql://<GLOBAL_ENDPOINT>:<PORT>/<DATABASE>?wrapperPlugins=iam&globalClusterInstanceHostPatterns=?.<CLUSTER_IDENTIFIER>.<REGION1>.rds.amazonaws.com,?.<CLUSTER_IDENTIFIER>.<REGION2>.rds.amazonaws.com&iamRegion=<CURRENT_REGION>

Example: If your Aurora Global Database has:

Global endpoint: mydb-global.global-xxxxx.global.rds.amazonaws.com
Primary (us-west-2): mydb.cluster-abc123.us-west-2.rds.amazonaws.com
Secondary (us-east-1): mydb.cluster-abc123.us-east-1.rds.amazonaws.com

Configure the JDBC URL as:

jdbc:aws-wrapper:mysql://mydb-global.global-xxxxx.global.rds.amazonaws.com:3306/front50?wrapperPlugins=iam&globalClusterInstanceHostPatterns=?.cluster-abc123.us-west-2.rds.amazonaws.com,?.cluster-abc123.us-east-1.rds.amazonaws.com&iamRegion=us-west-2

Observability Plugin Update

The Armory Observability plugin has been updated to version 1.6.1 to resolve compatibility issues with the new AWS JDBC wrapper.

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

An example configuration can be found below which can be added per artifact account (http, github, helm):

artifacts:
 http:
 enabled: true
 accounts:
 - name: http_account
 urlRestrictions:
 allowedDomains:
 - mydomain.com
 - raw.github.com
 - api.github.com
 rejectLocalhost: true #default value
 rejectLinkLocal: true #default value
 rejectVerbatimIps: true #default value
 rejectedIps: [] #default value

Armory Continuous Deployment 2.36.2 onwards Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

In Spinnaker OSS release 1.35.0 Orca introduced a feature flag to reduce the execution size in nested pipelines by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When enabled, child pipeline execution ids are stored in sql instead of the entire child pipeline execution context.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.pipelineRefEnabled = true;
 ... 

Orca PR 4842 Deck PR 10164

New pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks.global.backOffPeriod:
 tasks.<cloud provider>.backOffPeriod:
 tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.36.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.36.7
timestamp: 2026-01-20
services:
clouddriver:
version: 2.36.7
commit: c9451cca2524917629b37d6607e92c8256dbe864
deck:
version: 2.36.7
commit: 54a2aada8cb187554536daeb8b8b2858714d1afe
dinghy:
version: 2.36.7
commit: d36fdf5b496b18212275686d4c9069d72c9dbeb1
echo:
version: 2.36.7
commit: c7a79f742083c508cd28330814925e8f3906d067
fiat:
version: 2.36.7
commit: e77853e0322014f3b3f8911d9d6f2431830c192c
front50:
version: 2.36.7
commit: 5f8f39172e88b3abe49bab28e2fcb786b8653bf0
gate:
version: 2.36.7
commit: f99a459232f70e19a719a1962f7c6fcee9218750
igor:
version: 2.36.7
commit: 30cab7aaabdfe08c05c37146ab644555cf413513
kayenta:
version: 2.36.7
commit: 2ce818eed3873004412758a0f731cf8420df8594
orca:
version: 2.36.7
commit: b0fc054bcaa0a633c13f069bd67f19a90f6eb6c2
rosco:
version: 2.36.7
commit: 8e35f1c3560b3b8f7de6fc4a35718b4aee98a47c
terraformer:
version: 2.36.7
commit: 8453d42107fda5f0c315c8459f523e9182805832
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Clouddriver - 2.36.6…2.36.7

Armory Fiat - 2.36.6…2.36.7

Armory Front50 - 2.36.6…2.36.7

Armory Orca - 2.36.6…2.36.7

Armory Igor - 2.36.6…2.36.7

Terraformer™ - 2.36.6…2.36.7

Armory Rosco - 2.36.6…2.36.7

Armory Gate - 2.36.6…2.36.7

Armory Echo - 2.36.6…2.36.7

Armory Deck - 2.36.6…2.36.7

Armory Kayenta - 2.36.6…2.36.7

Dinghy™ - 2.36.6…2.36.7

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.38.1 Armory Continuous Deployment Release (Spinnaker™ v2025.2.2)

Wed, 29 Oct 2025 00:00:00 +0000

2025-10-29 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

Important

Armory Operator has been deprecated and will is considered EOL. Please migrate to the Kustomize method of deployment.

To install, upgrade, or configure Armory CD 2.38.1, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Gate: Spring Security 5 Oauth2 Migration

Armory CD 2.38.0 removes deprecate Oauth2 annotations and uses Spring Security 5 DSL. In order to configure oauth2 in gate-local.yml have changed to:

Google Oauth configuration

spring:
 security:
 oauth2:
 client:
 registration:
 google:
 client-id: <client-id>
 client-secret: <client-secret>
 authorization-grant-type: authorization_code
 redirect-uri: "https://<your-domain>/login/oauth2/code/google"
 scope: profile,email,openid
 client-name: google
 provider:
 google:
 authorization-uri: https://accounts.google.com/o/oauth2/auth
 token-uri: https://oauth2.googleapis.com/token
 user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo
 user-name-attribute: sub

Github Oauth2 configuration

spring:
 security:
 oauth2:
 client:
 registration:
 userInfoMapping:
 email: email
 firstName: ''
 lastName: name
 username: login
 github:
 client-id: <client-id>
 client-secret: <client-secret>
 authorization-grant-type: authorization_code
 redirect-uri: "https://<your-domain>/login/oauth2/code/github"
 scope: user,email
 client-name: github
 provider:
 github:
 authorization-uri: https://github.com/login/oauth/authorize
 token-uri: https://github.com/login/oauth/access_token
 user-info-uri: https://api.github.com/user
 user-name-attribute: login

Orca: Tasks configuration changes

The following configuration properties have been restructured in orca-local.yml:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Orca: Performance Improvements for SQL Backend

Policy Engine (OPA) is now built into Armory CD

The Policy Engine is now built into the Armory CD distribution. The Armory.PolicyEngine plugin and the armory.opa configuration block are replaced by a native armory.policy-engine block. Remove the Armory.PolicyEngine plugin from spinnaker.extensibility.plugins in every service that had it configured and update the configuration block in clouddriver-local.yml, front50-local.yml, and any other service profile that references OPA:

armory:
 opa:
 enabled: true
 url: http://opa-server.opa:8181/v1

New:

armory:
 policy-engine:
 enabled: true
 baseurl: http://opa-server.opa:8181/v1

The OPA server deployment and policies are unchanged.

Kubernetes Agent (Kubesvc) is now built into Armory CD

The Scale Agent plugin (Armory.Kubesvc) is now built into the Armory CD Clouddriver image. The plugin, its repository, and the top-level kubesvc: configuration block must be replaced by the native armory.kubesvc: block in clouddriver-local.yml:

kubesvc:
 cluster: kubernetes
 # ...remaining kubesvc settings...

spinnaker:
 extensibility:
 plugins:
 Armory.Kubesvc:
 enabled: true
 version: 0.16.2
 extensions:
 armory.kubesvc:
 enabled: true
 repositories:
 armory-agent:
 url: https://raw.githubusercontent.com/armory-io/agent-k8s-spinplug-releases/master/repositories.json

New:

armory:
 kubesvc:
 enabled: true
 cluster: kubernetes
 # ...remaining kubesvc settings (unchanged)...

All sub-properties (grpc, cache, heartbeat, operations, credentials) stay the same — only the parent key changes. Remove Armory.Kubesvc from spinnaker.extensibility.plugins and armory-agent from spinnaker.extensibility.repositories. The Armory Agent service deployed in target clusters is unchanged.

Known issues

Highlighted updates

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

Starting in Armory Continuous Deployment 2.36.5, we have enabled to capability to filter/restrict urls that can be accessed per artifact accounts. This feature provides a safeguard around user input of remote urls when artifact accounts are in used in the context of a pipeline execution.

An example configuration for clouddriver-local.yml can be found below which can be added per artifact account (http, github, helm):

artifacts:
 http:
 enabled: true
 accounts:
 - name: http_account
 urlRestrictions:
 allowedDomains:
 - mydomain.com
 - raw.github.com
 - api.github.com
 rejectLocalhost: true #default value
 rejectLinkLocal: true #default value
 rejectVerbatimIps: true #default value
 rejectedIps: [] #default value

Clouddriver: Account management API enhancement for AWS, ECS and GCP accounts

OSS Spinnaker 1.28 introduced the account management API feature for loading, storing, updating, and otherwise managing Clouddriver account configurations from a database. In Armory CD 2.38.x the Account management API has been enhanced to support AWS, ECS and GCP accounts. To enable this functionality please use the following configuration in your clouddriver-local.yml:

account:
 storage:
 enabled: true
 aws:
 enabled: true
 ecs:
 enabled: true
 google:
 enabled: true
credentials: #Enable the credentials poller per provider congifuration enabled in the Account Managment API
 poller:
 enabled: true
 types:
 kubernetes:
 reloadFrequencyMs: 60000
 aws:
 reloadFrequencyMs: 60000
 ecs:
 reloadFrequencyMs: 60000
 google:
 reloadFrequencyMs: 60000

Clouddriver PR7238 Clouddriver PR7247 Clouddriver PR7270

Clouddriver AWS accounts assume-role enhancement

Introduce in OSS Spinnaker 1.37.0 a configurable retry and backoff logic for AWS credentials parsing has been added. Additionally a configurable per account (or default) sessionDurationSeconds property has been added in clouddriver-local.yml.

aws:
 loadAccounts:
 maxRetries: 10
 backOffInMs: 5000
 exponentialBackoff: false
 exponentialBackoffMultiplier: 2
 exponentialBackOffIntervalMs: 10000
 defaultSessionDurationSeconds: (no default value)

PR6342 PR6344

Helm OCI Registry Chart Support

Docker registry provider now supports adding OCI-based registries hosting Helm repositories. This feature allows users to download and bake Helm charts hosted in OCI-compliant registries (such as Docker Hub).

Related PRs:

To enable the Helm OCI support in a Docker Registry account set a list of OCI repositories in the helmOciRepositories of the Docker Registry account configuration. The helmOciRepositories is a list of repository names in the format <registry>/<repository>. For example in your clouddriver-local.yml:

dockerRegistry:
 enabled: true
 primaryAccount: dockerhub # Must be one of the configured docker accounts
 accounts:
 - name: dockerhub
 requiredGroupMembership: []
 providerVersion: V1
 permissions: {}
 address: https://index.docker.io # (Required). The registry address you want to pull and deploy images from; e.g. https://index.docker.io
 username: <username> # Your docker registry email (often this only needs to be well-formed, rather than be a real address)
 password: <password>
 cacheIntervalSeconds: 30 # (Default: 30). How many seconds elapse between polling your docker registry.
 clientTimeoutMillis: 60000 # (Default: 60000). Timeout time in milliseconds for this repository.
 cacheThreads: 1 # (Default: 1). How many threads to cache all provided repos on. Really only useful if you have a ton of repos.
 paginateSize: 100 # (Default: 100). Paginate size for the docker repository _catalog endpoint.
 sortTagsByDate: false # (Default: false). Sort tags by creation date.
 trackDigests: false # (Default: false). Track digest changes. This is not recommended as it consumes a high QPM, and most registries are flaky.
 insecureRegistry: false # (Default: false). Treat the docker registry as insecure (don’t validate the ssl cert).
 repositories:
 - "registry/repository" # (Default: []). An optional list of repositories to cache Docker images from. If not provided, Spinnaker will attempt to read accessible repositories from the registries _catalog endpoint
 helmOciRepositories:
 - "registry/HelmOciRepository" # (Default: []). An optional list of Helm OCI-Based repositories to cache helm charts from.

For every account with non-empty helmOciRepositories list, Clouddriver will cache the Helm charts from the specified OCI repositories.

The cached Helm OCI charts are defined as a new Artifact type named helm/image and can be used to bake Helm OCI-based charts in Spinnaker pipelines.

Defining retention policy for downloaded helm/image charts in Clouddriver

Optionally, users can define a retention policy for Helm OCI charts downloaded in a Clouddriver instance. This functionality is disabled by default and it is useful for users that want to keep a local copy of a Helm OCI based chart without the need to download it every time it is used in a pipeline. The retention policy is defined in the clouddriver-local.yml configuration file:

artifacts:
 helm-oci:
 clone-retention-minutes: 60
 clone-retention-max-bytes: 104857600 # 100MB

clone-retention-minutes: Default: 0. How much time to keep the downloaded helm/image chart. Values are:
- 0: no retention.
- -1: retain forever.
- any whole number of minutes, such as 60.
clone-retention-max-bytes: Default: 104857600 (100 MB). Maximum amount of disk space to use for downloaded helm/image charts. When the maximum amount of space is reached, Clouddriver deletes the clones after returning the artifact to the pipeline, just as if retention were disabled.

Defining Triggers for helm/image artifacts in Spinnaker pipelines

To trigger a Spinnaker pipeline on a new version of a Helm OCI-based chart, users will need to enable the Igor poller for the helm/image artifact type. This can be done by adding the following configuration to the igor-local.yml file:

helm-oci-docker-registry:
 enabled: true

Additionally, a new trigger type (named helm/oci) has been implemented to allow pipelines to be triggered by new versions of helm/image artifacts.

 "triggers": [
 {
 "account": "<accountName>",
 "enabled": true,
 "organization": "<org>",
 "registry": "index.docker.io",
 "repository": "org/repositoryName",
 "type": "helm/oci"
 }
 ],

Orca: Limit the execution retrieval of Disabled pipelines

A new configuration has been added to exclude execution retrieval for disabled pipelines in Front50. This can be enabled in your orca-local.yml with:

tasks:
 controller:
 excludeExecutionsOfDisabledPipelines: false|true # Defaults to false

When enabled, Orca will call Front50 with the enabledPipelines=true query parameter, which returns only the enabled pipelines for an application (Front50 PR1520). This helps reduce load for applications with numerous pipelines, especially when obsolete, disabled pipelines are retained for historical reasons.

Orca PR4819

Front50: Scheduled agent for Disabling unused pipelines

An agent has been introduced to detect and disable unused or unexecuted pipelines within an application. This agent checks pipelines that have not been executed for the past thresholdDays days and disables them in Front50. This feature is only available for SQL execution repositories and is configurable in your front50-local.yml as bellow:

pollers:
 unused-pipelines-disable:
 enabled: false | true # default: false
 intervalSec: 3600 # default: 3600
 thresholdDays: 365 # default: 365
 dryRun: false | true # default: true. When true an info is logged about the intention to disable a pipelineConfigId in the application evaluated

Front50 PR1520

Orca: New Pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period in your orca-local.yml:

tasks.global.backOffPeriod:
tasks.<cloud provider>.backOffPeriod:
tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Orca: Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

Orca PR 4824

Orca: Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

Orca PR 4804

Orca: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration in your orca-local.yml:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

Orca PR 4803

Migration of Retrofit1 to Retrofit2 for all services

Retrofit1 clients from the following spinnaker services have been upgraded to retrofit2. With this release, retrofit2 upgrade of all spinnaker services is completed. Any internal plugins that rely on retrofit1 clients will need to be upgraded to retrofit2.

A new CallAdapter named LegacySignatureCallAdapter has been introduced in Kork to provide support for legacy Retrofit method signatures. This adapter enables the use of Retrofit interfaces that do not return Call<..>, similar to how Retrofit 1 worked. Both Kayenta and Halyard leveraged this feature during their Retrofit 2 upgrades, allowing them to maintain their existing method signatures without wrapping them in Call<..> or using Retrofit2SyncCall.execute()

https://github.com/spinnaker/spinnaker/pull/7088

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the following changelogs for details:

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.38.1
timestamp: 2025-10-29 09:05:22
services:
terraformer:
version: 2.38.1
commit: babaa4704f1df8a6f6b42e533716396c8a0f529b
kayenta:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
clouddriver:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
orca:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
rosco:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
deck:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
igor:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
gate:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
front50:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
dinghy:
version: 2.38.1
commit: babaa4704f1df8a6f6b42e533716396c8a0f529b
fiat:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
echo:
version: 2.38.1
commit: 6ab033ec64526c7742adc04f3093cadbc955d4f7
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.38.0…2.38.1

Terraformer™ - 2.38.0…2.38.1

Armory Rosco - 2.38.0…2.38.1

Armory Gate - 2.38.0…2.38.1

Armory Echo - 2.38.0…2.38.1

Armory Deck - 2.38.0…2.38.1

Armory Orca - 2.38.0…2.38.1

Armory Kayenta - 2.38.0…2.38.1

Dinghy™ - 2.38.0…2.38.1

Armory Front50 - 2.38.0…2.38.1

Armory Clouddriver - 2.38.0…2.38.1

Armory Fiat - 2.38.0…2.38.1

Spinnaker

Spinnaker Igor - 2025.2.2

Spinnaker Rosco - 2025.2.2

Spinnaker Gate - 2025.2.2

Spinnaker Echo - 2025.2.2

Spinnaker Deck - 2025.2.2

Spinnaker Orca - 2025.2.2

Spinnaker Kayenta - 2025.2.2

Spinnaker Front50 - 2025.2.2

Spinnaker Clouddriver - 2025.2.2

Spinnaker Fiat - 2025.2.2

Continuous-Deployment: v2.36.6 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Tue, 21 Oct 2025 00:00:00 +0000

2025-10-21 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

Important

Armory Operator has been deprecated and will is considered EOL. Please migrate to the Kustomize method of deployment.

To install, upgrade, or configure Armory CD 2.36.6, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Echo Filter enabled pipelines feature

Spinnaker OSS Version 1.31.0 introduced a feature to filter pipelines from front50 , that was disabled by default. Version 1.35.0 enabled it by default , which is not recommended and can cause issues with automated triggers. In Armory CD 2.36.2 we recommend to explicitly disable this feature by setting the following configuration:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

An example configuration can be found below which can be added per artifact account (http, github, helm):

artifacts:
 http:
 enabled: true
 accounts:
 - name: http_account
 urlRestrictions:
 allowedDomains:
 - mydomain.com
 - raw.github.com
 - api.github.com
 rejectLocalhost: true #default value
 rejectLinkLocal: true #default value
 rejectVerbatimIps: true #default value
 rejectedIps: [] #default value

Armory Continuous Deployment 2.36.2 onwards Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

In Spinnaker OSS release 1.35.0 Orca introduced a feature flag to reduce the execution size in nested pipelines by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When enabled, child pipeline execution ids are stored in sql instead of the entire child pipeline execution context.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.pipelineRefEnabled = true;
 ... 

Orca PR 4842 Deck PR 10164

New pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks.global.backOffPeriod:
 tasks.<cloud provider>.backOffPeriod:
 tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.36.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.36.6
timestamp: 2025-10-21 09:53:44
services:
igor:
version: 2.36.6
commit: 7fccfb59279c325d5368a82ed9859f9cc7253302
gate:
version: 2.36.6
commit: 7cad31c006f10d4549bd666c76dbd85bd8286921
kayenta:
version: 2.36.6
commit: 4b9fb28ad8fa0e4b44fa162691b5d51691d90891
clouddriver:
version: 2.36.6
commit: b96751e1d80eef231c719aa40d5ce96db8a9c193
dinghy:
version: 2.36.6
commit: d36fdf5b496b18212275686d4c9069d72c9dbeb1
rosco:
version: 2.36.6
commit: 8e35f1c3560b3b8f7de6fc4a35718b4aee98a47c
deck:
version: 2.36.6
commit: 54a2aada8cb187554536daeb8b8b2858714d1afe
orca:
version: 2.36.6
commit: 138f6665e75d2e600b4cb07631079cc83a6560ec
echo:
version: 2.36.6
commit: 93303566f7d718f115520dd0b00852cfa183f413
fiat:
version: 2.36.6
commit: e7412ae8d6a0c4fe765098315696fe24eeb3e2f5
terraformer:
version: 2.36.6
commit: 8453d42107fda5f0c315c8459f523e9182805832
front50:
version: 2.36.6
commit: 08c2d640ec2818a990602c40f22952782af0781f
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.36.6…2.36.6

Terraformer™ - 2.36.6…2.36.6

Armory Rosco - 2.36.6…2.36.6

Armory Gate - 2.36.6…2.36.6

Armory Echo - 2.36.6…2.36.6

Armory Deck - 2.36.6…2.36.6

Armory Orca - 2.36.6…2.36.6

Armory Kayenta - 2.36.6…2.36.6

Dinghy™ - 2.36.6…2.36.6

Armory Front50 - 2.36.6…2.36.6

Armory Clouddriver - 2.36.6…2.36.6

Armory Fiat - 2.36.6…2.36.6

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.38.0 Armory Continuous Deployment Release (Spinnaker™ v2025.2.2)

Tue, 21 Oct 2025 00:00:00 +0000

2025-10-21 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

Important

Armory Operator has been deprecated and will is considered EOL. Please migrate to the Kustomize method of deployment.

To install, upgrade, or configure Armory CD 2.38.0-rc3, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Gate: Spring Security 5 Oauth2 Migration

Armory CD 2.38.0 removes deprecate Oauth2 annotations and uses Spring Security 5 DSL. In order to configure oauth2 in gate-local.yml have changed to:

Google Oauth configuration

spring:
 security:
 oauth2:
 client:
 registration:
 google:
 client-id: <client-id>
 client-secret: <client-secret>
 authorization-grant-type: authorization_code
 redirect-uri: "https://<your-domain>/login/oauth2/code/google"
 scope: profile,email,openid
 client-name: google
 provider:
 google:
 authorization-uri: https://accounts.google.com/o/oauth2/auth
 token-uri: https://oauth2.googleapis.com/token
 user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo
 user-name-attribute: sub

Github Oauth2 configuration

spring:
 security:
 oauth2:
 client:
 registration:
 userInfoMapping:
 email: email
 firstName: ''
 lastName: name
 username: login
 github:
 client-id: <client-id>
 client-secret: <client-secret>
 authorization-grant-type: authorization_code
 redirect-uri: "https://<your-domain>/login/oauth2/code/github"
 scope: user,email
 client-name: github
 provider:
 github:
 authorization-uri: https://github.com/login/oauth/authorize
 token-uri: https://github.com/login/oauth/access_token
 user-info-uri: https://api.github.com/user
 user-name-attribute: login

Orca: Tasks configuration changes

The following configuration properties have been restructured in orca-local.yml:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Orca: Performance Improvements for SQL Backend

Policy Engine (OPA) is now built into Armory CD

armory:
 opa:
 enabled: true
 url: http://opa-server.opa:8181/v1

New:

armory:
 policy-engine:
 enabled: true
 baseurl: http://opa-server.opa:8181/v1

The OPA server deployment and policies are unchanged.

Kubernetes Agent (Kubesvc) is now built into Armory CD

kubesvc:
 cluster: kubernetes
 # ...remaining kubesvc settings...

spinnaker:
 extensibility:
 plugins:
 Armory.Kubesvc:
 enabled: true
 version: 0.16.2
 extensions:
 armory.kubesvc:
 enabled: true
 repositories:
 armory-agent:
 url: https://raw.githubusercontent.com/armory-io/agent-k8s-spinplug-releases/master/repositories.json

New:

armory:
 kubesvc:
 enabled: true
 cluster: kubernetes
 # ...remaining kubesvc settings (unchanged)...

Known issues

Highlighted updates

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

An example configuration for clouddriver-local.yml can be found below which can be added per artifact account (http, github, helm):

artifacts:
 http:
 enabled: true
 accounts:
 - name: http_account
 urlRestrictions:
 allowedDomains:
 - mydomain.com
 - raw.github.com
 - api.github.com
 rejectLocalhost: true #default value
 rejectLinkLocal: true #default value
 rejectVerbatimIps: true #default value
 rejectedIps: [] #default value

Clouddriver: Account management API enhancement for AWS, ECS and GCP accounts

account:
 storage:
 enabled: true
 aws:
 enabled: true
 ecs:
 enabled: true
 google:
 enabled: true
credentials: #Enable the credentials poller per provider congifuration enabled in the Account Managment API
 poller:
 enabled: true
 types:
 kubernetes:
 reloadFrequencyMs: 60000
 aws:
 reloadFrequencyMs: 60000
 ecs:
 reloadFrequencyMs: 60000
 google:
 reloadFrequencyMs: 60000

Clouddriver PR7238 Clouddriver PR7247 Clouddriver PR7270

Clouddriver AWS accounts assume-role enhancement

aws:
 loadAccounts:
 maxRetries: 10
 backOffInMs: 5000
 exponentialBackoff: false
 exponentialBackoffMultiplier: 2
 exponentialBackOffIntervalMs: 10000
 defaultSessionDurationSeconds: (no default value)

PR6342 PR6344

Helm OCI Registry Chart Support

Related PRs:

dockerRegistry:
 enabled: true
 primaryAccount: dockerhub # Must be one of the configured docker accounts
 accounts:
 - name: dockerhub
 requiredGroupMembership: []
 providerVersion: V1
 permissions: {}
 address: https://index.docker.io # (Required). The registry address you want to pull and deploy images from; e.g. https://index.docker.io
 username: <username> # Your docker registry email (often this only needs to be well-formed, rather than be a real address)
 password: <password>
 cacheIntervalSeconds: 30 # (Default: 30). How many seconds elapse between polling your docker registry.
 clientTimeoutMillis: 60000 # (Default: 60000). Timeout time in milliseconds for this repository.
 cacheThreads: 1 # (Default: 1). How many threads to cache all provided repos on. Really only useful if you have a ton of repos.
 paginateSize: 100 # (Default: 100). Paginate size for the docker repository _catalog endpoint.
 sortTagsByDate: false # (Default: false). Sort tags by creation date.
 trackDigests: false # (Default: false). Track digest changes. This is not recommended as it consumes a high QPM, and most registries are flaky.
 insecureRegistry: false # (Default: false). Treat the docker registry as insecure (don’t validate the ssl cert).
 repositories:
 - "registry/repository" # (Default: []). An optional list of repositories to cache Docker images from. If not provided, Spinnaker will attempt to read accessible repositories from the registries _catalog endpoint
 helmOciRepositories:
 - "registry/HelmOciRepository" # (Default: []). An optional list of Helm OCI-Based repositories to cache helm charts from.

For every account with non-empty helmOciRepositories list, Clouddriver will cache the Helm charts from the specified OCI repositories.

The cached Helm OCI charts are defined as a new Artifact type named helm/image and can be used to bake Helm OCI-based charts in Spinnaker pipelines.

Defining retention policy for downloaded helm/image charts in Clouddriver

artifacts:
 helm-oci:
 clone-retention-minutes: 60
 clone-retention-max-bytes: 104857600 # 100MB

clone-retention-minutes: Default: 0. How much time to keep the downloaded helm/image chart. Values are:
- 0: no retention.
- -1: retain forever.
- any whole number of minutes, such as 60.
clone-retention-max-bytes: Default: 104857600 (100 MB). Maximum amount of disk space to use for downloaded helm/image charts. When the maximum amount of space is reached, Clouddriver deletes the clones after returning the artifact to the pipeline, just as if retention were disabled.

Defining Triggers for helm/image artifacts in Spinnaker pipelines

helm-oci-docker-registry:
 enabled: true

Additionally, a new trigger type (named helm/oci) has been implemented to allow pipelines to be triggered by new versions of helm/image artifacts.

 "triggers": [
 {
 "account": "<accountName>",
 "enabled": true,
 "organization": "<org>",
 "registry": "index.docker.io",
 "repository": "org/repositoryName",
 "type": "helm/oci"
 }
 ],

Orca: Limit the execution retrieval of Disabled pipelines

A new configuration has been added to exclude execution retrieval for disabled pipelines in Front50. This can be enabled in your orca-local.yml with:

tasks:
 controller:
 excludeExecutionsOfDisabledPipelines: false|true # Defaults to false

Orca PR4819

Front50: Scheduled agent for Disabling unused pipelines

pollers:
 unused-pipelines-disable:
 enabled: false | true # default: false
 intervalSec: 3600 # default: 3600
 thresholdDays: 365 # default: 365
 dryRun: false | true # default: true. When true an info is logged about the intention to disable a pipelineConfigId in the application evaluated

Front50 PR1520

Orca: New Pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period in your orca-local.yml:

tasks.global.backOffPeriod:
tasks.<cloud provider>.backOffPeriod:
tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Orca: Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

Orca PR 4824

Orca: Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

Orca PR 4804

Orca: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration in your orca-local.yml:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

Orca PR 4803

Migration of Retrofit1 to Retrofit2 for all services

https://github.com/spinnaker/spinnaker/pull/7088

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the following changelogs for details:

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.38.0
timestamp: 2025-10-21 09:16:45
services:
dinghy:
version: 2.38.0
commit: babaa4704f1df8a6f6b42e533716396c8a0f529b
rosco:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
clouddriver:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
deck:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
gate:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
kayenta:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
orca:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
echo:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
fiat:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
front50:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
igor:
version: 2.38.0
commit: e891413d1ffd7fa5a49f232a048e7ab2a1cbe63b
terraformer:
version: 2.38.0
commit: babaa4704f1df8a6f6b42e533716396c8a0f529b
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.36.5…2.38.0

Terraformer™ - 2.36.5…2.38.0

Armory Rosco - 2.36.5…2.38.0

Armory Gate - 2.36.5…2.38.0

Armory Echo - 2.36.5…2.38.0

Armory Deck - 2.36.5…2.38.0

Armory Orca - 2.36.5…2.38.0

Armory Kayenta - 2.36.5…2.38.0

Dinghy™ - 2.36.5…2.38.0

Armory Front50 - 2.36.5…2.38.0

Armory Clouddriver - 2.36.5…2.38.0

Armory Fiat - 2.36.5…2.38.0

Spinnaker

Spinnaker Igor - 2025.2.2

Spinnaker Rosco - 2025.2.2

Spinnaker Gate - 2025.2.2

Spinnaker Echo - 2025.2.2

Spinnaker Deck - 2025.2.2

Spinnaker Orca - 2025.2.2

Spinnaker Kayenta - 2025.2.2

Spinnaker Front50 - 2025.2.2

Spinnaker Clouddriver - 2025.2.2

Spinnaker Fiat - 2025.2.2

Continuous-Deployment: v2.36.5 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Thu, 16 Oct 2025 00:00:00 +0000

2025-10-16 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

Important

Armory Operator has been deprecated and will is considered EOL. Please migrate to the Kustomize method of deployment.

To install, upgrade, or configure Armory CD 2.36.5, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Url filtering/restriction on artifact accounts require all available configurations set

In Armory CD 2.36.5 the url filtering/restriction was introduced to enhance the security of artifact accounts. When enabled in an artifact account all the configuration options need to be explicitly set to avoid unexpected behavior/restrictions.

This known issue has been fixed in Armory CD 2.36.6

Echo Filter enabled pipelines feature

Spinnaker OSS Version 1.31.0 introduced a feature to filter pipelines from front50 , that was disabled by default. Version 1.35.0 enabled it by default , which is not recommended and can cause issues with automated triggers. In Armory CD 2.36.2 we recommend to explicitly disable this feature by setting the following configuration:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

An example configuration can be found below which can be added per artifact account (http, github, helm):

artifacts:
 http:
 enabled: true
 accounts:
 - name: http_account
 urlRestrictions:
 allowedHostnamesRegex: ".*\\..+" #default value
 allowedSchemes: #default value
 - http
 - https
 rejectLocalhost: true #default value
 rejectLinkLocal: true #default value
 rejectVerbatimIps: true #default value
 allowedDomains:
 - mydomain.com
 - raw.github.com
 - api.github.com
 rejectedIps: [] #default value
 excludedDomainTemplate: "(?=.+\\.%s$).*\\..+" #default value
 excludedDomains: #default value
 - spinnaker
 - local
 - localdomain
 - internal
 excludedDomainsFromEnvironment: [] #default value
 extraExcludedPatterns: [] #default value

Armory Continuous Deployment 2.36.2 onwards Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

In Spinnaker OSS release 1.35.0 Orca introduced a feature flag to reduce the execution size in nested pipelines by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When enabled, child pipeline execution ids are stored in sql instead of the entire child pipeline execution context.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.pipelineRefEnabled = true;
 ... 

Orca PR 4842 Deck PR 10164

New pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks.global.backOffPeriod:
 tasks.<cloud provider>.backOffPeriod:
 tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.36.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.36.5
timestamp: 2025-10-15 09:32:06
services:
igor:
version: 2.36.5
commit: 7fccfb59279c325d5368a82ed9859f9cc7253302
gate:
version: 2.36.5
commit: 7cad31c006f10d4549bd666c76dbd85bd8286921
kayenta:
version: 2.36.5
commit: 4b9fb28ad8fa0e4b44fa162691b5d51691d90891
dinghy:
version: 2.36.5
commit: d36fdf5b496b18212275686d4c9069d72c9dbeb1
rosco:
version: 2.36.5
commit: 8e35f1c3560b3b8f7de6fc4a35718b4aee98a47c
orca:
version: 2.36.5
commit: 138f6665e75d2e600b4cb07631079cc83a6560ec
clouddriver:
version: 2.36.5
commit: 485642649712e3d69472ed62edfbd7e8e9df1118
deck:
version: 2.36.5
commit: 54a2aada8cb187554536daeb8b8b2858714d1afe
echo:
version: 2.36.5
commit: 93303566f7d718f115520dd0b00852cfa183f413
fiat:
version: 2.36.5
commit: e7412ae8d6a0c4fe765098315696fe24eeb3e2f5
terraformer:
version: 2.36.5
commit: 8453d42107fda5f0c315c8459f523e9182805832
front50:
version: 2.36.5
commit: 08c2d640ec2818a990602c40f22952782af0781f
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.36.1…2.36.3

Terraformer™ - 2.36.1…2.36.3

Armory Rosco - 2.36.1…2.36.3

Armory Gate - 2.36.1…2.36.3

Armory Echo - 2.36.1…2.36.3

Armory Deck - 2.36.1…2.36.3

Armory Orca - 2.36.1…2.36.3

Armory Kayenta - 2.36.1…2.36.3

Dinghy™ - 2.36.1…2.36.3

Armory Front50 - 2.36.1…2.36.3

Armory Clouddriver - 2.36.1…2.36.3

Armory Fiat - 2.36.1…2.36.3

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.36.4 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Tue, 09 Sep 2025 00:00:00 +0000

2025-09-09 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.36.4, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Echo Filter enabled pipelines feature

Spinnaker OSS Version 1.31.0 introduced a feature to filter pipelines from front50 , that was disabled by default. Version 1.35.0 enabled it by default , which is not recommended and can cause issues with automated triggers. In Armory CD 2.36.2 we recommend to explicitly disable this feature by setting the following configuration:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

Armory Continuous Deployment 2.36.2 Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

In Spinnaker OSS release 1.35.0 Orca introduced a feature flag to reduce the execution size in nested pipelines by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When enabled, child pipeline execution ids are stored in sql instead of the entire child pipeline execution context.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.pipelineRefEnabled = true;
 ... 

Orca PR 4842 Deck PR 10164

New pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks.global.backOffPeriod:
 tasks.<cloud provider>.backOffPeriod:
 tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.36.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.36.4
timestamp: 2025-09-03 13:19:57
services:
front50:
version: 2.36.4
commit: 08c2d640ec2818a990602c40f22952782af0781f
gate:
version: 2.36.4
commit: 4008ca9592054ea4cb100231dffe13dd8f819367
igor:
version: 2.36.4
commit: 7fccfb59279c325d5368a82ed9859f9cc7253302
kayenta:
version: 2.36.4
commit: 4b9fb28ad8fa0e4b44fa162691b5d51691d90891
terraformer:
version: 2.36.4
commit: 8453d42107fda5f0c315c8459f523e9182805832
orca:
version: 2.36.4
commit: 7a3859e21f389b81aba72e294243bb41a7653d8f
rosco:
version: 2.36.4
commit: 8e35f1c3560b3b8f7de6fc4a35718b4aee98a47c
clouddriver:
version: 2.36.4
commit: feb14e1f16e7d26ed9390c6911da9a9d50038c68
deck:
version: 2.36.4
commit: 54a2aada8cb187554536daeb8b8b2858714d1afe
echo:
version: 2.36.4
commit: 93303566f7d718f115520dd0b00852cfa183f413
fiat:
version: 2.36.4
commit: e7412ae8d6a0c4fe765098315696fe24eeb3e2f5
dinghy:
version: 2.36.4
commit: d36fdf5b496b18212275686d4c9069d72c9dbeb1
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.36.1…2.36.3

Terraformer™ - 2.36.1…2.36.3

Armory Rosco - 2.36.1…2.36.3

Armory Gate - 2.36.1…2.36.3

Armory Echo - 2.36.1…2.36.3

Armory Deck - 2.36.1…2.36.3

Armory Orca - 2.36.1…2.36.3

Armory Kayenta - 2.36.1…2.36.3

Dinghy™ - 2.36.1…2.36.3

Armory Front50 - 2.36.1…2.36.3

Armory Clouddriver - 2.36.1…2.36.3

Armory Fiat - 2.36.1…2.36.3

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.36.3 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Mon, 18 Aug 2025 00:00:00 +0000

2025-08-14 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.36.3, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Deck - Failing to bind address when SSL is used

In Armory CD 2.36.3 Deck may fail to start with the following error when SSL is enabled:

AH00526: Syntax error on line 17 of /etc/apache2/sites-enabled/spinnaker.conf:
Cannot define multiple Listeners on the same IP:port
Action '-D FOREGROUND' failed.
The Apache error log may have more information.

The issue is fully resolved in Armory CD 2.36.4. Please upgrade to that version if you encounter this issue.

Echo Filter enabled pipelines feature

Spinnaker OSS Version 1.31.0 introduced a feature to filter pipelines from front50 , that was disabled by default. Version 1.35.0 enabled it by default , which is not recommended and can cause issues with automated triggers. In Armory CD 2.36.2 we recommend to explicitly disable this feature by setting the following configuration:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

Armory Continuous Deployment 2.36.2 Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

In Spinnaker OSS release 1.35.0 Orca introduced a feature flag to reduce the execution size in nested pipelines by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When enabled, child pipeline execution ids are stored in sql instead of the entire child pipeline execution context.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.pipelineRefEnabled = true;
 ... 

Orca PR 4842 Deck PR 10164

New pipeline stage configuration `backOffPeriodMs`

Additionally, the following configuration options have been added that allow admins to specify globablly the backoff period:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks.global.backOffPeriod:
 tasks.<cloud provider>.backOffPeriod:
 tasks.<cloud provider>.<account name>.backOffPeriod:

Orca PR 4841

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.36.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM


version: 2.36.3
timestamp: 2025-08-18 14:22:07
services:
fiat:
version: 2.36.3
commit: e7412ae8d6a0c4fe765098315696fe24eeb3e2f5
front50:
version: 2.36.3
commit: 08c2d640ec2818a990602c40f22952782af0781f
gate:
version: 2.36.3
commit: 4008ca9592054ea4cb100231dffe13dd8f819367
igor:
version: 2.36.3
commit: 7fccfb59279c325d5368a82ed9859f9cc7253302
terraformer:
version: 2.36.3
commit: 8453d42107fda5f0c315c8459f523e9182805832
rosco:
version: 2.36.3
commit: 8e35f1c3560b3b8f7de6fc4a35718b4aee98a47c
dinghy:
version: 2.36.3
commit: d36fdf5b496b18212275686d4c9069d72c9dbeb1
echo:
version: 2.36.3
commit: 93303566f7d718f115520dd0b00852cfa183f413
kayenta:
version: 2.36.3
commit: 4b9fb28ad8fa0e4b44fa162691b5d51691d90891
deck:
version: 2.36.3
commit: 0ca57d9581c7d4ce101422b75665b2e22635711a
orca:
version: 2.36.3
commit: 7a3859e21f389b81aba72e294243bb41a7653d8f
clouddriver:
version: 2.36.3
commit: feb14e1f16e7d26ed9390c6911da9a9d50038c68
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.36.1…2.36.3

Terraformer™ - 2.36.1…2.36.3

Armory Rosco - 2.36.1…2.36.3

Armory Gate - 2.36.1…2.36.3

Armory Echo - 2.36.1…2.36.3

Armory Deck - 2.36.1…2.36.3

Armory Orca - 2.36.1…2.36.3

Armory Kayenta - 2.36.1…2.36.3

Dinghy™ - 2.36.1…2.36.3

Armory Front50 - 2.36.1…2.36.3

Armory Clouddriver - 2.36.1…2.36.3

Armory Fiat - 2.36.1…2.36.3

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.36.1 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Thu, 20 Feb 2025 00:00:00 +0000

2025/02/20 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.36.1, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Echo Filter enabled pipelines feature

Spinnaker OSS Version 1.31.0 introduced a feature to filter pipelines from front50 , that was disabled by default. Version 1.35.0 enabled it by default , which is not recommended and can cause issues with automated triggers. In Armory CD 2.36.2 we recommend to explicitly disable this feature by setting the following configuration:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 pipelineCache:
 filterFront50Pipelines: false

Highlighted updates

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.36.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: e52a253da499f54ea951d46472ee20ada1326d1a
version: 2.36.1
deck:
commit: 1c97b782e123ee219673c245878aeb59e87b0a06
version: 2.36.1
dinghy:
commit: 50041173d1a043493409059e7fa5d7a1a80fb553
version: 2.36.1
echo:
commit: 4c2efbbb9e57b64a1a4fa85aef8eeccc8aaa80a7
version: 2.36.1
fiat:
commit: bd424d60f055e6694aeaf74af5b92862932b09c3
version: 2.36.1
front50:
commit: 9e2606c2d386d00b18b76104564b6467ea2010d3
version: 2.36.1
gate:
commit: cc3f1b3059533feb0bc770eebde4f2c0714c7800
version: 2.36.1
igor:
commit: c5540e0bfe83bb87fa8896c7c7924113c17453b4
version: 2.36.1
kayenta:
commit: 1dab7bb6f4156bdf7f15ef74722139e07ceb4581
version: 2.36.1
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 9fa8bf04e3b5882c0b03d0309684ef0cd00a64c0
version: 2.36.1
rosco:
commit: 80f1885bcd93da023fdb858d563cc24ccadce276
version: 2.36.1
terraformer:
commit: 9756bee07eaabbb25b54812996314c22554ec1c0
version: 2.36.1
timestamp: "2025-02-20 12:49:12"
version: 2.36.1

Armory

Armory Igor - 2.36.0…2.36.1

Terraformer™ - 2.36.0…2.36.1

Armory Rosco - 2.36.0…2.36.1

Armory Gate - 2.36.0…2.36.1

Armory Echo - 2.36.0…2.36.1

Armory Deck - 2.36.0…2.36.1

fix(metadata): Reverting MetadataFilterOverride (#1450) (#1451)

Armory Orca - 2.36.0…2.36.1

Armory Kayenta - 2.36.0…2.36.1

Dinghy™ - 2.36.0…2.36.1

Armory Front50 - 2.36.0…2.36.1

Armory Clouddriver - 2.36.0…2.36.1

Armory Fiat - 2.36.0…2.36.1

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.36.0 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

Wed, 12 Feb 2025 00:00:00 +0000

2025/02/12 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.36.0, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

The following configuration properties have been restructured:

Previous Configuration:

tasks:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:

New configuration format

tasks:
 controller:
 days-of-execution-history:
 number-of-old-pipeline-executions-to-include:
 optimize-execution-retrieval: <boolean>
 max-execution-retrieval-threads:
 max-number-of-pipeline-executions-to-process:
 execution-retrieval-timeout-seconds:

These changes improve query performance and execution retrieval efficiency, particularly for large-scale pipeline applications.

Performance Improvements for SQL Backend

Known issues

Highlighted updates

Java upgrades

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 service-settings:
 clouddriver:
 env:
 JAVA_OPTS: "--add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED"

Performance Improvements for Pipeline Executions

This release includes several optimizations to improve pipeline execution times, particularly for complex pipeline structures.

Key Improvements

Memorize the anyUpstreamStagesFailed extension function to improve time complexity from exponential to linear
Optimize getAncestorsImpl to reduce time complexity by a factor of N, where N is the number of stages in a pipeline
Optimize StartStageHandler to only call withAuth (which calls getAncestorsImpl) when

PR 4824

Performance Improvements for SQL Backend

This release enhances the performance of SQL-backed pipeline queries by optimizing database operations, particularly for the API call:

/applications/{application}/pipelines?expand=false&limit=2

which is frequently initiated by Deck and forwarded through Gate to Orca.

Key Improvements

Improved Query Efficiency: Optimized the retrieval of pipeline execution data, significantly reducing database query times.
Refactored TaskController: Externalized configuration properties to allow better flexibility and tuning.
Enhanced getPipelinesForApplication()
- Limits the number of pipeline config IDs queried.
- Processes multiple pipeline config IDs simultaneously.
- Introduces multi-threading to handle batches efficiently.

PR 4804

Feature: Read Connection Pool for SQL Execution Repository

This release introduces support for a dedicated read connection pool for specific read-only database queries in SqlExecutionRepository

Key Improvements

New “read” Connection Pool: Allows read operations to be routed to a separate connection pool.
Configurable Read Pool: Users can define an additional read connection pool in the SQL configuration.
Ensures Data Consistency: Some read queries still rely on recently written data and are not yet converted to use a read replica due to potential replication lag.

Configuration Example

To enable the read connection pool, add the following configuration:

sql:
 connectionPools:
 default:
 <...>
 read:
 jdbcUrl: jdbc:...
 user: orca_service
 password:
 connectionTimeoutMs:
 validationTimeoutMs:
 maxPoolSize:
 minIdle:
 maxLifetimeMs:
 idleTimeoutMs:

PR 4803

Enhanced pipeline batch update feature

Gate

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

controller:
 pipeline:
 bulksave:
 # the max number of times gate will poll orca to check for task status
 max-polls-for-task-completion: <int>
 # the interval at which gate will poll orca.
 taskCompletionCheckIntervalMs: <int>

Orca

Updates Orca’s SavePipelineTask to support bulk saves using the updated functionality in the front50 bulk save endpoint.

With Orca PR 4781, keys from the stage context’s outputs section can now be removed (there by reducing the context size significantly). At present the following tasks support this feature:

PromoteManifestKatoOutputsTask
WaitOnJobCompletionTask
ResolveDeploySourceManifestTask
BindProducedArtifactsTask

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 tasks:
 clouddriver:
 promoteManifestKatoOutputsTask:
 excludeKeysFromOutputs:
 - outputs.createdArtifacts
 - outputs.manifests
 - outputs.boundArtifacts
 waitOnJobCompletionTask:
 excludeKeysFromOutputs:
 - jobStatus
 - completionDetails
 resolveDeploySourceManifestTask:
 excludeKeysFromOutputs:
 - manifests
 - requiredArtifacts
 - optionalArtifacts
 core:
 bindProducedArtifactsTask:
 excludeKeysFromOutputs:
 - artifacts

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 checkClouddriver: false # default is true

tasks:
 clouddriver:
 checkIfApplicationExistsTask:
 auditModeEnabled: false # default is true

Front50

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 front50:
 controller:
 pipeline:
 save:
 refreshCacheOnDuplicatesCheck: false // default is true

Batch update call now responds with a status of succeeded and failed pipelines info. The response will be a map containing information in the following format:

[
 "successful_pipelines_count" : <int>,
 "successful_pipelines" : <List<String>>,
 "failed_pipelines_count" : <int>,
 "failed_pipelines" : <List<Map<String, Object>>>
]

Here the value for successful_pipelines is the list of successful pipeline names whereas the value for failed_pipelines is the list of failed pipelines expressed as maps.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.36.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: e52a253da499f54ea951d46472ee20ada1326d1a
version: 2.36.0
deck:
commit: da852d30ae5d29448b8546c3a55e799ef08bec8a
version: 2.36.0
dinghy:
commit: 50041173d1a043493409059e7fa5d7a1a80fb553
version: 2.36.0
echo:
commit: 4c2efbbb9e57b64a1a4fa85aef8eeccc8aaa80a7
version: 2.36.0
fiat:
commit: bd424d60f055e6694aeaf74af5b92862932b09c3
version: 2.36.0
front50:
commit: 9e2606c2d386d00b18b76104564b6467ea2010d3
version: 2.36.0
gate:
commit: cc3f1b3059533feb0bc770eebde4f2c0714c7800
version: 2.36.0
igor:
commit: c5540e0bfe83bb87fa8896c7c7924113c17453b4
version: 2.36.0
kayenta:
commit: 1dab7bb6f4156bdf7f15ef74722139e07ceb4581
version: 2.36.0
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 9fa8bf04e3b5882c0b03d0309684ef0cd00a64c0
version: 2.36.0
rosco:
commit: 80f1885bcd93da023fdb858d563cc24ccadce276
version: 2.36.0
terraformer:
commit: 9756bee07eaabbb25b54812996314c22554ec1c0
version: 2.36.0
timestamp: "2025-02-12 14:24:22"
version: 2.36.0

Armory

Armory Rosco - 2.35.0…2.36.0

fix(java): fix merge conflict (#697)
chore(java): Migrate to Java 17 (#695) (#696)
chore(cd): update base service version to rosco:2024.08.06.19.21.17.release-1.35.x (#694)
chore(cd): update armory-commons version to 3.17.3 (#689)
chore(cd): update base service version to rosco:2024.08.06.19.21.17.master (#683)
chore(base): bump latest rosco from 1.36.0 (#706)
fix(actions): use password secret for cd artifacts (#710)
fix(bake): use reflection to get values from AWSBakeHandler (#712)
chore(cd): update base service version to rosco:2024.11.25.15.38.22.release-1.36.x (#704)
chore(cd): update base service version to rosco:2025.01.07.21.12.49.release-1.36.x (#714)
chore(cd): update base service version to rosco:2025.01.23.05.53.10.release-1.36.x (#716)
chore(cd): update armory-commons version to 3.18.1 (#720)

Armory Fiat - 2.35.0…2.36.0

chore(cd): update base service version to fiat:2024.08.06.19.16.43.release-1.35.x (#635)
chore(cd): update armory-commons version to 3.17.3 (#630)
chore(cd): update base service version to fiat:2024.08.06.19.16.43.master (#624)
chore(base): bump latest fiat 1.36.0 and migrate jdk 17 (#642)
chore(cd): update base service version to fiat:2025.01.07.20.44.13.release-1.36.x (#647)

Terraformer™ - 2.35.0…2.36.0

Armory Kayenta - 2.35.0…2.36.0

chore(java): migrate to java 17 (#560) (#561)
chore(cd): update armory-commons version to 3.17.3 (#557)
chore(cd): update base service version to kayenta:2024.08.13.23.14.13.master (#551)
chore(base): bump latest kayenta from 1.36.0 (#569)
chore(cd): update base service version to kayenta:2025.01.22.19.32.21.release-1.36.x (#574)

Armory Clouddriver - 2.35.0…2.36.0

chore(cd): update base service version to clouddriver:2024.12.13.19.41.27.release-1.35.x (#1203)
chore(java): Migrate to java 17 (#1187) (#1188)
chore(java): compile base service with Java 17 (#1183) (#1186)
chore(cd): update base service version to clouddriver:2024.10.15.15.18.20.release-1.35.x (#1185)
chore(cd): update base service version to clouddriver:2024.08.27.16.52.09.release-1.35.x (#1182)
chore(cd): update armory-commons version to 3.17.3 (#1174)
chore(cd): update base service version to clouddriver:2024.08.27.16.04.19.master (#1170)
chore(cd): update base service version to clouddriver:2024.09.24.14.04.48.master (#1176)
chore(cd): update base service version to clouddriver:2024.09.25.16.01.39.master (#1178)
chore(base): bump latest clouddriver 1.36.0 (#1195)
chore(cd): update base service version to clouddriver:2024.12.12.19.01.29.release-1.36.x (#1200)
chore(cd): update base service version to clouddriver:2024.12.13.19.41.15.release-1.36.x (#1201)
chore(cd): update base service version to clouddriver:2025.01.03.19.54.54.release-1.36.x (#1206)
chore(cd): update base service version to clouddriver:2025.01.06.21.18.32.release-1.36.x (#1208)
chore(cd): update base service version to clouddriver:2025.01.06.22.20.00.release-1.36.x (#1210)
chore(cd): update base service version to clouddriver:2025.01.21.16.56.34.release-1.36.x (#1212)
chore(cd): update armory-commons version to 3.18.1 (#1215)
chore(base): bump latest jar from OS clouddriver in 1.36 (#1219)

Dinghy™ - 2.35.0…2.36.0

Armory Orca - 2.35.0…2.36.0

chore(cd): update base orca version to 2024.12.11.15.53.21.release-1.35.x (#967)
chore(java): migrate to java 17 (#949) (#951)
chore(dep): update base to 2024.08.13.08.26.10.release-1.35.x (#950)
chore(cd): update armory-commons version to 3.17.3 (#940)
chore(cd): update base orca version to 2024.08.28.15.02.07.master (#936)
chore(cd): update base orca version to 2024.09.25.16.57.42.master (#946)
chore(base): update base to latest orca 1.36.0 (#959)
chore(cd): update base orca version to 2024.12.11.15.53.17.release-1.36.x (#968)
chore(base): bump latest orca from 1.36.x (#972)
chore(cd): update base orca version to 2025.01.22.18.18.13.release-1.36.x (#976)
chore(cd): update armory-commons version to 3.18.1 (#981)
feat(cherry-picks): adding selected improvements to 1.36.x release (#983)

Armory Echo - 2.35.0…2.36.0

chore(java): migrate to jdk 17 (backport #750) (#751)
chore(cd): update armory-commons version to 3.17.3 (#743)
chore(cd): update base service version to echo:2024.08.13.08.15.00.master (#736)
chore(cd): update base service version to echo:2024.09.24.15.23.12.master (#744)
chore(cd): update base service version to echo:2024.09.25.15.02.35.master (#745)
chore(cd): update base service version to echo:2024.09.25.16.45.58.master (#746)
chore(cd): update base service version to echo:2024.09.26.20.47.13.master (#747)
chore(cd): update base service version to echo:2024.10.15.15.58.45.master (#748)
chore(java): upgrade to jre 17 (#749)
chore(java): migrate to jdk 17 (#750)
chore(cd): update base service version to echo:2024.11.05.16.26.31.master (#752)
chore(cd): update base service version to echo:2024.11.06.17.44.10.master (#753)
chore(base): update base to latest 1.36.0 and refactor (#758)
chore(java): remove java 11 references (#759)
chore(cd): update base service version to echo:2025.01.22.17.19.28.release-1.36.x (#765)
chore(cd): update base service version to echo:2025.01.22.18.37.26.release-1.36.x (#766)
chore(cd): update armory-commons version to 3.18.1 (#768)

Armory Front50 - 2.35.0…2.36.0

chore(cd): update base service version to front50:2024.08.23.16.11.34.release-1.35.x (#724)
chore(cd): update armory-commons version to 3.17.3 (#719)
chore(cd): update base service version to front50:2024.08.23.15.47.09.master (#714)
chore(cd): update base service version to front50:2024.09.23.18.38.12.master (#720)
chore(cd): update base service version to front50:2024.09.25.15.04.28.master (#721)
chore(cd): update base service version to front50:2024.09.25.16.44.47.master (#722)
chore(base): bump latest front50 from 1.36.0 (#735)
chore(cd): update base service version to front50:2025.01.07.21.06.13.release-1.36.x (#740)
chore(cd): update base service version to front50:2025.01.07.21.17.30.release-1.36.x (#741)
chore(cd): update base service version to front50:2025.01.22.18.05.44.release-1.36.x (#744)
chore(cd): update armory-commons version to 3.18.1 (#747)

Armory Igor - 2.35.0…2.36.0

chore(cd): update base service version to igor:2024.08.13.08.13.54.release-1.35.x (#634)
chore(cd): update armory-commons version to 3.17.3 (#628)
chore(cd): update base service version to igor:2024.08.13.08.13.54.master (#622)
chore(base): bump latest igor from 1.36.0 (#643)
chore(cd): update base service version to igor:2025.01.22.18.04.21.release-1.36.x (#652)
chore(cd): update armory-commons version to 3.18.1 (#655)

Armory Gate - 2.35.0…2.36.0

chore(base): bump base 1.35 and migrate to jdk17 (#766)
chore(cd): update armory-commons version to 3.17.3 (#755)
chore(cd): update base service version to gate:2024.08.23.19.46.38.master (#749)
chore(cd): update base service version to gate:2024.08.30.14.26.46.master (#751)
chore(cd): update base service version to gate:2024.09.11.14.27.15.master (#756)
chore(cd): update base service version to gate:2024.09.12.19.51.06.master (#757)
chore(cd): update base service version to gate:2024.09.12.23.00.50.master (#758)
chore(cd): update base service version to gate:2024.09.19.19.02.50.master (#759)
chore(base): bump latest gate from 1.36.0 (#776)
fix(okhttp): replace OkClient with Ok3Client to match OS gate (#783)
chore(cd): update base service version to gate:2025.01.22.18.05.19.release-1.36.x (#789)
chore(cd): update base service version to gate:2025.02.11.20.51.46.release-1.36.x (#793)

Armory Deck - 2.35.0…2.36.0

chore(cd): update base deck version to 2024.0.0-20240808170143.master (#1429)
chore(cd): update base deck version to 2024.0.0-20240911164312.master (#1430)
chore(cd): update base deck version to 2024.0.0-20240912172834.master (#1432)
chore(cd): update base deck version to 2024.0.0-20240912182910.master (#1433)
chore(base): bump latest deck from 1.36.0 (#1439)
chore(cd): update base deck version to 2025.0.0-20250121171131.release-1.36.x (#1446)
chore(base): bump latest deck in all spinnaker packages (#1449)

Spinnaker

Spinnaker Rosco - 1.36.1

chore(dependencies): Autobump korkVersion (#1105)
chore(dependencies): Autobump korkVersion (#1108)
chore(dependencies): Autobump korkVersion (#1109)
chore(dependencies): Autobump korkVersion (#1110)
chore(dependencies): Autobump korkVersion (#1111)
chore(dependencies): Autobump korkVersion (#1112)
chore(dependencies): Autobump korkVersion (#1113)
fix(install): fix packer version check in post install script. (#1115)
chore(java): Full Java 17 support only (#1116)
chore(dependencies): Autobump korkVersion (#1117)
chore(dependencies): Autobump korkVersion (#1118)
chore(upgrades): Update OS to latest supported releases (#1119)
fix(gceBakeHandler): Updating Image name pattern to match googlecompute pre/post 1.1.2 plugin (#1122) (#1123)
fix(openapi): Rewrite Swagger to OpenAPI annotations (#1126) (#1129)
chore(dependencies): Autobump korkVersion (#1130)
fix(install): Fixed packer version check for packer installation (#1121) (#1128)

Spinnaker Fiat - 1.36.1

chore(dependencies): Autobump korkVersion (#1178)
chore(dependencies): Autobump korkVersion (#1179)
chore(dependencies): Autobump korkVersion (#1180)
chore(dependencies): Autobump korkVersion (#1181)
chore(dependencies): Autobump korkVersion (#1182)
chore(dependencies): Autobump korkVersion (#1184)
fix(retrofit): remove all com.squareup.okhttp dependencies (#1185)
chore(dependencies): Autobump korkVersion (#1187)
chore(java): Full Java 17 support only (#1186)
chore(dependencies): Autobump korkVersion (#1188)
chore(upgrades): Update OS to latest supported releases (#1189)
fix(openapi): Rewrite Swagger to OpenAPI annotations (#1192) (#1197)
chore(dependencies): Autobump korkVersion (#1198)

Spinnaker Kayenta - 1.36.1

chore(dependencies): Autobump orcaVersion (#1057)
chore(dependencies): Autobump orcaVersion (#1060)
refactor(dependency): add explicit dependency of google-http-client-jackson2 in kayenta-google while upgrading spockframework 2.3 (#1061)
chore(dependencies): Autobump orcaVersion (#1062)
refactor(retrofit): replace com.squareup.okhttp.OkHttpClient with okhttp3.OkHttpClient (#1063)
refactor(retrofit): remove all com.squareup.okhttp dependencies (#1064)
chore(java): Full Java 17 support only (#1065)
chore(java): remove duplicate targetJava17 property (#1066)
chore(upgrades): Update OS to latest supported releases (#1067)
chore(dependencies): Autobump orcaVersion (#1068)
chore(upgrade): Migrate to openapi swagger spec (#1046) (#1074)
chore(dependencies): Autobump orcaVersion (#1075)

Spinnaker Clouddriver - 1.36.1

feat(aws): CleanupAlarmsAgent with an optional user-defined name pattern (#6317) (#6318)
fix(cloudfoundry): Update ProcessStats model due to capi-1.84.0 changes (#6283) (#6293)
fix(aws): Fix AWS CLI v2 for Alpine Linux (#6279) (#6280)
fix(install): Fix Debian post installation script when awscli2 is already installed or the installation failed previously (#6276) (#6277)
fix(install): Fixed Debian post install script for aws-iam-authenticator (#6274) (#6275)
fix(gha): remove whitespace from BRANCH in release.yml (#6271) (#6273)
fix(gha): only bump halyard on master (#6268) (#6270)
fix(kubernetes): teach deployManifest stages to handle label selectors with generateName (#6265)
fix(gha): only bump halyard on master (#6268)
fix(gha): remove whitespace from BRANCH in release.yml (#6271)
fix(install): Fixed Debian post install script for aws-iam-authenticator (#6274)
fix(install): Fix Debian post installation script when awscli2 is already installed or the installation failed previously (#6276)
fix(install): Removed install_awscli2 function from Debian post install script (#6278)
fix(aws): Fix AWS CLI v2 for Alpine Linux (#6279)
fix(cloudfoundry): Update ProcessStats model due to capi-1.84.0 changes (#6283)
chore(dependencies): Autobump korkVersion (#6284)
chore(dependencies): Autobump fiatVersion (#6285)
perf(ecs): Narrowing the cache search for the ECS provider on views (#6256)
chore(dependencies): Autobump korkVersion (#6286)
feat(gce): support resource-manager-tags in GCE deployment (#6287)
chore(dependencies): Autobump korkVersion (#6289)
feat(gce): add support for hyperdisk in GCE (#6288)
chore(dependencies): Autobump korkVersion (#6295)
feat(gce): add partnerMetadata in instanceProperties for GCE deployment (#6297)
chore(azure): Adding a verifyAccountHealth configuration (#6296)
chore(dependencies): Autobump korkVersion (#6298)
refactor(retrofit): replace OkClient with Ok3Client (#6299)
refactor(retrofit): remove all com.squareup.okhttp dependencies (#6301)
chore(java): Full jaa 17 only
chore(java): Full java 17 only
chore(java): Remove cross compilation flag
chore(java): Full Java 17 support only
chore(dependencies): Autobump korkVersion (#6302)
chore(dependencies): Autobump korkVersion (#6303)
chore(upgrades): Update OS to latest supported releases (#6304)
chore(dependencies): Autobump fiatVersion (#6305)
fix(ecs): Cloudwatch alarms cleanup on destroy ecs group (#6315) (#6316)
feat(aws): CleanupAlarmsAgent with an optional user-defined name pattern (#6317) (#6319)
fix(ecs): Alarms with custom dimensions should be processed (#6324) (#6325)
fix(mergify): Mergify config needs adjusting for latest mergify releases (#6321) (#6326)
fix(openapi): Rewrite Swagger to OpenAPI annotations (#6309) (#6330)
chore(dependencies): Autobump korkVersion (#6331)
fix(google): Add partner metadata on instanceTemplate properties (#6334) (#6335)
chore(dependencies): Autobump fiatVersion (#6336)

Spinnaker Orca - 1.36.1

Spinnaker Echo - 1.36.1

refactor(test): fix test failure due to NullPointerException during upgrade of groovy 4.x (#1444)
chore(dependencies): Autobump korkVersion (#1443)
chore(dependencies): Autobump korkVersion (#1446)
chore(dependencies): Autobump fiatVersion (#1447)
chore(dependencies): Autobump korkVersion (#1448)
chore(dependencies): Autobump korkVersion (#1449)
chore(dependencies): Autobump korkVersion (#1450)
chore(dependencies): Autobump korkVersion (#1452)
refactor(retrofit): replace OkClient with Ok3Client (#1453)
feat(notifications/cdEvents): added support for customData at pipeline notification config level. (#1445)
fix(notifications/cdEvents): Fixed CDEvents notification for ManualJudgment (#1451)
fix(retrofit): remove all com.squareup.okhttp dependencies (#1454)
chore(dependencies): Autobump korkVersion (#1455)
chore(java): Full Java 17 support only (#1457)
chore(dependencies): Autobump korkVersion (#1456)
chore(upgrades): Update OS to latest supported releases (#1458)
chore(dependencies): Autobump fiatVersion (#1459)
chore(dependencies): Autobump korkVersion (#1467)
chore(dependencies): Autobump fiatVersion (#1469)

Spinnaker Front50 - 1.36.1

fix(gha): only bump halyard on master (#1490) (#1492)
chore(dependencies): Autobump fiatVersion (#1487)
feat(batchUpdate): enhance batch update functionality (#1483)
fix(gha): only bump halyard on master (#1490)
fix(front50-gcs): Fix ObjectType filenames for GCS Front50 persistent store (#1493)
chore(dependencies): Autobump korkVersion (#1499)
chore(dependencies): Autobump korkVersion (#1500)
chore(dependencies): Autobump fiatVersion (#1501)
chore(dependencies): Autobump korkVersion (#1502)
chore(dependencies): Autobump korkVersion (#1503)
chore(dependencies): Autobump korkVersion (#1505)
chore(dependencies): Autobump korkVersion (#1506)
feat(pipeline): add a pipelineNameFilter query param to the /pipelines/{application} endpoint (#1504)
chore(dependencies): Autobump korkVersion (#1508)
chore(java): Full Java 17 support only (#1507)
chore(dependencies): Autobump korkVersion (#1509)
chore(upgrades): Update OS to latest supported releases (#1510)
chore(dependencies): Autobump fiatVersion (#1511)
chore(build): create empty commit
fix(openapi): Rewrite Swagger to OpenAPI annotations (#1514) (#1521)
chore(dependencies): Autobump korkVersion (#1522)
chore(dependencies): Autobump fiatVersion (#1524)

Spinnaker Igor - 1.36.1

chore(dependencies): Autobump korkVersion (#1275)
chore(dependencies): Autobump korkVersion (#1276)
chore(dependencies): Autobump fiatVersion (#1277)
chore(dependencies): Autobump korkVersion (#1278)
chore(dependencies): Autobump korkVersion (#1279)
chore(dependencies): Autobump korkVersion (#1280)
chore(dependencies): Autobump korkVersion (#1281)
refactor(retrofit): replace OkClient with Ok3Client (#1282)
chore(build): target Java 17 bytecode (#1283)
chore(build): purge Java 11 (#1285)
refactor(retrofit): remove all com.squareup.okhttp dependencies (#1286)
chore(dependencies): Autobump korkVersion (#1287)
chore(dependencies): Autobump korkVersion (#1288)
chore(upgrades): Update OS to latest supported releases (#1289)
chore(dependencies): Autobump fiatVersion (#1290)
chore(dependencies): Autobump korkVersion (#1298)
chore(dependencies): Autobump fiatVersion (#1303)

Spinnaker Gate - 1.36.1

Pipeline config batch update (#1823)
feat(instrumentation): add instrumentation around echo event handling (#1824)
refactor(web/test): remove hard-coded port numbers from EchoServiceTest (#1828)
feat(web): add a config property that allows front50 to be the source of truth for applications (#1825)
feat(gate): copy the MDC to async controller method handler threads (#1829)
feat(web): populate the MDC when the ApplicationService gathers information from front50 and clouddriver (#1830)
chore(dependencies): Autobump korkVersion (#1832)
chore(dependencies): Autobump korkVersion (#1833)
chore(dependencies): Autobump fiatVersion (#1834)
fix(web): invoke pipeline config exception handling (#1831)
chore(dependencies): Autobump korkVersion (#1835)
perf(web): Query for individual pipelines (#1836)
chore(dependencies): Autobump korkVersion (#1837)
chore(dependencies): Autobump korkVersion (#1840)
chore(web): remove unused code from CleanupService (#1841)
fix(core): fix the issues caused due to the use of SpinnakerRetrofitErrorHandler in building FiatService (#1838)
chore(dependencies): Autobump korkVersion (#1843)
feat(pipelines): add pipelineNameFilter to /{application}/pipelineConfigs endpoint (#1839)
refactor(retrofit): replace OkClient with Ok3Client (#1844)
refactor(retrofit): remove all com.squareup.okhttp dependencies (#1845)
feat(gate-web): Add delete session tokens from redis endpoint (#1827)
chore(java): Upgrade fully to java 17 (#1846)
chore(dependencies): Autobump korkVersion (#1847)
chore(dependencies): Autobump korkVersion (#1848)
chore(upgrades): Update OS to latest supported releases (#1849)
chore(dependencies): Autobump fiatVersion (#1850)
fix(openapi): Uses openrewrite to convert swagger to openapi annotations (#1813) (#1859)
chore(dependencies): Autobump korkVersion (#1860)
chore(dependencies): Autobump fiatVersion (#1862)
fix(swagger): ensure byteArrayHttpMessageConverter is the first converter to render swagger UI (#1865) (#1867)

Spinnaker Deck - 1.36.1

fix(aws): Fix userData getting lost when cloning an AWS server group that uses launch templates (#6771) (#10132) (#10141)
chore(gcp): Adding STRONG_COOKIE_AFFINITY in gcp LB model (#10124)
fix(aws): Fix userData getting lost when cloning an AWS server group that uses launch templates (#6771) (#10132)
fix(aws): Fix IPv6 addresses being incorrectly associated when cloning server groups that have launch templates enabled (#6979) (#10142)
chore: Remove dead link from README (#10129)
feat(evaluateVariables stage) Made fetch exec history on evaluateVariables stage configurable (#10143)
feat(gce): support resourceManagerTags in instance template (#10146)
chore(deps): bump peter-evans/create-pull-request from 6 to 7 (#10147)
feat(gce): add support for hyperdisk in GCE (#10149)
feat(google): add support for partnerMetadata in GCE servergroup (#10150)
chore(deps): bump jpoehnelt/secrets-sync-action from 1.9.0 to 1.10.0 (#10148)
feat(deployManifest): Adding skipSpecTemplateLabels option (#10152)
fix(google): Add partner metadata on clone (#10161) (#10162)

Continuous-Deployment: v2.35.0 Armory Continuous Deployment Release (Spinnaker™ v1.35.5)

Fri, 24 Jan 2025 00:00:00 +0000

2025/01/24 Release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.35.0, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

Highlighted updates

Orca Feature Flag: SQL PipelineRef

Orca introduced a feature flag in its 1.35 release aimed at reducing execution size by converting PipelineTrigger to PipelineRefTrigger:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 executionRepository:
 sql:
 enabled: true
 pipelineRef:
 enabled: true

When this feature is enabled, child pipeline execution IDs are stored in SQL instead of the full child pipeline execution context. This improves efficiency without altering the in-memory representation of pipelines.

Pipelines function the same way in-memory, regardless of whether this feature is enabled.
Pipelines stored with child execution IDs remain fully functional even if the feature is later disabled.
If no issues arise in this release, the feature flag will be removed, and this behavior will become the default in an upcoming release.

For a detailed breakdown of these changes, see this PR.

Java 17

Spinnaker Services Migration to JDK 17

All Spinnaker services are now compiled using JDK 17, which is transpiled to Java 11 bytecode. Published images currently run JRE 17. In version 1.36, compilation will switch to Java 17 bytecode, completing our migration to JDK 17.

Please continue to report any issues by opening an issue in the Spinnaker repository.

Important Notes on JDK 17

JDK 17 enforces Strong Encapsulation. This means that some SpEL expressions, which previously used reflection, may not work as expected since the JDK now restricts reflection by default.

For example:

${ {"foo": "bar"}.toString() }

For this evaluation to succeed, add java--add-opens=java.base/java.util=ALL-UNNAMED to JAVA_OPTS for orca and echo.

Spring Boot 2.7.18

As part of the continued effort to upgrade Spring Boot, Spinnaker 1.35.0 now uses Spring Boot 2.7.18, an upgrade from Spinnaker 1.34.0’s use of Spring Boot 2.6.15.

Spring Boot 2.7 considers session data cached by Spring Boot 2.6 to be invalid. Therefore, users with cached sessions will be unable to log in until the invalid information is removed from the cache. Additionally, open browser windows to Spinnaker will be unresponsive after deployment until they’re reloaded.

To remove the cached session information, you can execute the following command on Gate’s Redis instance:

bash $ redis-cli keys "spring:session*" | xargs redis-cli del

Spring Boot 2.7 Changes

Spring Boot 2.7 brings the following updates:

Groovy upgrade from version 3.0.17 to 3.0.19
Replacement of the MySQL connector coordinate from mysql:mysql-connector-java to com.mysql:mysql-connector-j (version 8.0.33)
Changes to auto-configuration

RetrofitExceptionHandler Removed

RetrofitExceptionHandler has been removed from Orca as part of the ongoing effort to upgrade to Retrofit2. One step in this upgrade is to adjust error handling code, replacing RetrofitError (a Retrofit1 class not available in Retrofit2) with SpinnakerServerException (SpinnakerServerException.java) and its children, using SpinnakerRetrofitErrorHandler (SpinnakerRetrofitErrorHandler.java).

This has been completed in Orca, so there’s no longer any code that throws RetrofitError exceptions. If your instance of Spinnaker has plugins or other code that still relies on RetrofitError, adjust it to use SpinnakerRetrofitErrorHandler by adding:

.setErrorHandler(SpinnakerRetrofitErrorHandler.getInstance())

to the RestAdapter.Builder call, and change the corresponding exception handling. See this example.

Label Selector Support in Deploy Manifest Stages

Label selector support has been added to deploy manifest stages. For example:

"labelSelectors": {
 "selectors": [
 {
 "kind": "EQUALS",
 "key": "my-label-key",
 "values": [
 "my-value"
 ]
 }
 ]
}

For more details, refer to Kubernetes label overview and KubernetesSelector. Multiple selectors combine with AND (must all be satisfied).

Important Note:
kubectl replace does not support label selectors, so KubernetesDeployManifestOperation throws an exception if a deploy manifest stage specifies (non-empty) label selectors and has a manifest with the strategy.spinnaker.io/replace: "true" annotation.

It’s possible that none of the manifests may satisfy the label selectors. In that case, a new pipeline configuration property named allowNothingSelected determines the behavior:

If false (the default), KubernetesDeployManifestOperation throws an exception.
If true, the operation succeeds even though nothing was deployed.

The maxExpressionLength to set maximum expression length for SpEL evaluation

Spring Expression Language (SpEL) has a default limit of 10,000 characters. Springframework provides the feature to configure the limit. This feature allows to configure the limit of characters for SpEL expressions. Use this feature as given below:

# orca-local.yml
# echo-local.yml
expression:
 max-expression-length: <required limit>

Example manifest for Orca

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 orca:
 expression:
 max-expression-length: <required limit>

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.35.5 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: f0e7a7470b06b6a8a007f1494bc1d97ea6d4a52c
version: 2.35.0
deck:
commit: b04971d387e1a0664f536427976c0d64733044b5
version: 2.35.0
dinghy:
commit: 50041173d1a043493409059e7fa5d7a1a80fb553
version: 2.35.0
echo:
commit: 6117e5941dda2f2faa52639cba5e8449b0a64d0c
version: 2.35.0
fiat:
commit: ce4a5e689b66fce9f5aa4e3039f0fe1af5e69f74
version: 2.35.0
front50:
commit: 900b169d3cea95992d781e22939bb5fa1224a75d
version: 2.35.0
gate:
commit: af49faafbd341109028335630f25c46e9077bc1f
version: 2.35.0
igor:
commit: 56f0c75e06b79f2e3029b0b0da323a2d6c0dff6f
version: 2.35.0
kayenta:
commit: 8c63692f834f965848a6f238035d0fb01fbc2834
version: 2.35.0
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 9e94501096394c824bbfca5be5707d0d2c5f1713
version: 2.35.0
rosco:
commit: 9259f32ee4c6beb1bf1da32c0161590ecf3de800
version: 2.35.0
terraformer:
commit: 9756bee07eaabbb25b54812996314c22554ec1c0
version: 2.35.0
timestamp: "2025-01-23 23:27:17"
version: 2.35.0

Armory

Armory Rosco - 2.34.0…2.35.0

Fix permissions on container (#675)
chore(build): Updating Build dependencies (#671) (#672)
chore(cd): update base service version to rosco:2024.04.18.17.06.07.release-1.34.x (#666)
chore(cd): update armory-commons version to 3.16.2 (#664)
chore(cd): update base service version to rosco:2024.04.18.16.53.13.master (#659)
chore(cd): update base service version to rosco:2024.05.10.18.26.57.master (#665)
chore(cd): update base service version to rosco:2024.06.06.14.05.00.master (#667)
chore(cd): update base service version to rosco:2024.06.07.06.01.10.master (#668)
chore(cd): update base service version to rosco:2024.06.12.03.37.34.master (#669)
chore(cd): update base service version to rosco:2024.06.12.14.46.35.master (#670)
chore(build): Updating Build dependencies (#671)
chore(cd): update base service version to rosco:2024.07.01.17.46.03.master (#673)
chore(cd): update base service version to rosco:2024.07.01.23.43.22.master (#674)
chore(cd): update base service version to rosco:2024.07.02.18.24.20.master (#678)
chore(cd): update base service version to rosco:2024.08.06.19.21.17.master (#683)
chore(cd): update armory-commons version to 3.17.3 (#689)
chore(cd): update base service version to rosco:2024.08.06.19.21.17.release-1.35.x (#694)
chore(java): Migrate to Java 17 (#695) (#696)
fix(java): fix merge conflict (#697)
chore(cd): update base service version to rosco:2024.11.26.16.17.32.release-1.35.x (#708)

Armory Echo - 2.34.0…2.35.0

chore(cd): update armory-commons version to 3.16.2 (#716)
chore(cd): update base service version to echo:2024.04.27.02.26.26.master (#712)
chore(cd): update base service version to echo:2024.05.10.18.24.59.master (#717)
chore(cd): update base service version to echo:2024.06.06.14.04.52.master (#718)
chore(cd): update base service version to echo:2024.06.07.06.00.43.master (#719)
chore(cd): update base service version to echo:2024.06.12.05.10.02.master (#720)
chore(cd): update base service version to echo:2024.06.12.14.34.33.master (#721)
chore(cd): update base service version to echo:2024.06.12.14.52.56.master (#722)
chore(build): Updating Build dependencies (#723)
chore(cd): update base service version to echo:2024.07.01.23.39.31.master (#726)
chore(cd): update base service version to echo:2024.07.02.19.53.07.master (#729)
chore(cd): update base service version to echo:2024.07.09.16.15.40.master (#730)
chore(cd): update base service version to echo:2024.07.11.21.33.00.master (#731)
chore(cd): update base service version to echo:2024.07.18.11.05.25.master (#732)
chore(cd): update base service version to echo:2024.07.19.13.57.31.master (#733)
chore(cd): update base service version to echo:2024.07.30.18.39.41.master (#734)
chore(cd): update base service version to echo:2024.08.06.19.58.37.master (#735)
chore(cd): update base service version to echo:2024.08.13.08.15.00.master (#736)
chore(cd): update armory-commons version to 3.17.3 (#743)
chore(java): migrate to jdk 17 (backport #750) (#751)
chore(cd): update base service version to echo:2024.08.13.08.15.00.release-1.35.x (#763)

Terraformer™ - 2.34.0…2.35.0

fix: ASSMT-304: Jobs are in RUNNING status indefinitely. (#563)
fix: ASSMT-304: func passes lock by value issue. (#564)
fix: ASSMT-304: panic: interface conversion: interface {} is **runner.Job, not *runner.Job. (#565)
chore: Move terraformer versions to docker hub (#567)
Fix: typo in secret for docker password (#568)
fix: ASSMT-304: Performance degradation. (#566)
fix: ASSMT-304: incorrect Terraform stage execution status, logs appeared after the stage was executed, truncated logs, missing data in the context outputs of the stage. (#570)

Armory Front50 - 2.34.0…2.35.0

chore(cd): update base service version to front50:2024.06.18.14.36.38.release-1.34.x (#696)
chore(cd): update armory-commons version to 3.16.2 (#685)
chore(cd): update base service version to front50:2024.04.29.15.39.38.master (#682)
chore(cd): update base service version to front50:2024.05.10.18.26.08.master (#686)
chore(cd): update base service version to front50:2024.05.16.17.58.24.master (#687)
chore(cd): update base service version to front50:2024.06.03.19.41.03.master (#688)
chore(cd): update base service version to front50:2024.06.06.14.02.13.master (#689)
chore(cd): update base service version to front50:2024.06.07.05.54.32.master (#690)
chore(cd): update base service version to front50:2024.06.10.17.07.03.master (#691)
chore(cd): update base service version to front50:2024.06.11.21.15.35.master (#693)
chore(cd): update base service version to front50:2024.06.12.04.59.08.master (#694)
chore(cd): update base service version to front50:2024.06.12.14.34.39.master (#695)
chore(build): Updating Build dependencies (#697)
chore(cd): update base service version to front50:2024.07.01.23.39.55.master (#699)
chore(cd): update base service version to front50:2024.07.02.18.24.06.master (#701)
chore(cd): update base service version to front50:2024.07.12.17.45.40.master (#702)
chore(cd): update base service version to front50:2024.07.17.18.08.28.master (#703)
chore(cd): update base service version to front50:2024.07.23.02.51.23.master (#704)
chore(cd): update base service version to front50:2024.07.30.18.37.55.master (#705)
chore(cd): update base service version to front50:2024.08.06.19.20.30.master (#706)
chore(cd): update base service version to front50:2024.08.13.08.16.50.master (#707)
chore(cd): update base service version to front50:2024.08.17.02.15.46.master (#709)
chore(cd): update base service version to front50:2024.08.18.01.59.14.master (#710)
chore(cd): update base service version to front50:2024.08.23.15.47.09.master (#714)
chore(cd): update armory-commons version to 3.17.3 (#719)
chore(cd): update base service version to front50:2024.08.23.16.11.34.release-1.35.x (#724)
chore(java): migrate to jdk 17 (backport #726) (#727)

Armory Fiat - 2.34.0…2.35.0

chore(cd): update armory-commons version to 3.16.2 (#606)
chore(cd): update base service version to fiat:2024.04.27.01.37.20.master (#602)
chore(cd): update base service version to fiat:2024.05.01.20.55.58.master (#607)
chore(cd): update base service version to fiat:2024.05.10.18.23.12.master (#608)
chore(cd): update base service version to fiat:2024.06.06.14.02.18.master (#609)
chore(cd): update base service version to fiat:2024.06.07.05.54.34.master (#610)
chore(cd): update base service version to fiat:2024.06.12.03.57.15.master (#611)
chore(cd): update base service version to fiat:2024.06.12.14.43.24.master (#612)
chore(build): Updating Build dependencies (#613)
chore(cd): update base service version to fiat:2024.07.01.23.37.17.master (#616)
chore(cd): update base service version to fiat:2024.07.02.18.24.28.master (#618)
chore(cd): update base service version to fiat:2024.08.06.19.16.43.master (#624)
chore(cd): update armory-commons version to 3.17.3 (#630)
chore(cd): update base service version to fiat:2024.08.06.19.16.43.release-1.35.x (#635)
chore(java): migrate to java 17 (backport #636) (#637)

Armory Deck - 2.34.0…2.35.0

chore(cd): update base deck version to 2024.0.0-20240513181436.release-1.34.x (#1417)
chore(cd): update base deck version to 2024.0.0-20240510163512.release-1.34.x (#1413)
chore(cd): update base deck version to 2024.0.0-20240509180831.release-1.34.x (#1410)
chore(cd): update base deck version to 2024.0.0-20240507163358.release-1.34.x (#1407)
chore(cd): update base deck version to 2024.0.0-20240425133611.master (#1402)
chore(cd): update base deck version to 2024.0.0-20240507073802.master (#1405)
chore(cd): update base deck version to 2024.0.0-20240507161802.master (#1406)
chore(cd): update base deck version to 2024.0.0-20240510143732.master (#1411)
chore(cd): update base deck version to 2024.0.0-20240512134402.master (#1414)
chore(cd): update base deck version to 2024.0.0-20240513123242.master (#1415)
chore(cd): update base deck version to 2024.0.0-20240610143829.master (#1419)
chore(cd): update base deck version to 2024.0.0-20240626113443.master (#1422)
chore(cd): update base deck version to 2024.0.0-20240701180101.master (#1423)
chore(cd): update base deck version to 2024.0.0-20240709230956.master (#1424)
chore(cd): update base deck version to 2024.0.0-20240801174507.master (#1425)
chore(cd): update base deck version to 2024.0.0-20240808170143.master (#1426)
chore(cd): update base deck version to 2024.0.0-20240808170143.master (#1429)
chore(cd): update base deck version to 2024.0.0-20240911165928.release-1.35.x (#1431)

Armory Gate - 2.34.0…2.35.0

chore(build): Updating Build dependencies (#732) (#733)
chore(cd): update armory-commons version to 3.16.2 (#721)
Updating Armory commons and gradle jar (#714)
chore(build): Updating Build dependencies (#732)
chore(cd): update base service version to gate:2024.06.12.14.34.23.master (#731)
chore(cd): update base service version to gate:2024.07.02.02.26.57.master (#736)
chore(cd): update base service version to gate:2024.07.02.18.25.11.master (#738)
chore(cd): update base service version to gate:2024.07.12.17.45.03.master (#739)
chore(cd): update base service version to gate:2024.07.17.16.39.39.master (#740)
chore(cd): update base service version to gate:2024.07.17.18.06.59.master (#741)
chore(cd): update base service version to gate:2024.07.30.18.41.46.master (#742)
chore(cd): update base service version to gate:2024.08.06.19.17.52.master (#743)
chore(cd): update base service version to gate:2024.08.13.08.18.00.master (#748)
chore(cd): update base service version to gate:2024.08.23.19.46.38.master (#749)
chore(cd): update armory-commons version to 3.17.3 (#755)
chore(base): bump base 1.35 and migrate to jdk17 (#766)
chore(java): migrate to jdk 17 (backport #767) (#768)

Armory Orca - 2.34.0…2.35.0

chore(build): Updating Build dependencies (#911)
chore(cd): update base orca version to 2024.06.12.02.19.43.release-1.34.x (#899)
chore(cd): update base orca version to 2024.06.11.23.58.30.release-1.34.x (#898)
chore(cd): update base orca version to 2024.06.11.17.07.47.release-1.34.x (#896)
chore(cd): update base orca version to 2024.05.09.17.57.44.release-1.34.x (#888)
chore(cd): update armory-commons version to 3.16.2 (#883)
chore(cd): update base orca version to 2024.04.29.19.19.52.master (#880)
chore(cd): update base orca version to 2024.05.01.16.01.28.master (#884)
chore(cd): update base orca version to 2024.05.07.02.35.57.master (#886)
chore(cd): update base orca version to 2024.05.09.11.44.35.master (#887)
chore(cd): update base orca version to 2024.05.10.18.29.13.master (#890)
chore(cd): update base orca version to 2024.06.06.14.09.33.master (#891)
chore(cd): update base orca version to 2024.06.07.06.05.25.master (#892)
chore(cd): update base orca version to 2024.06.10.16.36.40.master (#894)
chore(cd): update base orca version to 2024.06.11.02.19.24.master (#895)
chore(cd): update base orca version to 2024.06.11.21.15.44.master (#897)
chore(cd): update base orca version to 2024.06.12.08.13.09.master (#900)
chore(cd): update base orca version to 2024.06.12.14.47.24.master (#901)
chore(cd): update base orca version to 2024.06.12.21.59.59.master (#902)
chore(cd): update base orca version to 2024.06.13.04.50.47.master (#903)
chore(cd): update base orca version to 2024.06.13.18.56.50.master (#904)
chore(cd): update base orca version to 2024.06.13.19.24.10.master (#905)
chore(cd): update base orca version to 2024.06.13.22.33.24.master (#906)
chore: Builds working with latest versions (#907)
fix: Testing GHA fixes (#908)
Snakeyaml build fix (#909)
chore(cd): update base orca version to 2024.06.25.16.25.46.master (#910)
chore(cd): update base orca version to 2024.07.01.23.50.54.master (#913)
chore(cd): update base orca version to 2024.07.03.16.08.40.master (#917)
chore(cd): update base orca version to 2024.07.10.14.30.54.master (#919)
chore(cd): update base orca version to 2024.07.16.20.38.37.master (#923)
chore(cd): update base orca version to 2024.08.21.22.59.27.master (#934)
chore(cd): update base orca version to 2024.08.28.15.02.07.master (#936)
chore(cd): update armory-commons version to 3.17.3 (#940)
chore(dep): update base to 2024.08.13.08.26.10.release-1.35.x (#950)
chore(java): migrate to java 17 (#949) (#951)
chore(cd): update base orca version to 2024.12.11.15.53.21.release-1.35.x (#967)
chore(cd): update base orca version to 2024.12.13.15.15.00.release-1.35.x (#970)

Armory Clouddriver - 2.34.0…2.35.0

chore(cd): update base service version to clouddriver:2024.06.11.19.47.52.release-1.34.x (#1136)
chore(cd): update base service version to clouddriver:2024.06.11.18.46.36.release-1.34.x (#1135)
chore(cd): update base service version to clouddriver:2024.06.11.17.42.55.release-1.34.x (#1134)
chore(cd): update base service version to clouddriver:2024.05.15.14.49.18.release-1.34.x (#1126)
chore(cd): update base service version to clouddriver:2024.05.07.00.11.46.release-1.34.x (#1122)
chore(cd): update armory-commons version to 3.16.2 (#1118)
chore(cd): update base service version to clouddriver:2024.04.29.20.13.35.master (#1115)
chore(cd): update base service version to clouddriver:2024.05.01.12.49.03.master (#1119)
chore(cd): update base service version to clouddriver:2024.05.01.21.46.13.master (#1120)
chore(cd): update base service version to clouddriver:2024.05.02.04.24.59.master (#1121)
chore(cd): update base service version to clouddriver:2024.05.10.18.56.26.master (#1124)
chore(cd): update base service version to clouddriver:2024.05.15.14.03.08.master (#1125)
chore(cd): update base service version to clouddriver:2024.05.16.17.58.54.master (#1128)
chore(cd): update base service version to clouddriver:2024.06.05.17.42.55.master (#1130)
chore(cd): update base service version to clouddriver:2024.06.06.14.39.20.master (#1131)
chore(cd): update base service version to clouddriver:2024.06.07.06.44.17.master (#1132)
chore(cd): update base service version to clouddriver:2024.06.07.15.13.58.master (#1133)
chore(cd): update base service version to clouddriver:2024.06.12.06.05.50.master (#1137)
chore(cd): update base service version to clouddriver:2024.06.12.15.09.36.master (#1138)
chore(build): Updating Build dependencies (#1140)
chore(cd): update base service version to clouddriver:2024.06.26.14.55.22.master (#1141)
chore(cd): update base service version to clouddriver:2024.07.02.00.14.36.master (#1143)
chore(cd): update base service version to clouddriver:2024.07.02.17.16.09.master (#1144)
chore(cd): update base service version to clouddriver:2024.07.09.23.51.13.master (#1145)
chore(cd): update base service version to clouddriver:2024.07.12.18.00.41.master (#1146)
chore(cd): update base service version to clouddriver:2024.07.13.14.35.46.master (#1147)
chore(cd): update base service version to clouddriver:2024.07.13.20.49.12.master (#1148)
chore(cd): update base service version to clouddriver:2024.07.16.21.05.02.master (#1149)
chore(cd): update base service version to clouddriver:2024.07.17.17.30.47.master (#1150)
chore(cd): update base service version to clouddriver:2024.08.07.03.50.02.master (#1153)
chore(cd): update base service version to clouddriver:2024.08.07.04.42.37.master (#1154)
chore(cd): update base service version to clouddriver:2024.08.08.16.49.12.master (#1155)
chore(cd): update base service version to clouddriver:2024.08.13.08.52.16.master (#1158)
chore(cd): update base service version to clouddriver:2024.08.16.16.47.04.master (#1159)
chore(cd): update base service version to clouddriver:2024.08.17.18.34.38.master (#1162)
chore(cd): update base service version to clouddriver:2024.08.18.01.11.26.master (#1164)
chore(cd): update base service version to clouddriver:2024.08.19.18.37.14.master (#1166)
chore(cd): update base service version to clouddriver:2024.08.20.16.01.28.master (#1167)
chore(cd): update base service version to clouddriver:2024.08.20.17.06.19.master (#1168)
chore(cd): update base service version to clouddriver:2024.08.27.16.04.19.master (#1170)
chore(cd): update armory-commons version to 3.17.3 (#1174)
chore(cd): update base service version to clouddriver:2024.08.27.16.52.09.release-1.35.x (#1182)
chore(cd): update base service version to clouddriver:2024.10.15.15.18.20.release-1.35.x (#1185)
chore(java): compile base service with Java 17 (#1183) (#1186)
chore(java): Migrate to java 17 (#1187) (#1188)
chore(cd): update base service version to clouddriver:2024.12.13.19.41.27.release-1.35.x (#1203)
chore(cd): update base service version to clouddriver:2025.01.03.20.45.15.release-1.35.x (#1207)

Dinghy™ - 2.34.0…2.35.0

chore(dependencies): v0.0.0-20240213103436-d0dc889db2c6 (#529)
chore: Bumps and delete support (#533)

Armory Kayenta - 2.34.0…2.35.0

chore(build): Updating Build dependencies (#544) (#545)
chore(cd): update base service version to kayenta:2024.04.01.18.08.38.master (#530)
chore(build): Updating Build dependencies (#544)
chore(cd): update base service version to kayenta:2024.06.13.14.30.12.master (#542)
chore(cd): update base service version to kayenta:2024.07.01.15.11.36.master (#546)
chore(cd): update base service version to kayenta:2024.07.03.20.32.39.master (#547)
chore(cd): update base service version to kayenta:2024.08.08.17.03.42.master (#548)
chore(cd): update base service version to kayenta:2024.08.13.23.14.13.master (#551)
chore(cd): update armory-commons version to 3.17.3 (#557)
chore(java): migrate to java 17 (#560) (#561)
chore(cd): update base service version to kayenta:2025.01.22.22.30.54.release-1.35.x (#575)

Armory Igor - 2.34.0…2.35.0

chore(cd): update armory-commons version to 3.16.2 (#606)
chore(cd): update base service version to igor:2024.04.27.02.25.13.master (#602)
chore(cd): update base service version to igor:2024.05.08.16.58.51.master (#607)
chore(cd): update base service version to igor:2024.05.10.18.23.25.master (#608)
chore(cd): update base service version to igor:2024.06.06.14.04.06.master (#609)
chore(cd): update base service version to igor:2024.06.07.05.55.00.master (#610)
chore(cd): update base service version to igor:2024.06.12.03.35.53.master (#611)
chore(cd): update base service version to igor:2024.06.12.14.42.33.master (#612)
chore(build): Updating Build dependencies (#613)
chore(cd): update base service version to igor:2024.07.01.15.13.01.master (#615)
chore(cd): update base service version to igor:2024.07.01.23.40.57.master (#616)
chore(cd): update base service version to igor:2024.07.02.18.22.57.master (#618)
chore(cd): update base service version to igor:2024.07.17.18.07.09.master (#619)
chore(cd): update base service version to igor:2024.07.30.18.41.52.master (#620)
chore(cd): update base service version to igor:2024.08.06.19.18.18.master (#621)
chore(cd): update base service version to igor:2024.08.13.08.13.54.master (#622)
chore(cd): update armory-commons version to 3.17.3 (#628)
chore(cd): update base service version to igor:2024.08.13.08.13.54.release-1.35.x (#634)
chore(java): migrate to java 17 (#635)

Spinnaker

Spinnaker Rosco - 1.35.5

chore(dependencies): Autobump korkVersion (#1086)
fix(install): Removed install_aws_cli2 function from Debian post installation script which installs a Debian package within a Debian package causing errors, as well as errors when an aws cli is already installed (#6945) (#1088)
chore(dependencies): Autobump korkVersion (#1090)
chore(dependencies): Autobump korkVersion (#1091)
chore(dependencies): Autobump korkVersion (#1092)
chore(dependencies): Autobump korkVersion (#1093)
chore(dependencies): Autobump korkVersion (#1094)
chore(dependencies): Autobump korkVersion (#1095)
chore(build): enable cross compilation plugin for Java 17 (#1096)
chore(deps): bump docker/build-push-action from 5 to 6 (#1097)
chore(dependencies): Autobump korkVersion (#1098)
chore(dependencies): Autobump korkVersion (#1099)
chore(dependencies): Autobump korkVersion (#1100)
chore(dependencies): Autobump korkVersion (#1101)
refactor(test): fix scope of init method while upgrading junit to 5.9.0 (#1102)
chore(dependencies): Autobump korkVersion (#1103)
chore(dependencies): Autobump korkVersion (#1104)
chore(dependencies): Autobump korkVersion (#1105)
fix(gceBakeHandler): Updating Image name pattern to match googlecompute pre/post 1.1.2 plugin (#1122) (#1124)

Spinnaker Echo - 1.35.5

chore(dependencies): Autobump korkVersion (#1419)
chore(dependencies): Autobump korkVersion (#1420)
chore(dependencies): Autobump korkVersion (#1422)
chore(dependencies): Autobump korkVersion (#1423)
chore(dependencies): Autobump korkVersion (#1425)
chore(dependencies): Autobump fiatVersion (#1427)
chore(build): enable cross compilation plugin for Java 17 (#1426)
chore(deps): bump docker/build-push-action from 5 to 6 (#1430)
chore(dependencies): Autobump korkVersion (#1431)
chore(dependencies): Autobump korkVersion (#1432)
chore(dependencies): Autobump korkVersion (#1433)
feat(SpEL): implement to configure the limit of characters for SpEL expressions (#1429)
test(pipelinetriggers): demonstrate behavior of SpEL expression evaluation (#1434)
feat(notifications/cdEvents): added support for customData (#1424)
chore(dependencies): Autobump korkVersion (#1435)
chore(dependencies): Autobump korkVersion (#1436)
refactor(amazon_sqs_subscriber): moved AmazonSQSSubscriberSpec (groovy) unit test to AmazonSQSSubscriberTest (java) (#1428)
chore(dependencies): Autobump korkVersion (#1437)
chore(dependencies): Autobump korkVersion (#1438)
chore(dependencies): Autobump fiatVersion (#1439)

Spinnaker Front50 - 1.35.5

chore(dependencies): Autobump fiatVersion (#1454)
refactor(web): change ensureCronTriggersHaveIdentifier to return void (#1457)
chore(dependencies): Autobump korkVersion (#1460)
chore(dependencies): Autobump fiatVersion (#1461)
chore(dependencies): Autobump korkVersion (#1462)
feat(migrations): Support for migrations defined in plugins (#1458)
chore(dependencies): Autobump korkVersion (#1463)
chore(dependency): unpin mysql-connector-java (#1464)
fix(web): Retrieve dependent pipelines correctly (#1459)
chore(dependencies): Autobump korkVersion (#1467)
chore(dependencies): Autobump korkVersion (#1468)
fix(migrator): GCS to SQL migrator APPLICATION_PERMISSION objectType fix (#1466)
chore(build): enable cross compilation plugin for Java 17 (#1469)
chore(dependencies): Autobump korkVersion (#1475)
chore(dependencies): Autobump fiatVersion (#1476)
chore(deps): bump docker/build-push-action from 5 to 6 (#1477)
chore(dependencies): Autobump korkVersion (#1478)
chore(dependencies): Autobump korkVersion (#1479)
chore(dependencies): Autobump korkVersion (#1480)
chore(dependencies): Autobump korkVersion (#1481)
chore(dependencies): Autobump korkVersion (#1482)
refactor(validator): moved validator groovy unit tests to java (#1484)
chore(dependencies): Autobump korkVersion (#1485)
chore(dependencies): Autobump korkVersion (#1486)
chore(dependencies): Autobump fiatVersion (#1487)
fix(gha): only bump halyard on master (#1490) (#1492)
fix(front50-gcs): Fix ObjectType filenames for GCS Front50 persistent store (#1493) (#1495)

Spinnaker Fiat - 1.35.5

chore(dependencies): Autobump korkVersion (#1157)
feat(build): add fiat-integration module to exercise the just-built docker imageTest docker image (#1158)
chore(dependencies): Autobump korkVersion (#1159)
chore(dependencies): Autobump korkVersion (#1163)
chore(dependencies): Autobump korkVersion (#1164)
chore(dependencies): Autobump korkVersion (#1165)
chore(build): enable cross compilation plugin for Java 17 (#1166)
chore(deps): bump docker/build-push-action from 5 to 6 (#1167)
chore(dependencies): Autobump korkVersion (#1168)
chore(dependencies): Autobump korkVersion (#1169)
chore(dependencies): Autobump korkVersion (#1170)
chore(dependencies): Autobump korkVersion (#1171)
chore(dependencies): Autobump korkVersion (#1172)
refactor(fiat-core): convert groovy unit tests to java (#1174)
chore(dependencies): Autobump korkVersion (#1175)
fix(ldap/roles): fix the issue of multiple entries in Ldap for single user (#1173)
chore(dependencies): Autobump korkVersion (#1176)

Spinnaker Deck - 1.35.5

fix(redblack): fixing redblack onchange values (#10107) (#10109)
fix(pipeline): Handle render/validation when stageTimeoutMs is a Spel expression (#10103) (#10104)
feat(taskView): Implement opt-in paginated request for TaskView (#10093) (#10096)
fix(lambda): Invoke stage excludedArtifactTypes not including the embedded-artifact type (#10097) (#10100)
fix(lambdaStages): Exporting Lambda stages based on the feature flag settings (#10085) (#10090)
fix(pipelineGraph): Handling exception when requisiteStageRefIds is not defined (#10086) (#10087)
chore(deps-dev): bump vite from 2.9.17 to 2.9.18 in /packages/app (#10082)
fix(pipelineGraph): Handling exception when requisiteStageRefIds is not defined (#10086)
fix(lambdaStages): Exporting Lambda stages based on the feature flag settings (#10085)
feat(taskView): Implement opt-in paginated request for TaskView (#10093)
fix(lambda): Invoke stage excludedArtifactTypes not including the embedded-artifact type (#10097)
fix(pipeline): Handle render/validation when stageTimeoutMs is a Spel expression (#10103)
Publish packages to NPM (#10074)
fix(redblack): fixing redblack onchange values (#10107)
fix(lambda): Export LambdaRoute stage on aws module (#10116)
Publish packages to NPM (#10108)
feat(pluginsdk): Allow overriding proxy ports in deck dev-proxy (#10115)
chore(deps): bump @spinnaker/kayenta from 2.1.0 to 2.3.0 (#10114)
chore(deps): bump docker/build-push-action from 5 to 6 (#10121)
chore(secrets): adding GHA to sync NPM_AUTH_TOKEN to spinnaker/spinna… (#10122)
chore(deps): bump actions/checkout from 2 to 4 (#10123)
chore(gcp): Adding STRONG_COOKIE_AFFINITY in gcp LB model (#10124)
fix(aws): Fix userData getting lost when cloning an AWS server group that uses launch templates (#6771) (#10132) (#10141)
fix(aws): Fix IPv6 addresses being incorrectly associated when cloning server groups that have launch templates enabled (#6979) (#10142) (#10144)

Spinnaker Gate - 1.35.5

chore(dependencies): Autobump korkVersion (#1791)
chore(dependencies): Autobump fiatVersion (#1792)
chore(dependencies): Autobump korkVersion (#1793)
feat(build): add gate-integration module to exercise the just-built docker image (#1794)
feat(gha): run integration test in branch builds (#1795)
feat(saml): Update SAML to use Spring Security (#1744)
chore(dependencies): Autobump korkVersion (#1797)
fix(web/test): stop leaking system properties from FunctionalSpec (#1798)
chore(dependencies): Autobump korkVersion (#1801)
chore(dependencies): Autobump korkVersion (#1802)
chore(build): enable cross compilation plugin for Java 17 (#1803)
chore(dependencies): Autobump korkVersion (#1804)
chore(dependencies): Autobump fiatVersion (#1805)
chore(dependencies): Autobump korkVersion (#1806)
chore(deps): bump docker/build-push-action from 5 to 6 (#1807)
chore(dependencies): Autobump korkVersion (#1808)
chore(dependencies): Autobump korkVersion (#1809)
chore(dependencies): Autobump korkVersion (#1810)
refactor(test): fix scope of setup method while upgrading junit to 5.9.0 (#1811)
chore(dependencies): Autobump korkVersion (#1812)
chore(dependencies): Autobump korkVersion (#1814)
chore(dependencies): Autobump korkVersion (#1815)
fix(core): remove ErrorPageSecurityFilter bean named errorPageSecurityFilter (#1819)
chore(dependencies): Autobump fiatVersion (#1820)

Spinnaker Orca - 1.35.5

fix(liquibase): fix checkSum errors occurring with spinnaker upgrade (#4727) (#4744)
fix(tests): add new containerized integration tests to run orca with mysql and postgres (#4736) (#4742)
feat(build): add orca-integration module to exercise the just-built docker image (#4721) (#4740)
fix(blueGreen): Scaling replicaSets should not be considered for deletion (#4728) (#4730)
fix(jenkins): Wrong Job name encoding in query params for Artifacts/Properties (#4722) (#4723)
chore(dependencies): Autobump fiatVersion (#4704)
feat(front50): set front50.useTriggeredByEndpoint to true by default (#4707)
fix(clouddriver): Handle the Retrofit conversionError in ClusterSizePreconditionTask (#4708)
fix(test/keel): Javadoc referring to missing method in ImportDeliveryConfigTaskTest (#4709)
fix(clouddriver): Throw SpinnakerHttpException when Http status is 403 in DetermineSourceServerGroupTask (#4710)
fix(test/bakery): Mock http errors using SpinnakerHttpException in CompletedBakeTaskSpec (#4711)
chore(dependencies): Autobump korkVersion (#4713)
chore(dependencies): Autobump fiatVersion (#4714)
chore(dependencies): Autobump korkVersion (#4715)
refactor(retrofit): Cleanup unused RetrofitError occurrences (#4712)
fix(test/clouddriver): Mock http error using SpinnakerHttpException in WaitForCloudFormationCompletionTaskSpec (#4717)
refactor(retrofit): Dismantle RetrofitExceptionHandler (#4716)
feat(build): add orca-integration module to exercise the just-built docker image (#4721)
fix(jenkins): Wrong Job name encoding in query params for Artifacts/Properties (#4722)
chore(dependencies): Autobump korkVersion (#4726)
fix(blueGreen): Scaling replicaSets should not be considered for deletion (#4728)
chore(dependencies): Autobump korkVersion (#4734)
chore(dependencies): Autobump korkVersion (#4735)
fix(tests): add new containerized integration tests to run orca with mysql and postgres (#4736)
fix(liquibase): fix checkSum errors occurring with spinnaker upgrade (#4727)
chore(build): enable cross compilation plugin for Java 17 (#4738)
chore(dependencies): Autobump korkVersion (#4745)
chore(dependencies): Autobump fiatVersion (#4746)
fix(dokka): use version 1.9.20 of org.jetbrains.dokka (#4747)
fix(build): revert java17 changes (#4750)
chore(gradle): Fix gradle test memory allocation (#4748)
chore(build): exercise dokka in prs and branch builds (#4751)
chore(build): enable cross compilation plugin for Java 17 (take 2) (#4752)
fix(integration/test): increase container startup time (#4754)
fix(build): remove dokka plugin since it doesn’t work with java 17 (#4753)
chore(deps): bump docker/build-push-action from 5 to 6 (#4756)
chore(dependencies): Autobump korkVersion (#4757)
chore(dependencies): Autobump korkVersion (#4758)
chore(dependencies): Autobump korkVersion (#4759)
feat(SpEL): implement to configure the limit of characters for SpEL expressions (#4755)
perf(sql): Store child pipeline execution in trigger as reference (#4749)
test(core): demonstrate behavior of SpEL expression evaluation (#4762)
fix(orca-clouddriver): replace getType() with StageDefinitionBuilder.getType() for DestroyServerGroup (#4761)
chore(dependencies): Autobump korkVersion (#4763)
fix(tests): refactor tests and junit platform name to execute startup tests (#4764)
fix(sqlExecutionRepo): Return compressed columns when enabled for retrieve pipelines with configId (#4765)
test(sql): Add extra test for pipelineRef feature flag (#4760)
chore(dependencies): Autobump korkVersion (#4767)
chore(dependencies): Autobump korkVersion (#4768)
refactor(test): replace assertion used from library unitils-core to assertj-core while spockframework upgrade to 2.2-groovy-3.0 (#4769)
chore(dependency): add explicit assertj-core dependency while spockframework upgrade to 2.2-groovy-3.0 (#4770)
chore(dependency): add explicit byte-buddy dependency while upgrading spockframework to 2.2-groovy-3.0 (#4771)
chore(dependencies): Autobump korkVersion (#4772)
chore(dependencies): Autobump fiatVersion (#4774)
fix(ecs): Docker image extraction from context (#4812) (#4814)
fix(pipelineRef): add resolvedExpectedArtifacts from pipelineTrigger to PipelineRefTrigger (#4816) (#4818)

Spinnaker Clouddriver - 1.35.5

fix(liquibase): fix checkSum errors occurring with spinnaker upgrade (#6217) (#6232)
fix(tests): refactored existing containerized integration test and added new tests for postgres and mysql (#6221) (#6230)
feat(build): add fiat-integration module to exercise the just-built docker imageTest docker image (#6206) (#6228)
fix(ClusterController): Fix GetClusters returning only the last 2 providers clusterNames of application (#6210) (#6213)
fix(gcp): Relaxed health check for GCP accounts (#6200) (#6202)
fix(databaseChangeLog): fix for ‘addAfterColumn is not allowed on postgresql’ (#6194) (#6196)
chore(deps): remove duplicate/old fiatVersion (#6191) (#6193)
chore(dependencies): Autobump korkVersion (#6183) (#6192)
feat(docker): Add RBAC support to Docker accounts (#6187)
chore(dependencies): Autobump korkVersion (#6183)
chore(deps): remove duplicate/old fiatVersion (#6191)
fix(databaseChangeLog): fix for ‘addAfterColumn is not allowed on postgresql’ (#6194)
chore(dependencies): Autobump korkVersion (#6197)
chore(dependencies): Autobump fiatVersion (#6198)
chore(dependencies): Autobump korkVersion (#6199)
feat(aws): Install AWS CLI v2, upgrade aws-iam-authenticator, remove s3cmd (#6156)
fix(gcp): Relaxed health check for GCP accounts (#6200)
chore(deps): bump gradle/wrapper-validation-action from 2 to 3 (#6205)
feat(build): add fiat-integration module to exercise the just-built docker imageTest docker image (#6206)
chore(ecs/dependencies): make spring-boot-starter-test a testImplememtation dependency (#6207)
chore(dependencies): Autobump korkVersion (#6208)
fix(ClusterController): Fix GetClusters returning only the last 2 providers clusterNames of application (#6210)
chore(dependency): unpin mysql-connector-java (#6214)
config(googlecloudsdkversion): Upgraded the google cloud sdk version from 412.0.0 to 476.0.0 in clouddriver. (#6216)
feat(kubernetes): support label selectors in deploy manifest stages (#6220)
fix(tests): refactored existing containerized integration test and added new tests for postgres and mysql (#6221)
chore(dependencies): Autobump korkVersion (#6223)
chore(dependencies): Autobump korkVersion (#6224)
fix(liquibase): fix checkSum errors occurring with spinnaker upgrade (#6217)
chore(dependencies): Autobump korkVersion (#6233)
chore(dependencies): Autobump fiatVersion (#6234)
fix(aws): allow enabledMetrics: [] to enable all metrics (#6238)
fix(google): fixing UpsertGoogleAutoscalingPolicyAtomicOperation missing Autowired for objectMapper and cacheView (#6237)
chore(build): enable cross compilation plugin for Java 17 (#6226)
chore(dependencies): Autobump korkVersion (#6243)
chore(dependencies): Autobump korkVersion (#6244)
chore(dependencies): Autobump korkVersion (#6245)
chore(azure/build): improve test times for azure (#6246)
chore(deps): bump docker/build-push-action from 5 to 6 (#6242)
feat(aws): support throughput property of block devices (#6248)
chore(dependencies): Autobump korkVersion (#6247)
fix(kubernetes/job): Fix an edge case where a job can have no pods (#6251)
refactor(test): fix scope of setup method while upgrading junit to 5.9.0 (#6249)
chore(dependencies): Autobump korkVersion (#6253)
feat(kubernetes): Skip applying labels to spec.template.metadata if skipSpecTemplateLabels is true (#6254)
perf(cache): Optimise heap usage in KubernetesCachingAgent (#6255)
chore(dependency): add explicit byte-buddy dependency while upgrading spockframework to 2.2-groovy-3.0 (#6257)
chore(dependencies): Autobump korkVersion (#6258)
chore(gcp): Adding STRONG_COOKIE_AFFINITY in gcp LB model (#6259)
chore(dependencies): Autobump fiatVersion (#6264)
fix(kubernetes): teach deployManifest stages to handle label selectors with generateName (#6265)
fix(gha): only bump halyard on master (#6268) (#6270)
fix(gha): remove whitespace from BRANCH in release.yml (#6271) (#6273)
fix(install): Fixed Debian post install script for aws-iam-authenticator (#6274) (#6275)
fix(install): Fix Debian post installation script when awscli2 is already installed or the installation failed previously (#6276) (#6277)
fix(aws): Fix AWS CLI v2 for Alpine Linux (#6279) (#6280)
fix(cloudfoundry): Update ProcessStats model due to capi-1.84.0 changes (#6283) (#6293)
feat(aws): CleanupAlarmsAgent with an optional user-defined name pattern (#6317) (#6318)
fix(mergify): Mergify config needs adjusting for latest mergify releases (#6321) (#6327)

Spinnaker Kayenta - 1.35.5

chore(dependencies): Autobump orcaVersion (#1027)
chore(deps): bump gradle/wrapper-validation-action from 2 to 3 (#1031)
feat(build): add kayenta-integration module to exercise the just-built docker image (#1032)
refactor(retrofit): add SpinnakerServerExceptionHandler (#1035)
chore(dependencies): Autobump orcaVersion (#1036)
chore(dependency): unpin mysql-connector-java and liquibase-core (#1037)
chore(dependencies): Autobump orcaVersion (#1041)
refactor(auto-configuration): replace spring.factories with AutoConfiguration.imports file to enable auto-configuration during upgrade to spring boot 2.7.x (#1039)
chore(build): enable cross compilation plugin for Java 17 (#1040)
chore(deps): bump docker/build-push-action from 5 to 6 (#1044)
chore(build): upgrade builder image to gradle:7.6.1-jdk17 (#1045)
fix(stackdriver): handle null timeSeries and empty points (#1047)
chore(dependencies): Autobump orcaVersion (#1057)
chore(dependencies): Autobump orcaVersion (#1076)

Spinnaker Igor - 1.35.5

chore(dependencies): Autobump korkVersion (#1255)
fix(travis): Properly return API triggered builds (#1256)
chore(dependencies): Autobump korkVersion (#1257)
chore(dependencies): Autobump korkVersion (#1259)
chore(dependencies): Autobump korkVersion (#1260)
refactor(artifact): moved artifacts (groovy) unit tests to artifacts (java) (#1258)
chore(dependencies): Autobump korkVersion (#1261)
chore(dependencies): Autobump fiatVersion (#1262)
chore(deps): bump docker/build-push-action from 5 to 6 (#1263)
chore(dependencies): Autobump korkVersion (#1264)
chore(dependencies): Autobump korkVersion (#1265)
chore(dependencies): Autobump korkVersion (#1266)
chore(dependencies): Autobump korkVersion (#1267)
chore(dependencies): Autobump korkVersion (#1268)
chore(dependencies): Autobump korkVersion (#1269)
chore(dependencies): Autobump korkVersion (#1270)
chore(dependencies): Autobump fiatVersion (#1271)

Continuous-Deployment: v2.32.5 Armory Continuous Deployment Release (Spinnaker™ v1.32.4)

Mon, 02 Sep 2024 00:00:00 +0000

2024/09/02 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.32.5, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

AWS Lambda plugin migrated to OSS

Starting from Armory version 2.32.0 (OSS version 1.32.0), the AWS Lambda plugin has been migrated to OSS codebase. If you are using the AWS Lambda plugin, you will need to disable/remove it when upgrading to Armory version 2.32.0+ to avoid compatibility issues.

Additionally, the AWS Lambda stages are now enabled using the Deck feature flag feature.lambdaAdditionalStages = true; as shown in the configuration block below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.functions = true;
 // Enable the AWS Lambda pipeline stages in Deck using the feature flag
 window.spinnakerSettings.feature.lambdaAdditionalStages = true;
 ...
 clouddriver:
 aws:
 enabled: true
 features:
 lambda:
 enabled: true
 ## Remove the AWS Lambda plugin from the Armory CD configuration.
 #gate:
 # spinnaker:
 # extensibility:
 # deck-proxy:
 # enabled: true
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json 
 #orca:
 # spinnaker:
 # extensibility:
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # extensions:
 # Aws.LambdaDeploymentStage:
 # enabled: true
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # id: awsLambdaDeploymentPluginRepo
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json

Related OSS PRs:

Known issues

Highlighted updates

Terraformer support for AWS S3 Artifact Store

OSS Spinnaker 1.32.0 introduced support for artifact storage with AWS S3. This feature compresses embdedded/base64 artifacts to remote/base64 and uploads them to an AWS S3 bucket significantly reducing the artifact size in the execution context.

Armory version 2.32.0 adds support for the same feature for the Terraform Integration stage.

Note: The artifact-store feature is disabled by default. To enable the artifact-store feature the following configuration is required:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

When enabling the artifact-store feature it is recommended to deploy the services in this order:

Clouddriver service
Terraformer service
Orca service
Rosco service

Enable Jenkins job triggers for jobs located sub-folders

When defining a Jenkins job in a sub-folder, the path contains forward slashes. By enabling this feature, Armory CD will be able to trigger Jenkins jobs located in sub-folders, correctly matching the job path.

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 feature:
 igor:
 jobNameAsQueryParameter: true
 orca:
 feature:
 igor:
 jobNameAsQueryParameter: true
 igor:
 feature:
 igor:
 jobNameAsQueryParameter: true

Pipeline As Code: Bitbucket fallback support for default branch

By default, Dinghy uses the master branch in your repository and fallbacks to main if master doesn’t exist. If you wish to use a different branch in your repository, you can configure that using the repoConfig tag in your YAML configuration.

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 dinghy:
 repoConfig:
 - branch: some_branch
 provider: bitbucket-server
 repo: my-bitbucket-repository

Performance improvements for the search executions API operations

The search executions API operations have been optimized to improve performance and reduce the time taken to search for pipelines by triggerType or eventId.

RunJob stage improvement

RunJob stage now persist any External Log links after the deletion of the pods. This enhancement ensures that the External Log links are available even after the pods are deleted.

Task View loading support for Paginated requests

Task View now supports paginated requests for loading tasks. This enhancement ensures that the Task View loads tasks more efficiently, avoiding timeouts when loading an application with high number of tasks.

To enable this feature, set the window.spinnakerSettings.tasksViewLimitPerPage = <number> flag to the desired number in the settings-local.js deck profile. For example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.tasksViewLimitPerPage = 100;
 ... 

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.32.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 2736c8796b346d892fb68180ed1534cd882c5f6c
version: 2.32.5
deck:
commit: 9f22fea76ec0ce4ad425a09fd5793372d077f243
version: 2.32.5
dinghy:
commit: f5b14ffba75721322ada662f2325e80ec86347de
version: 2.32.5
echo:
commit: e376d0eb3f19fd3027820bb013b0fbf9fee98e55
version: 2.32.5
fiat:
commit: b674ce72dc02d7e39008bfbf2a551b3d1cc9544e
version: 2.32.5
front50:
commit: b774859c8e27ebfd90455cf0e5f3583eb9afe5d4
version: 2.32.5
gate:
commit: 9a3705729990d170a142b297d2df150fac71bf0f
version: 2.32.5
igor:
commit: c4e429724d83aae802796cda7c5d9b39ce6efba1
version: 2.32.5
kayenta:
commit: 1d0be49daf965910063c3ee611da1453b4fc5a2a
version: 2.32.5
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 9feaae8ddcf27315da951b4a51ffc7f0c4d4ffe6
version: 2.32.5
rosco:
commit: dfe611ffdd2cf9ae7c524fb9970af47350ca5e96
version: 2.32.5
terraformer:
commit: 709bc0b11d21230009e34a3229443e943db9036f
version: 2.32.5
timestamp: "2024-09-02 08:31:29"
version: 2.32.5

Armory

Armory Echo - 2.32.4…2.32.5

Armory Igor - 2.32.4…2.32.5

Armory Fiat - 2.32.4…2.32.5

Armory Deck - 2.32.4…2.32.5

Armory Rosco - 2.32.4…2.32.5

Armory Clouddriver - 2.32.4…2.32.5

Armory Gate - 2.32.4…2.32.5

Armory Front50 - 2.32.4…2.32.5

Terraformer™ - 2.32.4…2.32.5

Armory Kayenta - 2.32.4…2.32.5

chore(build): Updating Build dependencies (backport #544) (#553)
chore(cd): update base service version to kayenta:2024.08.08.22.44.15.release-1.32.x (#550)

Armory Orca - 2.32.4…2.32.5

Dinghy™ - 2.32.4…2.32.5

Spinnaker

Spinnaker Echo - 1.32.4

Spinnaker Igor - 1.32.4

Spinnaker Fiat - 1.32.4

Spinnaker Deck - 1.32.4

Spinnaker Rosco - 1.32.4

Spinnaker Clouddriver - 1.32.4

Spinnaker Gate - 1.32.4

Spinnaker Front50 - 1.32.4

Spinnaker Kayenta - 1.32.4

fix(stackdriver): handle null timeSeries and empty points (backport #1047) (#1048)

Spinnaker Orca - 1.32.4

Continuous-Deployment: v2.32.4 Armory Continuous Deployment Release (Spinnaker™ v1.32.4)

Fri, 30 Aug 2024 00:00:00 +0000

2024/08/30 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.32.4, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

AWS Lambda plugin migrated to OSS

Additionally, the AWS Lambda stages are now enabled using the Deck feature flag feature.lambdaAdditionalStages = true; as shown in the configuration block below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.functions = true;
 // Enable the AWS Lambda pipeline stages in Deck using the feature flag
 window.spinnakerSettings.feature.lambdaAdditionalStages = true;
 ...
 clouddriver:
 aws:
 enabled: true
 features:
 lambda:
 enabled: true
 ## Remove the AWS Lambda plugin from the Armory CD configuration.
 #gate:
 # spinnaker:
 # extensibility:
 # deck-proxy:
 # enabled: true
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json 
 #orca:
 # spinnaker:
 # extensibility:
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # extensions:
 # Aws.LambdaDeploymentStage:
 # enabled: true
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # id: awsLambdaDeploymentPluginRepo
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json

Related OSS PRs:

Known issues

Highlighted updates

Terraformer support for AWS S3 Artifact Store

Armory version 2.32.0 adds support for the same feature for the Terraform Integration stage.

Note: The artifact-store feature is disabled by default. To enable the artifact-store feature the following configuration is required:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

When enabling the artifact-store feature it is recommended to deploy the services in this order:

Clouddriver service
Terraformer service
Orca service
Rosco service

Enable Jenkins job triggers for jobs located sub-folders

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 feature:
 igor:
 jobNameAsQueryParameter: true
 orca:
 feature:
 igor:
 jobNameAsQueryParameter: true
 igor:
 feature:
 igor:
 jobNameAsQueryParameter: true

Pipeline As Code: Bitbucket fallback support for default branch

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 dinghy:
 repoConfig:
 - branch: some_branch
 provider: bitbucket-server
 repo: my-bitbucket-repository

Performance improvements for the search executions API operations

The search executions API operations have been optimized to improve performance and reduce the time taken to search for pipelines by triggerType or eventId.

RunJob stage improvement

RunJob stage now persist any External Log links after the deletion of the pods. This enhancement ensures that the External Log links are available even after the pods are deleted.

Task View loading support for Paginated requests

To enable this feature, set the window.spinnakerSettings.tasksViewLimitPerPage = <number> flag to the desired number in the settings-local.js deck profile. For example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.tasksViewLimitPerPage = 100;
 ... 

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.32.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 2736c8796b346d892fb68180ed1534cd882c5f6c
version: 2.32.4
deck:
commit: 9f22fea76ec0ce4ad425a09fd5793372d077f243
version: 2.32.4
dinghy:
commit: f5b14ffba75721322ada662f2325e80ec86347de
version: 2.32.4
echo:
commit: e376d0eb3f19fd3027820bb013b0fbf9fee98e55
version: 2.32.4
fiat:
commit: b674ce72dc02d7e39008bfbf2a551b3d1cc9544e
version: 2.32.4
front50:
commit: b774859c8e27ebfd90455cf0e5f3583eb9afe5d4
version: 2.32.4
gate:
commit: 9a3705729990d170a142b297d2df150fac71bf0f
version: 2.32.4
igor:
commit: c4e429724d83aae802796cda7c5d9b39ce6efba1
version: 2.32.4
kayenta:
commit: bccd150fcc8a7cb7df537ec6269bce5d2843c703
version: 2.32.4
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 9feaae8ddcf27315da951b4a51ffc7f0c4d4ffe6
version: 2.32.4
rosco:
commit: dfe611ffdd2cf9ae7c524fb9970af47350ca5e96
version: 2.32.4
terraformer:
commit: 709bc0b11d21230009e34a3229443e943db9036f
version: 2.32.4
timestamp: "2024-08-29 13:18:29"
version: 2.32.4

Armory

Armory Igor - 2.32.3…2.32.4

chore(build): Updating Build dependencies (#613) (#624)

Armory Echo - 2.32.3…2.32.4

chore(build): Updating Build dependencies (#723) (#739)

Armory Kayenta - 2.32.3…2.32.4

Armory Fiat - 2.32.3…2.32.4

chore(build): Updating Build dependencies (#613) (#626)

Armory Deck - 2.32.3…2.32.4

chore(cd): update base deck version to 2024.0.0-20240610151853.release-1.32.x (#1421)
chore(cd): update base deck version to 2024.0.0-20240808191000.release-1.32.x (#1427)

Armory Rosco - 2.32.3…2.32.4

Armory Clouddriver - 2.32.3…2.32.4

chore(cd): update base service version to clouddriver:2024.05.15.16.46.29.release-1.32.x (#1127)
chore(cd): update base service version to clouddriver:2024.06.05.17.20.53.release-1.32.x (#1129)
chore(build): Updating Build dependencies (#1140) (#1169)
chore(cd): update base service version to clouddriver:2024.08.08.19.07.30.release-1.32.x (#1156)

Armory Front50 - 2.32.3…2.32.4

chore(cd): update base service version to front50:2024.06.11.18.14.17.release-1.32.x (#692)
chore(build): Updating Build dependencies (#697) (#713)
chore(cd): update base service version to front50:2024.08.23.02.19.43.release-1.32.x (#715)

Armory Gate - 2.32.3…2.32.4

chore(build): Updating Build dependencies (#732) (#750)

Terraformer™ - 2.32.3…2.32.4

chore(terraformer): Backport fixes (#571) (#573)

Armory Orca - 2.32.3…2.32.4

chore(cd): update base orca version to 2024.06.10.16.25.01.release-1.32.x (#893)
chore(build): Updating Build dependencies (#911) (#935)

Dinghy™ - 2.32.3…2.32.4

Spinnaker

Spinnaker Kayenta - 1.32.4

Spinnaker Echo - 1.32.4

Spinnaker Orca - 1.32.4

fix(check-pre-condition): CheckPrecondition doesn’t evaluate expression correctly after upstream stages get restarted (#4682) (#4719)
fix(jenkins): Wrong Job name encoding in query params for Artifacts/Properties (#4722) (#4725)
fix(blueGreen): Scaling replicaSets should not be considered for deletion (#4728) (#4732)
feat(build): add orca-integration module to exercise the just-built docker image (backport #4721) (#4737)

Spinnaker Fiat - 1.32.4

Spinnaker Gate - 1.32.4

Spinnaker Clouddriver - 1.32.4

fix(gcp): Relaxed health check for GCP accounts (#6200) (#6204)
fix(ClusterController): Fix GetClusters returning only the last 2 providers clusterNames of application (#6210) (#6211)
feat(build): add clouddriver-integration module to exercise the just-built docker imageTest docker image (backport #6206) (#6222)
chore(gcp): Adding STRONG_COOKIE_AFFINITY in gcp LB model (#6259) (#6260)

Spinnaker Rosco - 1.32.4

Spinnaker Deck - 1.32.4

fix(lambda): Invoke stage excludedArtifactTypes not including the embedded-artifact type (#10097) (#10102)
feat(taskView): Implement opt-in paginated request for TaskView (backport #10093) (#10094)
fix(pipeline): Handle render/validation when stageTimeoutMs is a Spel expression (#10103) (#10106)
fix(redblack): fixing redblack onchange values (#10107) (#10111)
fix(lambda): Export LambdaRoute stage on aws module (#10116) (#10117)
chore(gcp): Adding STRONG_COOKIE_AFFINITY in gcp LB model (#10124) (#10125)

Spinnaker Igor - 1.32.4

Spinnaker Front50 - 1.32.4

fix(front50-gcs): Fix ObjectType filenames for GCS Front50 persistent store (#1493) (#1496)
fix(migrator): GCS to SQL migrator APPLICATION_PERMISSION objectType fix (#1466) (#1472)

Continuous-Deployment: v2.34.1 Armory Continuous Deployment Release (Spinnaker™ v1.34.5)

Fri, 30 Aug 2024 00:00:00 +0000

2024/08/30 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.34.1, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Swagger UI endpoint change

API documentation implementing swagger has been upgraded to use Springfox 3.0.0.

Breaking Change: Swagger-ui endpoint changed from /swagger-ui.html to /swagger-ui/index.html.

Kubernetes API version change for `client.authentication.k8s.io`

kubectl in the latest releases has removed support for external auth flows using the apiVersion: client.authentication.k8s.io/v1alpha1 exec API.

Breaking Change: Update your kubeconfig files to use the v1beta1 apiVersion: client.authentication.k8s.io/v1beta1

Known issues

Highlighted updates

Spring Boot 2.6.15

Spring Boot 2.6 considers session data cached by previous Spring Boot versions invalid. Therefore, users with cached sessions will be unable to log in until the invalid information is removed from the cache.

Open browser windows to Spinnaker are unresponsive after the deployment until they’re reloaded. Once Gate is updated to the new Armory CD version please execute:

$ redis-cli keys "spring:session*" | xargs redis-cli del

on Gate’s redis instance removes the cached session information.

Lambda Operations

Introduced in OSS Spinnaker 1.33.0 and included in the 2.34.0 release, Armory CD now supports configurable Invocation timeouts and retries for Lambda operations. Previously the SDK would restrict timeouts despite any configuration to 55 seconds.

To set the timeout and retry values, add the following to your clouddriver-local.yml:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 clouddriver:
 aws:
 features:
 lambda:
 enabled: true
 lambda:
 invokeTimeoutMs: 4000000
 retries: 3

Changes in S3 Artifact Store configuration

NOTE: If upgrading from 2.32.x to 2.34.x, this reference format has changed from s3://bucket/ref://application/hash to s3://bucket/application/hash, which is not backwards compatible. Please ensure everything is working correctly before enabling this feature! In case of a rollback, manual correction of the reference format will be required.

Armory version 2.32.0 added support for the same feature for the Terraform Integration stage.

In Armory CD version 2.34.0, the S3 Artifact Store configuration flags have been modified to support either store or retrieval or both of remote artifacts.

Configuration in 2.32.x

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

Configuration in 2.34.0 (Store/Get)

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 type: s3
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

Configuration in 2.34.0 (Get only)

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 type: s3
 s3:
 enabled: false
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

Dinghy support for delete stale pipelines

Dinghy now support deleting stale pipelines - Any pipelines in the Spinnaker application that are not part of the dinghyfile.

These pipelines are identified and deleted automatically when the dinghyfile is updated and processed. You can set the deleteStalePipelines flag to true in the dinghyfile to enable this feature.

{
 "application": "yourspinnakerapplicationname",
 "deleteStalePipelines": true,
 "pipelines": [
 ]
}

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.34.5 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 7602c40d66f8d99254c740ac782fb4c7a8e547db
version: 2.34.1
deck:
commit: 4e15526f16000326035436c57783415b5e5c1d72
version: 2.34.1
dinghy:
commit: fbba492fb3d6c116d75f9ca959f6b5d84ab473a6
version: 2.34.1
echo:
commit: 391b1f4924679a0ce23c216d4b0d8bc4cfdd9ed5
version: 2.34.1
fiat:
commit: df367d6ed0185b61abcea1e943109503a4b7928b
version: 2.34.1
front50:
commit: eb8691d3c549c86ba3547b0710828b9f37c62f38
version: 2.34.1
gate:
commit: f54a45abcf7a622e4233e471723c2b54d3972c5d
version: 2.34.1
igor:
commit: 0ddc88fc33b097ca8d822e91591218c2216dbbc2
version: 2.34.1
kayenta:
commit: b8983452be0897fc98a6c47d84f8689a9e0e623b
version: 2.34.1
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 9385c93a4ce4f30a5484989b0b9913b6cd7e24d6
version: 2.34.1
rosco:
commit: f0e9fdb04e392820324f5edb72c0ff46b5307701
version: 2.34.1
terraformer:
commit: d4b6e9f53f3a2b595ce25e0b044318d47fd239b6
version: 2.34.1
timestamp: "2024-08-29 12:35:20"
version: 2.34.1

Armory

Dinghy™ - 2.34.0…2.34.1

Armory Gate - 2.34.0…2.34.1

chore(cd): update base service version to gate:2024.08.09.02.35.08.release-1.34.x (#744)
chore(cd): update base service version to gate:2024.08.10.04.22.27.release-1.34.x (#745)
chore(cd): update base service version to gate:2024.08.16.23.57.38.release-1.34.x (#746)
chore(cd): update base service version to gate:2024.08.17.03.15.23.release-1.34.x (#747)

Armory Rosco - 2.34.0…2.34.1

chore(cd): update base service version to rosco:2024.08.17.00.00.56.release-1.34.x (#684)

Armory Igor - 2.34.0…2.34.1

chore(cd): update base service version to igor:2024.08.17.03.16.09.release-1.34.x (#623)

Armory Fiat - 2.34.0…2.34.1

chore(cd): update base service version to fiat:2024.08.16.23.56.14.release-1.34.x (#625)

Terraformer™ - 2.34.0…2.34.1

chore(terraformer): Backport fixes (#571)

Armory Kayenta - 2.34.0…2.34.1

chore(cd): update base service version to kayenta:2024.08.08.20.11.17.release-1.34.x (#549)
chore(cd): update base service version to kayenta:2024.08.17.05.49.51.release-1.34.x (#552)

Armory Front50 - 2.34.0…2.34.1

chore(cd): update base service version to front50:2024.08.16.23.58.39.release-1.34.x (#708)
chore(cd): update base service version to front50:2024.08.18.02.21.08.release-1.34.x (#711)
chore(cd): update base service version to front50:2024.08.23.16.11.18.release-1.34.x (#712)

Armory Orca - 2.34.0…2.34.1

chore(cd): update base orca version to 2024.08.17.02.35.16.release-1.34.x (#932)
chore(cd): update base orca version to 2024.08.17.03.26.59.release-1.34.x (#933)

Armory Deck - 2.34.0…2.34.1

chore(cd): update base deck version to 2024.0.0-20240808191056.release-1.34.x (#1428)

Armory Echo - 2.34.0…2.34.1

chore(cd): update base service version to echo:2024.08.16.23.59.20.release-1.34.x (#737)
chore(cd): update base service version to echo:2024.08.17.03.16.29.release-1.34.x (#738)

Armory Clouddriver - 2.34.0…2.34.1

chore(cd): update base service version to clouddriver:2024.08.08.19.08.20.release-1.34.x (#1157)
chore(cd): update base service version to clouddriver:2024.08.17.00.37.38.release-1.34.x (#1160)
chore(cd): update base service version to clouddriver:2024.08.17.03.54.14.release-1.34.x (#1161)
chore(cd): update base service version to clouddriver:2024.08.17.21.27.20.release-1.34.x (#1163)
chore(cd): update base service version to clouddriver:2024.08.18.02.43.56.release-1.34.x (#1165)

Spinnaker

Spinnaker Gate - 1.34.5

fix(web/test): stop leaking system properties from FunctionalSpec (#1798) (#1818)
fix(core): remove ErrorPageSecurityFilter bean named errorPageSecurityInterceptor (#1817)
chore(dependencies): Autobump korkVersion (#1821)
chore(dependencies): Autobump fiatVersion (#1822)

Spinnaker Rosco - 1.34.5

chore(dependencies): Autobump korkVersion (#1106)

Spinnaker Igor - 1.34.5

chore(dependencies): Autobump korkVersion (#1253)
chore(dependencies): Autobump fiatVersion (#1250)
chore(dependencies): Autobump korkVersion (#1272)
chore(dependencies): Autobump fiatVersion (#1273)

Spinnaker Fiat - 1.34.5

chore(dependencies): Autobump korkVersion (#1156)
chore(dependencies): Autobump korkVersion (#1153)
chore(dependencies): Autobump korkVersion (#1177)

Spinnaker Kayenta - 1.34.5

fix(stackdriver): handle null timeSeries and empty points (#1047) (#1050)
chore(dependencies): Autobump orcaVersion (#1058)

Spinnaker Front50 - 1.34.5

chore(dependencies): Autobump korkVersion (#1488)
chore(dependencies): Autobump fiatVersion (#1489)
fix(gha): only bump halyard on master (#1490) (#1491)
fix(front50-gcs): Fix ObjectType filenames for GCS Front50 persistent store (#1493) (#1494)

Spinnaker Orca - 1.34.5

chore(dependencies): Autobump korkVersion (#4776)
chore(dependencies): Autobump fiatVersion (#4777)

Spinnaker Deck - 1.34.5

chore(gcp): Adding STRONG_COOKIE_AFFINITY in gcp LB model (#10124) (#10127)

Spinnaker Echo - 1.34.5

chore(dependencies): Autobump korkVersion (#1417)
feat(pipelinetriggers): set pipeline-cache.filterFront50Pipelines to true by default (#1416)
chore(dependencies): Autobump fiatVersion (#1413)
chore(dependencies): Autobump korkVersion (#1440)
chore(dependencies): Autobump fiatVersion (#1441)

Spinnaker Clouddriver - 1.34.5

chore(gcp): Adding STRONG_COOKIE_AFFINITY in gcp LB model (#6259) (#6262)
chore(dependencies): Autobump korkVersion (#6266)
chore(dependencies): Autobump fiatVersion (#6267)
fix(gha): only bump halyard on master (#6268) (#6269)
fix(gha): remove whitespace from BRANCH in release.yml (#6271) (#6272)

Continuous-Deployment: v2.34.0 Armory Continuous Deployment Release (Spinnaker™ v1.32.4)

Thu, 18 Jul 2024 00:00:00 +0000

2024/07/18 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.34.0, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Swagger UI endpoint change

API documentation implementing swagger has been upgraded to use Springfox 3.0.0.

Breaking Change: Swagger-ui endpoint changed from /swagger-ui.html to /swagger-ui/index.html.

Kubernetes API version change for `client.authentication.k8s.io`

kubectl in the latest releases has removed support for external auth flows using the apiVersion: client.authentication.k8s.io/v1alpha1 exec API.

Breaking Change: Update your kubeconfig files to use the v1beta1 apiVersion: client.authentication.k8s.io/v1beta1

Known issues

Spinnaker 2.34.0 Front50 GCS object store issue

Spinnaker 2.34.0 includes a known issue in Front50 that causes issues with GCS object store configurations. This issue affects:

When GCS is used as a persistent store
When GCS is used in a dual repository configuration

This is resolved in Spinnaker 2.34.1.

Highlighted updates

Spring Boot 2.6.15

Open browser windows to Spinnaker are unresponsive after the deployment until they’re reloaded. Once Gate is updated to the new Armory CD version please execute:

$ redis-cli keys "spring:session*" | xargs redis-cli del

on Gate’s redis instance removes the cached session information.

Lambda Operations

To set the timeout and retry values, add the following to your clouddriver-local.yml:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 clouddriver:
 aws:
 features:
 lambda:
 enabled: true
 lambda:
 invokeTimeoutMs: 4000000
 retries: 3

Changes in S3 Artifact Store configuration

Armory version 2.32.0 added support for the same feature for the Terraform Integration stage.

In Armory CD version 2.34.0, the S3 Artifact Store configuration flags have been modified to support either store or retrieval or both of remote artifacts.

Configuration in 2.32.x

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

Configuration in 2.34.0 (Store/Get)

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 type: s3
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

Configuration in 2.34.0 (Get only)

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 type: s3
 s3:
 enabled: false
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

Dinghy support for delete stale pipelines

Dinghy now support deleting stale pipelines - Any pipelines in the Spinnaker application that are not part of the dinghyfile.

{
 "application": "yourspinnakerapplicationname",
 "deleteStalePipelines": true,
 "pipelines": [
 ]
}

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.34.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 94c77a6b398a40993e6fba92e5692393d8f22564
version: 2.34.0
deck:
commit: 63cd2960432f7921cecefc634bc5b187473832fe
version: 2.34.0
dinghy:
commit: fbba492fb3d6c116d75f9ca959f6b5d84ab473a6
version: 2.34.0
echo:
commit: 23909434bf95a0891a5ab256e5fccf5d7d8b6ed3
version: 2.34.0
fiat:
commit: e8be593635189433704d0a7945fa1335c24ac896
version: 2.34.0
front50:
commit: cce826e7cc2203970da4ebd37ccd9a91d9b39790
version: 2.34.0
gate:
commit: 313be459112c23139adf1ef2717a850cc7797485
version: 2.34.0
igor:
commit: e327e854cd7487881c15f4005f739b69ca4d7850
version: 2.34.0
kayenta:
commit: 840e7e93fbc83c7704895307fe057b84d14776f2
version: 2.34.0
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: b52430340a82dd536d4e6d13c5b9b44962452ff2
version: 2.34.0
rosco:
commit: 23db1000615781164ae3042eed3ef8cf298d7da4
version: 2.34.0
terraformer:
commit: 559abc8056e0f1c90d6bc737c57688f7c747c0ba
version: 2.34.0
timestamp: "2024-07-18 11:24:58"
version: 2.34.0

Armory

Armory Clouddriver - 2.32.3…2.34.0

chore(cd): update base service version to clouddriver:2024.06.27.18.12.36.release-1.34.x (#1142)
chore(cd): update base service version to clouddriver:2024.06.11.19.47.52.release-1.34.x (#1136)
chore(cd): update base service version to clouddriver:2024.06.11.18.46.36.release-1.34.x (#1135)
chore(cd): update base service version to clouddriver:2024.06.11.17.42.55.release-1.34.x (#1134)
chore(cd): update base service version to clouddriver:2024.05.15.14.49.18.release-1.34.x (#1126)
chore(cd): update base service version to clouddriver:2024.05.07.00.11.46.release-1.34.x (#1122)
chore(cd): update armory-commons version to 3.16.2 (#1118)
chore(cd): update base service version to clouddriver:2024.04.29.20.13.35.master (#1115)
chore(cd): update base service version to clouddriver:2024.04.28.03.54.41.master (#1114)
chore(cd): update base service version to clouddriver:2024.04.27.02.58.24.master (#1113)
chore(cd): update base service version to clouddriver:2024.04.27.01.17.51.master (#1112)
chore(cd): update base service version to clouddriver:2024.04.19.15.06.51.master (#1111)
chore(cd): update base service version to clouddriver:2024.04.17.23.18.25.master (#1110)
chore(cd): update base service version to clouddriver:2024.04.17.22.30.27.master (#1109)
chore(cd): update base service version to clouddriver:2024.04.17.00.31.11.master (#1108)
chore(cd): update base service version to clouddriver:2024.04.16.23.02.06.master (#1107)
chore(cd): update base service version to clouddriver:2024.04.15.21.03.44.master (#1106)
chore(cd): update base service version to clouddriver:2024.04.15.20.20.47.master (#1105)
chore(cd): update base service version to clouddriver:2024.04.15.19.37.30.master (#1104)
chore(cd): update base service version to clouddriver:2024.04.14.20.52.16.master (#1103)
chore(cd): update base service version to clouddriver:2024.04.10.16.09.12.master (#1102)
chore(cd): update base service version to clouddriver:2024.04.01.21.11.56.master (#1101)
Updating Armory commons and gradle jar (#1100)
chore(cd): update base service version to clouddriver:2024.03.28.00.24.09.master (#1099)
Upgrading Gradle to match OSS (#1098)
chore(cd): update base service version to clouddriver:2024.03.21.17.22.01.master (#1097)
Update clouddriver-package.gradle (#1096)
chore(build): Updating Dockerfile with base image (#1095)
chore(cd): update base service version to clouddriver:2024.03.12.21.36.12.master (#1094)
chore(cd): update base service version to clouddriver:2024.03.12.20.05.36.master (#1093)
chore(cd): update base service version to clouddriver:2024.03.12.16.58.43.master (#1092)
chore(cd): update base service version to clouddriver:2024.03.03.18.17.58.master (#1089)
chore(cd): update base service version to clouddriver:2024.02.29.20.32.42.master (#1087)
chore(cd): update base service version to clouddriver:2024.02.28.05.46.02.master (#1084)
chore(cd): update base service version to clouddriver:2024.02.27.06.01.15.master (#1080)
chore(cd): update base service version to clouddriver:2024.02.27.06.00.03.master (#1079)
chore(cd): update base service version to clouddriver:2024.02.27.04.32.59.master (#1078)
chore(cd): update base service version to clouddriver:2024.02.27.04.01.47.master (#1077)
chore(cd): update base service version to clouddriver:2024.02.27.01.13.36.master (#1076)
chore(cd): update base service version to clouddriver:2024.02.05.19.55.21.master (#1075)
chore(cd): update base service version to clouddriver:2024.02.02.20.34.05.master (#1074)
chore(cd): update base service version to clouddriver:2024.02.02.18.14.52.master (#1073)
chore(cd): update base service version to clouddriver:2024.02.01.20.44.50.master (#1071)
chore(cd): update base service version to clouddriver:2024.01.30.17.34.14.master (#1070)
chore(cd): update base service version to clouddriver:2024.01.25.16.36.56.master (#1069)
chore(cd): update armory-commons version to 3.15.1 (#1067)
chore(cd): update base service version to clouddriver:2024.01.23.16.49.59.master (#1065)
chore(cd): update base service version to clouddriver:2024.01.10.19.37.05.master (#1060)
chore(cd): update base service version to clouddriver:2024.01.08.22.53.58.master (#1059)
chore(cd): update base service version to clouddriver:2024.01.08.18.58.47.master (#1058)
chore(cd): update base service version to clouddriver:2024.01.04.21.23.43.master (#1057)
chore(cd): update base service version to clouddriver:2024.01.02.19.12.40.master (#1056)
chore(cd): update base service version to clouddriver:2024.01.01.22.40.29.master (#1055)
chore(cd): update base service version to clouddriver:2024.01.01.21.46.33.master (#1054)
chore(cd): update base service version to clouddriver:2023.12.12.10.42.47.master (#1052)
chore(cd): update base service version to clouddriver:2023.12.08.18.19.18.master (#1051)
chore(cd): update base service version to clouddriver:2023.12.05.22.20.46.master (#1050)
chore(cd): update base service version to clouddriver:2023.12.01.23.18.40.master (#1049)
chore(cd): update base service version to clouddriver:2023.12.01.22.25.17.master (#1048)
chore(cd): update base service version to clouddriver:2023.12.01.21.32.00.master (#1047)
chore(cd): update base service version to clouddriver:2023.12.01.17.07.46.master (#1046)
chore(cd): update base service version to clouddriver:2023.12.01.10.02.06.master (#1045)
chore(cd): update base service version to clouddriver:2023.11.29.21.04.30.master (#1044)
chore(cd): update base service version to clouddriver:2023.11.29.16.53.23.master (#1043)
chore(cd): update base service version to clouddriver:2023.11.28.21.32.22.master (#1042)
chore(cd): update base service version to clouddriver:2023.11.28.17.55.30.master (#1041)
chore(cd): update base service version to clouddriver:2023.11.27.16.25.40.master (#1039)
chore(cd): update base service version to clouddriver:2023.11.22.01.22.04.master (#1035)
chore(cd): update base service version to clouddriver:2023.11.22.00.37.26.master (#1034)
chore(cd): update base service version to clouddriver:2023.11.21.21.57.48.master (#1033)
chore(cd): update base service version to clouddriver:2023.11.20.22.10.09.master (#1032)
chore(cd): update base service version to clouddriver:2023.11.20.20.59.25.master (#1028)
chore(cd): update base service version to clouddriver:2023.11.20.18.24.24.master (#1027)
chore(cd): update base service version to clouddriver:2023.11.17.21.14.48.master (#1026)
chore(cd): update base service version to clouddriver:2023.11.16.18.01.55.master (#1025)
chore(cd): update base service version to clouddriver:2023.11.16.17.03.59.master (#1024)
chore(cd): update base service version to clouddriver:2023.11.14.22.02.04.master (#1023)
chore(cd): update base service version to clouddriver:2023.11.14.12.10.10.master (#1022)
chore(cd): update base service version to clouddriver:2023.11.13.19.38.37.master (#1021)
chore(cd): update base service version to clouddriver:2023.11.13.18.40.37.master (#1020)
chore(cd): update base service version to clouddriver:2023.11.13.16.27.25.master (#1019)
chore(cd): update base service version to clouddriver:2023.11.10.20.28.35.master (#1018)
chore(cd): update base service version to clouddriver:2023.11.10.17.31.13.master (#1017)
chore(cd): update base service version to clouddriver:2023.11.08.15.10.17.master (#1015)
chore(cd): update base service version to clouddriver:2023.11.02.20.26.25.master (#1014)
chore(cd): update base service version to clouddriver:2023.11.01.10.42.41.master (#1013)
chore(cd): update base service version to clouddriver:2023.11.01.05.43.07.master (#1012)
chore(cd): update base service version to clouddriver:2023.10.30.04.36.21.master (#1011)
chore(cd): update base service version to clouddriver:2023.10.20.18.33.36.master (#1010)
chore(cd): update base service version to clouddriver:2023.10.17.23.10.42.master (#1009)
chore(cd): update base service version to clouddriver:2023.10.11.20.46.03.master (#1008)
chore(cd): update base service version to clouddriver:2023.10.11.05.59.16.master (#1006)

Dinghy™ - 2.32.3…2.34.0

chore: Bumps and delete support (#533) (#535)
chore(dependencies): v0.0.0-20240213103436-d0dc889db2c6 (#529)
chore(dependencies): updated oss dinghy version to v0.0.0-20240213103436-d0dc889db2c6 (#525)

Terraformer™ - 2.32.3…2.34.0

Armory Echo - 2.32.3…2.34.0

chore(build): Updating Build dependencies (#724)
chore(cd): update armory-commons version to 3.16.2 (#716)
chore(cd): update base service version to echo:2024.04.27.02.26.26.master (#712)
chore(cd): update base service version to echo:2024.04.17.17.22.23.master (#710)
chore(cd): update base service version to echo:2024.04.16.22.32.13.master (#709)
chore(cd): update base service version to echo:2024.04.06.04.28.27.master (#708)
chore(cd): update base service version to echo:2024.04.01.18.07.48.master (#707)
chore(cd): update base service version to echo:2024.03.29.22.03.53.master (#706)
chore(armory-commons): Updating Armory commons version (#705)
chore(cd): update base service version to echo:2024.03.21.16.46.18.master (#704)
chore(build): Updating Dockerfile with base image (#703)
chore(cd): update armory-commons version to 3.15.1 (#675)
chore(cd): update base service version to echo:2023.11.21.19.54.25.master (#656)
chore(cd): update base service version to echo:2023.11.20.21.36.20.master (#655)
chore(cd): update base service version to echo:2023.11.20.17.49.29.master (#654)
chore(cd): update base service version to echo:2023.11.14.21.27.23.master (#653)
chore(cd): update base service version to echo:2023.11.13.18.24.24.master (#652)
chore(cd): update base service version to echo:2023.11.10.19.48.01.master (#651)
chore(cd): update base service version to echo:2023.11.02.19.51.25.master (#650)
fix: Upgrade grpc-netty-shaded to address the service initialization failure issue. (#647) (#649)
chore(cd): update base service version to echo:2023.10.30.00.07.35.master (#646)
chore(cd): update base service version to echo:2023.10.26.17.17.05.master (#644)
chore(cd): update base service version to echo:2023.10.20.17.42.30.master (#643)
chore(cd): update base service version to echo:2023.10.17.22.53.33.master (#642)
chore(cd): update base service version to echo:2023.10.17.20.02.09.master (#641)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#637)
chore(cd): update base service version to echo:2023.10.06.16.03.18.master (#639)
chore(cd): update base service version to echo:2023.10.04.16.06.56.master (#638)
chore(cd): update base service version to echo:2023.10.01.16.50.11.master (#635)
chore(cd): update base service version to echo:2023.10.01.16.41.14.master (#634)
chore(cd): update base service version to echo:2023.10.01.16.33.03.master (#633)
chore(cd): update base service version to echo:2023.10.01.16.24.40.master (#632)
chore(cd): update base service version to echo:2023.10.01.16.16.00.master (#631)

Armory Deck - 2.32.3…2.34.0

chore(cd): update base deck version to 2024.0.0-20240610151915.release-1.34.x (#1420)
chore(cd): update base deck version to 2024.0.0-20240513181436.release-1.34.x (#1417)
chore(cd): update base deck version to 2024.0.0-20240510163512.release-1.34.x (#1413)
chore(cd): update base deck version to 2024.0.0-20240509180831.release-1.34.x (#1410)
chore(cd): update base deck version to 2024.0.0-20240507163358.release-1.34.x (#1407)
chore(cd): update base deck version to 2024.0.0-20240425133611.master (#1402)
chore(cd): update base deck version to 2024.0.0-20240425080204.master (#1401)
chore(cd): update base deck version to 2024.0.0-20240416204716.master (#1399)
chore(cd): update base deck version to 2024.0.0-20240416085052.master (#1398)
chore(cd): update base deck version to 2024.0.0-20240415191135.master (#1397)
chore(cd): update base deck version to 2024.0.0-20240401180625.master (#1396)
chore(cd): update base deck version to 2024.0.0-20240201174104.master (#1393)
chore(cd): update base deck version to 2024.0.0-20240201154858.master (#1392)
build(action): pass version to fix build (#1390)
chore(cd): update base deck version to 2024.0.0-20240117174813.master (#1384)
chore(cd): update base deck version to 2024.0.0-20240101195346.master (#1383)
chore(cd): update base deck version to 2023.0.0-20231222191848.master (#1382)
chore(cd): update base deck version to 2023.0.0-20231207192034.master (#1381)
chore(cd): update base deck version to 2023.0.0-20231207095504.master (#1378)
chore(cd): update base deck version to 2023.0.0-20231201183254.master (#1377)
chore(cd): update base deck version to 2023.0.0-20231201180115.master (#1375)
chore(cd): update base deck version to 2023.0.0-20231201100402.master (#1374)
chore(cd): update base deck version to 2023.0.0-20231130182135.master (#1373)
chore(cd): update base deck version to 2023.0.0-20231130162716.master (#1372)
chore(cd): update base deck version to 2023.0.0-20231130121012.master (#1371)
chore(cd): update base deck version to 2023.0.0-20231116193005.master (#1368)
chore(cd): update base deck version to 2023.0.0-20231114100915.master (#1367)
chore(cd): update base deck version to 2023.0.0-20231110022032.master (#1366)
chore(cd): update base deck version to 2023.0.0-20231101175540.master (#1365)
chore(cd): update base deck version to 2023.0.0-20231024132143.master (#1362)
chore(cd): update base deck version to 2023.0.0-20231016213838.master (#1358)
fix(action): upgrade node version to match OSS (#1356)

Armory Rosco - 2.32.3…2.34.0

Revert “Fix permissions on container (#675)” (#676)
Fix permissions on container (#675)
chore(build): Updating Build dependencies (#671) (#672)
chore(cd): update base service version to rosco:2024.04.18.17.06.07.release-1.34.x (#666)
chore(cd): update armory-commons version to 3.16.2 (#664)
chore(cd): update base service version to rosco:2024.04.18.16.53.13.master (#659)
chore(cd): update base service version to rosco:2024.04.06.04.30.30.master (#658)
chore(cd): update base service version to rosco:2024.04.01.17.13.30.master (#657)
chore(cd): update base service version to rosco:2024.03.26.04.36.13.master (#656)
chore(build): Updating Dockerfile with base image (#653)
chore(cd): update base service version to rosco:2024.02.23.17.50.10.master (#642)
chore(cd): update base service version to rosco:2024.02.21.18.12.33.master (#640)
chore(cd): update base service version to rosco:2024.02.20.07.03.39.master (#639)
chore(cd): update base service version to rosco:2024.02.09.15.36.10.master (#637)
chore(cd): update base service version to rosco:2024.02.07.19.18.48.master (#636)
chore(cd): update base service version to rosco:2024.02.05.05.09.50.master (#635)
chore(cd): update base service version to rosco:2024.02.05.04.14.03.master (#634)
fix(ci): Removing integration tests as not stable (#627)
chore(cd): update base service version to rosco:2023.11.14.21.27.05.master (#601)
chore(cd): update base service version to rosco:2023.11.13.18.24.40.master (#600)
chore(cd): update base service version to rosco:2023.11.10.19.53.01.master (#599)
fix(cve): Fixing CVE-2023-24538 CVE-2023-24540 (#596)
chore(cd): update base service version to rosco:2023.11.02.19.54.28.master (#595)
chore(cd): update base service version to rosco:2023.10.30.03.05.30.master (#594)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#584)
chore(cd): update base service version to rosco:2023.10.09.14.38.32.master (#586)

Armory Kayenta - 2.32.3…2.34.0

chore(cd): update base service version to kayenta:2024.06.14.19.10.09.release-1.34.x (#543)
chore(build): Updating Build dependencies (#544) (#545)
chore(cd): update base service version to kayenta:2024.04.01.18.08.38.master (#530)
chore(cd): update base service version to kayenta:2024.03.20.14.47.07.master (#528)
chore(build): Updating Dockerfile with base image (#527)
chore(cd): update base service version to kayenta:2024.02.20.06.20.45.master (#520)
chore(cd): update base service version to kayenta:2024.02.06.18.05.30.master (#519)
chore(cd): update base service version to kayenta:2024.02.05.19.15.22.master (#518)
chore(cd): update base service version to kayenta:2024.02.01.16.30.14.master (#515)
chore(cd): update armory-commons version to 3.15.1 (#511)
chore(cd): update base service version to kayenta:2024.01.12.16.21.50.master (#506)
chore(cd): update base service version to kayenta:2024.01.10.18.51.11.master (#505)
chore(cd): update base service version to kayenta:2024.01.01.19.52.30.master (#504)
chore(cd): update base service version to kayenta:2023.12.05.22.25.32.master (#500)
chore(cd): update base service version to kayenta:2023.12.01.16.29.19.master (#497)
chore(cd): update base service version to kayenta:2023.12.01.16.20.40.master (#496)
chore(cd): update base service version to kayenta:2023.12.01.09.56.52.master (#494)
chore(cd): update base service version to kayenta:2023.11.22.03.11.43.master (#493)

Armory Gate - 2.32.3…2.34.0

chore(cd): update base service version to gate:2024.04.17.02.19.43.release-1.34.x (#734)
chore(build): Updating Build dependencies (#732) (#733)
chore(cd): update armory-commons version to 3.16.2 (#721)
Updating Armory commons and gradle jar (#714)
chore(build): Updating Dockerfile with base image (#710)
Fixing header plugin reference (#684)
Removing Instance registration from Gate (#677)
chore(cd): update armory-commons version to 3.15.1 (#674)
chore(cd): update base service version to gate:2023.11.21.19.56.21.master (#654)
chore(cd): update base service version to gate:2023.11.20.21.38.07.master (#653)
chore(cd): update base service version to gate:2023.11.15.18.44.06.master (#652)
chore(cd): update base service version to gate:2023.11.14.21.32.23.master (#651)
chore(cd): update base service version to gate:2023.11.13.18.53.08.master (#650)
chore(cd): update base service version to gate:2023.11.13.18.31.24.master (#649)
chore(cd): update base service version to gate:2023.11.10.19.54.05.master (#648)
chore(cd): update base service version to gate:2023.11.06.16.41.58.master (#647)
chore(cd): update base service version to gate:2023.11.02.19.56.35.master (#646)
chore(cd): update base service version to gate:2023.10.30.00.10.25.master (#645)
chore(cd): update base service version to gate:2023.10.20.17.45.11.master (#644)
chore(cd): update base service version to gate:2023.10.17.22.55.10.master (#643)
chore(cd): update base service version to gate:2023.10.17.20.06.22.master (#642)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#640)
chore(cd): update base service version to gate:2023.10.04.14.06.55.master (#639)
chore(cd): update base service version to gate:2023.10.02.10.18.38.master (#637)
chore(cd): update base service version to gate:2023.10.02.10.06.07.master (#636)
chore(cd): update base service version to gate:2023.10.02.09.54.57.master (#635)
chore(cd): update base service version to gate:2023.10.02.09.44.13.master (#634)
chore(cd): update base service version to gate:2023.10.02.09.29.18.master (#633)

Armory Igor - 2.32.3…2.34.0

chore(build): Updating Build dependencies (#613) (#614)
chore(cd): update armory-commons version to 3.16.2 (#606)
chore(cd): update base service version to igor:2024.04.27.02.25.13.master (#602)
chore(cd): update base service version to igor:2024.04.16.22.31.21.master (#600)
chore(cd): update base service version to igor:2024.04.06.04.28.03.master (#599)
chore(cd): update base service version to igor:2024.04.01.04.34.59.master (#598)
Updating gradle jar (#597)
chore(cd): update base service version to igor:2024.03.26.21.17.26.master (#596)
Preparing Jenkins ChangeSet/Cause to be contributed to OSS (#595)
chore(cd): update base service version to igor:2024.03.23.00.21.14.master (#594)
chore(cd): update base service version to igor:2024.03.21.20.18.57.master (#593)
chore(cd): update base service version to igor:2024.03.21.20.03.53.master (#592)
chore(cd): update base service version to igor:2024.03.21.16.45.24.master (#591)
chore(cd): update base service version to igor:2024.03.12.20.07.19.master (#588)
chore(build): Updating Dockerfile with base image (#590)
chore(cd): update base service version to igor:2024.02.26.18.28.26.master (#576)
chore(cd): update base service version to igor:2024.02.22.17.19.30.master (#574)
chore(cd): update base service version to igor:2024.02.19.20.17.04.master (#572)
chore(cd): update base service version to igor:2024.02.07.19.47.17.master (#571)
chore(cd): update base service version to igor:2024.02.05.04.13.32.master (#570)
chore(cd): update base service version to igor:2024.02.02.19.02.47.master (#569)
chore: OS Updates (#516)
chore(cd): update base service version to igor:2024.01.28.17.58.42.master (#563)
chore(cd): update armory-commons version to 3.15.1 (#560)
chore(cd): update base service version to igor:2024.01.05.23.42.17.master (#553)
chore(cd): update base service version to igor:2024.01.04.20.38.26.master (#552)
chore(cd): update base service version to igor:2024.01.02.18.59.20.master (#551)
chore(cd): update base service version to igor:2024.01.01.19.47.05.master (#550)
chore(cd): update base service version to igor:2023.12.22.16.57.46.master (#549)
chore(cd): update base service version to igor:2023.12.20.18.00.11.master (#547)
chore(cd): update base service version to igor:2023.12.20.17.19.58.master (#546)
chore(cd): update base service version to igor:2023.12.20.17.03.29.master (#545)
chore(cd): update base service version to igor:2023.12.12.09.59.13.master (#544)
chore(cd): update base service version to igor:2023.12.05.21.36.31.master (#543)
chore(cd): update base service version to igor:2023.12.01.10.13.33.master (#542)
chore(cd): update base service version to igor:2023.12.01.09.55.03.master (#541)
chore(cd): update base service version to igor:2023.11.28.17.22.52.master (#540)
chore(cd): update base service version to igor:2023.11.22.00.04.55.master (#538)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#524)
chore(cd): update base service version to igor:2023.10.04.14.08.12.master (#523)
chore(cd): update base service version to igor:2023.10.01.17.22.32.master (#521)
chore(cd): update base service version to igor:2023.10.01.17.09.34.master (#520)
chore(cd): update base service version to igor:2023.10.01.16.59.10.master (#519)
chore(cd): update base service version to igor:2023.10.01.16.48.40.master (#518)
chore(cd): update base service version to igor:2023.10.01.16.39.00.master (#517)

Armory Front50 - 2.32.3…2.34.0

chore(build): Updating Build dependencies (#697) (#698)
chore(cd): update base service version to front50:2024.06.18.14.36.38.release-1.34.x (#696)
chore(cd): update armory-commons version to 3.16.2 (#685)
chore(cd): update base service version to front50:2024.04.29.15.39.38.master (#682)
chore(cd): update base service version to front50:2024.04.28.03.20.59.master (#681)
chore(cd): update base service version to front50:2024.04.27.00.45.16.master (#680)
chore(cd): update base service version to front50:2024.04.19.02.36.56.master (#679)
chore(cd): update base service version to front50:2024.04.16.22.32.00.master (#678)
chore(cd): update base service version to front50:2024.04.07.23.11.07.master (#677)
chore(cd): update base service version to front50:2024.04.06.04.27.40.master (#676)
chore(cd): update base service version to front50:2024.04.04.17.04.27.master (#675)
chore(cd): update base service version to front50:2024.04.03.15.42.24.master (#674)
chore(cd): update base service version to front50:2024.04.01.18.07.35.master (#673)
Updating Armory commons and gradle jar (#672)
chore(cd): update base service version to front50:2024.03.21.16.45.10.master (#671)
chore(build): Updating Dockerfile with base image (#670)
chore(cd): update base service version to front50:2024.03.12.17.35.53.master (#669)
chore(cd): update base service version to front50:2024.03.12.16.24.08.master (#668)
Updating force dependency on com.google.cloud:google-cloud-storage:1.108.0 (#663)
chore(cd): update base service version to front50:2024.03.03.17.42.35.master (#661)
chore(cd): update base service version to front50:2024.02.27.05.27.41.master (#656)
chore(cd): update base service version to front50:2024.02.22.17.18.49.master (#654)
chore(cd): update base service version to front50:2024.02.20.17.53.04.master (#653)
chore(cd): update base service version to front50:2024.02.08.08.30.49.master (#651)
chore(cd): update base service version to front50:2024.02.05.04.13.13.master (#650)
chore(cd): update base service version to front50:2024.02.02.19.02.51.master (#649)
chore(cd): update base service version to front50:2024.02.01.16.11.56.master (#646)
chore(cd): update armory-commons version to 3.15.1 (#643)
chore: Front50 OS upgrade (#604)
chore(cd): update base service version to front50:2024.01.05.23.42.35.master (#638)
chore(cd): update base service version to front50:2024.01.04.20.38.03.master (#637)
chore(cd): update base service version to front50:2024.01.02.18.59.32.master (#636)
chore(cd): update base service version to front50:2024.01.01.19.49.07.master (#635)
chore(cd): update base service version to front50:2023.12.23.17.39.44.master (#634)
chore(cd): update base service version to front50:2023.12.12.09.59.08.master (#632)
chore(cd): update base service version to front50:2023.12.05.21.35.59.master (#631)
chore(cd): update base service version to front50:2023.12.01.16.41.08.master (#630)
chore(cd): update base service version to front50:2023.12.01.09.58.07.master (#629)
chore(cd): update base service version to front50:2023.11.28.17.22.41.master (#628)
chore(cd): update base service version to front50:2023.11.22.00.53.22.master (#627)
chore(cd): update base service version to front50:2023.11.22.00.05.06.master (#626)
chore(cd): update base service version to front50:2023.11.20.21.37.41.master (#624)
chore(cd): update base service version to front50:2023.11.20.17.51.21.master (#623)
chore(cd): update base service version to front50:2023.11.14.21.29.17.master (#622)
chore(cd): update base service version to front50:2023.11.13.18.26.35.master (#621)
chore(cd): update base service version to front50:2023.11.10.21.06.29.master (#620)
chore(cd): update base service version to front50:2023.11.10.19.56.12.master (#619)
chore(cd): update base service version to front50:2023.11.02.19.58.46.master (#618)
chore(cd): update base service version to front50:2023.10.30.00.11.22.master (#617)
chore(cd): update base service version to front50:2023.10.20.17.47.46.master (#616)
chore(cd): update base service version to front50:2023.10.17.22.54.47.master (#615)
chore(cd): update base service version to front50:2023.10.17.20.07.46.master (#614)

Armory Fiat - 2.32.3…2.34.0

chore(build): Updating Build dependencies (#614)
chore(cd): update armory-commons version to 3.16.2 (#606)
chore(cd): update base service version to fiat:2024.04.27.01.37.20.master (#602)
chore(cd): update base service version to fiat:2024.04.06.04.25.40.master (#600)
fix(build): Updating vault addr for gradle build (#597)
chore(cd): update base service version to fiat:2024.04.01.17.07.04.master (#596)
Updating gradle jar (#595)
chore(cd): update base service version to fiat:2024.03.21.16.43.41.master (#594)
chore(build): Updating Dockerfile with base image (#593)
Fixing Integration tests (#588)
chore(cd): update base service version to fiat:2024.02.07.19.26.24.master (#578)
chore(cd): update base service version to fiat:2024.02.05.04.12.57.master (#577)
chore(cd): update base service version to fiat:2024.02.02.19.01.47.master (#576)
chore(cd): update base service version to fiat:2024.02.01.17.05.49.master (#574)
chore(cd): update armory-commons version to 3.15.1 (#570)
chore(cd): update base service version to fiat:2024.01.05.23.41.30.master (#566)
chore(cd): update base service version to fiat:2024.01.04.20.37.33.master (#565)
chore(cd): update base service version to fiat:2024.01.02.18.58.32.master (#564)
chore(cd): update base service version to fiat:2024.01.01.19.51.44.master (#563)
chore(cd): update base service version to fiat:2023.12.22.15.44.41.master (#562)
chore(cd): update base service version to fiat:2023.12.05.21.35.14.master (#561)
chore(cd): update base service version to fiat:2023.12.01.16.26.11.master (#560)
chore(cd): update base service version to fiat:2023.12.01.16.18.32.master (#559)
chore(cd): update base service version to fiat:2023.12.01.16.09.54.master (#558)
chore(cd): update base service version to fiat:2023.12.01.09.56.22.master (#557)
chore(cd): update base service version to fiat:2023.11.28.18.18.48.master (#556)
chore(cd): update base service version to fiat:2023.11.28.17.19.21.master (#555)
chore(cd): update base service version to fiat:2023.11.22.00.53.43.master (#554)

Armory Orca - 2.32.3…2.34.0

chore(cd): update base orca version to 2024.07.17.09.05.39.release-1.34.x (#924)
chore(build): Updating Build dependencies (#911)
chore(cd): update base orca version to 2024.06.12.02.19.43.release-1.34.x (#899)
chore(cd): update base orca version to 2024.06.11.23.58.30.release-1.34.x (#898)
chore(cd): update base orca version to 2024.06.11.17.07.47.release-1.34.x (#896)
chore(cd): update base orca version to 2024.05.09.17.57.44.release-1.34.x (#888)
chore(cd): update armory-commons version to 3.16.2 (#883)
chore(cd): update base orca version to 2024.04.29.19.19.52.master (#880)
chore(cd): update base orca version to 2024.04.29.16.29.08.master (#879)
chore(cd): update base orca version to 2024.04.27.02.30.03.master (#877)
chore(cd): update base orca version to 2024.04.25.13.50.22.master (#875)
chore(cd): update base orca version to 2024.04.24.18.43.23.master (#874)
chore(cd): update base orca version to 2024.04.19.15.05.09.master (#873)
chore(cd): update base orca version to 2024.04.18.16.22.33.master (#872)
chore(cd): update base orca version to 2024.04.17.17.21.57.master (#871)
chore(cd): update base orca version to 2024.04.16.22.34.47.master (#870)
chore(cd): update base orca version to 2024.04.16.21.38.54.master (#869)
chore(cd): update base orca version to 2024.04.16.13.59.24.master (#868)
chore(cd): update base orca version to 2024.04.15.20.08.34.master (#866)
chore(cd): update base orca version to 2024.04.15.04.26.46.master (#864)
Fixing docker task after gradle upgrade (#863)
chore(cd): update base orca version to 2024.04.06.04.32.03.master (#861)
chore(cd): update base orca version to 2024.04.01.18.07.02.master (#859)
Updating Armory commons and gradle jar (#858)
chore(cd): update base orca version to 2024.03.28.16.27.46.master (#857)
chore(cd): update base orca version to 2024.03.22.17.37.27.master (#854)
chore(cd): update base orca version to 2024.03.21.16.50.28.master (#853)
chore(build): Updating Dockerfile with base image (#851)
chore(cd): update base orca version to 2024.02.23.19.06.04.master (#828)
chore(cd): update base orca version to 2024.02.23.01.17.40.master (#827)
chore(cd): update base orca version to 2024.02.23.00.50.00.master (#826)
chore(cd): update base orca version to 2024.02.22.17.55.18.master (#825)
chore(cd): update base orca version to 2024.02.22.16.05.46.master (#824)
Changing to a Spinnaker known type (#821)
chore(cd): update base orca version to 2024.02.07.21.28.21.master (#820)
chore(cd): update base orca version to 2024.02.05.21.07.46.master (#819)
chore(cd): update base orca version to 2024.02.05.04.19.15.master (#818)
chore(cd): update base orca version to 2024.02.02.19.08.07.master (#817)
chore(cd): update base orca version to 2024.02.01.18.07.15.master (#814)
chore(cd): update base orca version to 2024.02.01.16.25.27.master (#813)
chore(cd): update base orca version to 2024.02.01.16.11.06.master (#812)
chore(cd): update base orca version to 2024.01.31.18.02.11.master (#811)
fix(teraformer): Fixing NPE on artifact binding for Terraformer (#809)
chore(cd): update base orca version to 2024.01.29.15.51.20.master (#807)
chore(cd): update armory-commons version to 3.15.1 (#804)
chore(cd): update base orca version to 2024.01.10.17.10.48.master (#800)
chore(cd): update base orca version to 2024.01.08.17.32.19.master (#799)
chore(cd): update base orca version to 2024.01.05.23.47.32.master (#798)
chore(cd): update base orca version to 2024.01.04.20.44.00.master (#797)
chore(cd): update base orca version to 2024.01.03.22.08.01.master (#796)
chore(cd): update base orca version to 2024.01.02.19.05.35.master (#795)
chore(cd): update base orca version to 2024.01.01.19.48.39.master (#794)
chore(cd): update base orca version to 2023.12.23.17.53.55.master (#793)
chore(cd): update base orca version to 2023.12.22.16.59.22.master (#792)
fix(liquibase): upgraded armory-commons to upgrade liquibase (#790)
chore(cd): update base orca version to 2023.12.12.10.03.50.master (#789)
chore(cd): update base orca version to 2023.12.07.19.22.03.master (#788)
chore(cd): update base orca version to 2023.12.05.21.41.46.master (#787)
chore(cd): update base orca version to 2023.12.01.16.48.30.master (#786)
chore(cd): update base orca version to 2023.12.01.15.06.58.master (#785)
chore(cd): update base orca version to 2023.12.01.09.05.34.master (#784)
chore(cd): update base orca version to 2023.11.28.17.29.13.master (#783)
chore(cd): update base orca version to 2023.11.24.14.27.38.master (#782)
chore(cd): update base orca version to 2023.11.22.16.05.23.master (#781)
chore(cd): update base orca version to 2023.11.22.00.54.46.master (#780)
chore(cd): update base orca version to 2023.11.22.00.08.19.master (#779)
chore(cd): update base orca version to 2023.11.21.22.12.18.master (#778)
chore(cd): update base orca version to 2023.11.20.22.16.16.master (#775)
chore(cd): update base orca version to 2023.11.20.19.10.04.master (#774)
chore(cd): update base orca version to 2023.11.17.17.47.00.master (#773)
chore(cd): update base orca version to 2023.11.17.16.37.53.master (#772)
chore(cd): update base orca version to 2023.11.17.16.26.04.master (#771)
chore(cd): update base orca version to 2023.11.17.16.13.17.master (#770)
chore(cd): update base orca version to 2023.11.14.21.32.18.master (#769)
chore(cd): update base orca version to 2023.11.13.18.29.48.master (#768)
chore(cd): update base orca version to 2023.11.10.19.59.54.master (#767)
chore(cd): update base orca version to 2023.11.06.18.06.14.master (#761)
chore(cd): update base orca version to 2023.11.05.19.30.38.master (#760)
chore(cd): update base orca version to 2023.11.03.16.37.40.master (#759)
chore(cd): update base orca version to 2023.11.02.20.02.41.master (#758)
chore(cd): update base orca version to 2023.10.30.21.33.51.master (#757)
chore(cd): update base orca version to 2023.10.30.17.58.20.master (#756)
chore(cd): update base orca version to 2023.10.30.03.06.33.master (#755)
chore(cd): update base orca version to 2023.10.27.14.36.30.master (#754)
chore(cd): update base orca version to 2023.10.20.17.53.21.master (#753)
chore(cd): update base orca version to 2023.10.17.22.57.08.master (#749)
chore(cd): update base orca version to 2023.10.17.20.09.56.master (#748)

Spinnaker

Release notes for OSS Spinnaker 1.33.0
Release notes for OSS Spinnaker 1.34.0

Spinnaker Clouddriver - 1.34.3

Spinnaker Echo - 1.34.3

Spinnaker Deck - 1.34.3

Spinnaker Rosco - 1.34.3

Spinnaker Kayenta - 1.34.3

Spinnaker Gate - 1.34.3

Spinnaker Igor - 1.34.3

Spinnaker Front50 - 1.34.3

Spinnaker Fiat - 1.34.3

Spinnaker Orca - 1.34.3

fix(sqlExecutionRepo): Return compressed columns when enabled for retrieve pipelines with configId (backport #4765) (#4766)

Continuous-Deployment: v2.32.3 Armory Continuous Deployment Release (Spinnaker™ v1.32.4)

Tue, 14 May 2024 00:00:00 +0000

2024/05/14 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.32.3, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

AWS Lambda plugin migrated to OSS

Additionally, the AWS Lambda stages are now enabled using the Deck feature flag feature.lambdaAdditionalStages = true; as shown in the configuration block below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.functions = true;
 // Enable the AWS Lambda pipeline stages in Deck using the feature flag
 window.spinnakerSettings.feature.lambdaAdditionalStages = true;
 ...
 clouddriver:
 aws:
 enabled: true
 features:
 lambda:
 enabled: true
 ## Remove the AWS Lambda plugin from the Armory CD configuration.
 #gate:
 # spinnaker:
 # extensibility:
 # deck-proxy:
 # enabled: true
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json 
 #orca:
 # spinnaker:
 # extensibility:
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # extensions:
 # Aws.LambdaDeploymentStage:
 # enabled: true
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # id: awsLambdaDeploymentPluginRepo
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json

Related OSS PRs:

Known issues

Highlighted updates

Terraformer support for AWS S3 Artifact Store

Armory version 2.32.0 adds support for the same feature for the Terraform Integration stage.

Note: The artifact-store feature is disabled by default. To enable the artifact-store feature the following configuration is required:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

When enabling the artifact-store feature it is recommended to deploy the services in this order:

Clouddriver service
Terraformer service
Orca service
Rosco service

Enable Jenkins job triggers for jobs located sub-folders

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 feature:
 igor:
 jobNameAsQueryParameter: true
 orca:
 feature:
 igor:
 jobNameAsQueryParameter: true
 igor:
 feature:
 igor:
 jobNameAsQueryParameter: true

Pipeline As Code: Bitbucket fallback support for default branch

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 dinghy:
 repoConfig:
 - branch: some_branch
 provider: bitbucket-server
 repo: my-bitbucket-repository

Performance improvements for the search executions API operations

The search executions API operations have been optimized to improve performance and reduce the time taken to search for pipelines by triggerType or eventId.

RunJob stage improvement

RunJob stage now persist any External Log links after the deletion of the pods. This enhancement ensures that the External Log links are available even after the pods are deleted.

Task View loading support for Paginated requests

To enable this feature, set the window.spinnakerSettings.tasksViewLimitPerPage = <number> flag to the desired number in the settings-local.js deck profile. For example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.tasksViewLimitPerPage = 100;
 ... 

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.32.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 7d9e31043c8baa81afb59a2a30aee2235b7e90ab
version: 2.32.3
deck:
commit: 19096fa607fabd0fd8865b18739eab577b4b7a9b
version: 2.32.3
dinghy:
commit: f5b14ffba75721322ada662f2325e80ec86347de
version: 2.32.3
echo:
commit: 9d2abeeea4341e5ba94654925ba6488a9038af3f
version: 2.32.3
fiat:
commit: 5e1839ef81812c439fb37b411bd3b381131c8c40
version: 2.32.3
front50:
commit: ba318cd2c445f14e5d6c3db87fa1658549385403
version: 2.32.3
gate:
commit: c6654ca6e316eef474c59296120d3f9f34eb0bdf
version: 2.32.3
igor:
commit: 9339ab63ab3d85ebcb00131033d19f26ad436f05
version: 2.32.3
kayenta:
commit: bccd150fcc8a7cb7df537ec6269bce5d2843c703
version: 2.32.3
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: ddbe104b0a3e32406c3bac38ea2b8c0c04605825
version: 2.32.3
rosco:
commit: dfe611ffdd2cf9ae7c524fb9970af47350ca5e96
version: 2.32.3
terraformer:
commit: 2dc7666ca2d25acb85ab2b9f8efc864599061c45
version: 2.32.3
timestamp: "2024-05-13 20:39:58"
version: 2.32.3

Armory

Armory Kayenta - 2.32.2…2.32.3

Armory Echo - 2.32.2…2.32.3

Armory Orca - 2.32.2…2.32.3

chore(cd): update base orca version to 2024.05.07.00.09.39.release-1.32.x (#885)
chore(cd): update base orca version to 2024.05.09.17.58.27.release-1.32.x (#889)

Armory Fiat - 2.32.2…2.32.3

Armory Gate - 2.32.2…2.32.3

Terraformer™ - 2.32.2…2.32.3

Armory Clouddriver - 2.32.2…2.32.3

chore(cd): update base service version to clouddriver:2024.05.07.00.14.24.release-1.32.x (#1123)

Armory Rosco - 2.32.2…2.32.3

Armory Deck - 2.32.2…2.32.3

chore(cd): update base deck version to 2024.0.0-20240507164950.release-1.32.x (#1408)
chore(cd): update base deck version to 2024.0.0-20240509175950.release-1.32.x (#1409)
chore(cd): update base deck version to 2024.0.0-20240510152918.release-1.32.x (#1412)
chore(cd): update base deck version to 2024.0.0-20240513181456.release-1.32.x (#1416)

Dinghy™ - 2.32.2…2.32.3

Armory Igor - 2.32.2…2.32.3

Armory Front50 - 2.32.2…2.32.3

Spinnaker

Spinnaker Kayenta - 1.32.4

Spinnaker Echo - 1.32.4

Spinnaker Orca - 1.32.4

fix(check-pre-condition): CheckPrecondition doesn’t evaluate expression correctly after upstream stages get restarted (#4682) (#4719)
fix(jenkins): Wrong Job name encoding in query params for Artifacts/Properties (#4722) (#4725)

Spinnaker Fiat - 1.32.4

Spinnaker Gate - 1.32.4

Spinnaker Clouddriver - 1.32.4

fix(gcp): Relaxed health check for GCP accounts (#6200) (#6204)

Spinnaker Rosco - 1.32.4

Spinnaker Deck - 1.32.4

fix(lambda): Invoke stage excludedArtifactTypes not including the embedded-artifact type (#10097) (#10102)
feat(taskView): Implement opt-in paginated request for TaskView (backport #10093) (#10094)
fix(pipeline): Handle render/validation when stageTimeoutMs is a Spel expression (#10103) (#10106)
fix(redblack): fixing redblack onchange values (#10107) (#10111)

Spinnaker Igor - 1.32.4

Spinnaker Front50 - 1.32.4

Continuous-Deployment: v2.32.2 Armory Continuous Deployment Release (Spinnaker™ v1.32.4)

Tue, 30 Apr 2024 00:00:00 +0000

2024/04/30 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.32.2, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

AWS Lambda plugin migrated to OSS

Additionally, the AWS Lambda stages are now enabled using the Deck feature flag feature.lambdaAdditionalStages = true; as shown in the configuration block below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.functions = true;
 // Enable the AWS Lambda pipeline stages in Deck using the feature flag
 window.spinnakerSettings.feature.lambdaAdditionalStages = true;
 ...
 clouddriver:
 aws:
 enabled: true
 features:
 lambda:
 enabled: true
 ## Remove the AWS Lambda plugin from the Armory CD configuration.
 #gate:
 # spinnaker:
 # extensibility:
 # deck-proxy:
 # enabled: true
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json 
 #orca:
 # spinnaker:
 # extensibility:
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # extensions:
 # Aws.LambdaDeploymentStage:
 # enabled: true
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # id: awsLambdaDeploymentPluginRepo
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json

Related OSS PRs:

Known issues

Highlighted updates

Terraformer support for AWS S3 Artifact Store

Armory version 2.32.0 adds support for the same feature for the Terraform Integration stage.

Note: The artifact-store feature is disabled by default. To enable the artifact-store feature the following configuration is required:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

When enabling the artifact-store feature it is recommended to deploy the services in this order:

Clouddriver service
Terraformer service
Orca service
Rosco service

Enable Jenkins job triggers for jobs located sub-folders

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 feature:
 igor:
 jobNameAsQueryParameter: true
 orca:
 feature:
 igor:
 jobNameAsQueryParameter: true
 igor:
 feature:
 igor:
 jobNameAsQueryParameter: true

Pipeline As Code: Bitbucket fallback support for default branch

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 dinghy:
 repoConfig:
 - branch: some_branch
 provider: bitbucket-server
 repo: my-bitbucket-repository

Performance improvements for the search executions API operations

The search executions API operations have been optimized to improve performance and reduce the time taken to search for pipelines by triggerType or eventId.

RunJob stage improvement

RunJob stage now persist any External Log links after the deletion of the pods. This enhancement ensures that the External Log links are available even after the pods are deleted.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.32.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: b29acea67a40b4145431137ba96454c1d1bf0d73
version: 2.32.2
deck:
commit: 13f331421b292db61f14392e6932880aa5c49f25
version: 2.32.2
dinghy:
commit: f5b14ffba75721322ada662f2325e80ec86347de
version: 2.32.2
echo:
commit: 9d2abeeea4341e5ba94654925ba6488a9038af3f
version: 2.32.2
fiat:
commit: 5e1839ef81812c439fb37b411bd3b381131c8c40
version: 2.32.2
front50:
commit: ba318cd2c445f14e5d6c3db87fa1658549385403
version: 2.32.2
gate:
commit: c6654ca6e316eef474c59296120d3f9f34eb0bdf
version: 2.32.2
igor:
commit: 9339ab63ab3d85ebcb00131033d19f26ad436f05
version: 2.32.2
kayenta:
commit: bccd150fcc8a7cb7df537ec6269bce5d2843c703
version: 2.32.2
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: aa898e512f93921b8786ea790bfe1cb5abc12f2b
version: 2.32.2
rosco:
commit: dfe611ffdd2cf9ae7c524fb9970af47350ca5e96
version: 2.32.2
terraformer:
commit: 2dc7666ca2d25acb85ab2b9f8efc864599061c45
version: 2.32.2
timestamp: "2024-04-25 15:56:08"
version: 2.32.2

Armory

Armory Clouddriver - 2.32.1…2.32.2

Armory Kayenta - 2.32.1…2.32.2

Armory Echo - 2.32.1…2.32.2

Armory Deck - 2.32.1…2.32.2

chore(cd): update base deck version to 2024.0.0-20240416232157.release-1.32.x (#1400)
chore(cd): update base deck version to 2024.0.0-20240425133704.release-1.32.x (#1403)
chore(cd): update base deck version to 2024.0.0-20240425135304.release-1.32.x (#1404)

Armory Fiat - 2.32.1…2.32.2

fix(build): Updating vault addr for gradle build (#597) (#598)

Armory Gate - 2.32.1…2.32.2

chore(cd): update base service version to gate:2024.03.25.21.57.21.release-1.32.x (#712)

Terraformer™ - 2.32.1…2.32.2

fix(tf-show): Reverting go-cmd implementation (#551) (#552)
Build: Removing full history fetch (#553) (#554)
Updating Dockerfile with harness email list and pull from Dockerhub (#550) (#556)
Fixing Dockerfile with missing tools (#557) (#558)
fix(build): Refarctoring Dockerfile to fix build failures (#559) (#560)
fix(build): Fixing Dockerfile for multi-build process (#561) (#562)

Armory Rosco - 2.32.1…2.32.2

Dinghy™ - 2.32.1…2.32.2

Armory Orca - 2.32.1…2.32.2

chore(cd): update base orca version to 2024.03.26.22.19.53.release-1.32.x (#856)
chore(cd): update base orca version to 2024.04.02.15.59.15.release-1.32.x (#860)
chore(cd): update base orca version to 2024.04.15.20.03.44.release-1.32.x (#865)
chore(cd): update base orca version to 2024.04.15.22.28.52.release-1.32.x (#867)

Armory Igor - 2.32.1…2.32.2

Armory Front50 - 2.32.1…2.32.2

Spinnaker

Spinnaker Clouddriver - 1.32.4

Spinnaker Kayenta - 1.32.4

Spinnaker Echo - 1.32.4

Spinnaker Deck - 1.32.4

fix(runJobs): Persist External Log links after the deletion of the pods (#10081) (#10084)
fix(pipelineGraph): Handling exception when requisiteStageRefIds is not defined (#10086) (#10089)
fix(lambdaStages): Exporting Lambda stages based on the feature flag settings (#10085) (#10092)

Spinnaker Fiat - 1.32.4

Spinnaker Gate - 1.32.4

fix(core): RetrofitError thrown on login (#1737) (#1779)

Spinnaker Rosco - 1.32.4

Spinnaker Orca - 1.32.4

feat(servergroup): Allow users to opt-out of the target desired size check when verifying if the instances scaled up or down successfully (#4649) (#4653)
fix(queue): Fix ZombieExecutionCheckingAgent to handle queues with more than 100 items (#4648) (#4683)
fix(explicitRollback): Add configurable timeout for serverGroup lookup from Clouddriver API (#4686) (#4690)
perf(sql): Optimise searchForPipelinesByTrigger LIMIT and OFFSET SQL query (#4698) (#4699)
fix(SqlExecutionRepository): fixed bug in sql repository in orca-sql … (backport #4697) (#4701)

Spinnaker Igor - 1.32.4

Spinnaker Front50 - 1.32.4

Continuous-Deployment: v2.31.1 Armory Continuous Deployment Release (Spinnaker™ v1.31.3)

Fri, 15 Mar 2024 00:00:00 +0000

2024/03/15 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.31.1, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

Clouddriver and Spring Cloud

The Spring Boot version has been upgraded, introducing a backwards incompatible change to the way configuration is loaded in Spinnaker. Users will need to set the spring.cloud.config.enabled property to true in the service settings of Clouddriver to preserve existing behavior. All of the other configuration blocks remain the same.

Affected versions: Armory CD 2.30.0 and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

New: doNotEval SPeL expression

This feature introduces a new SpEL doNotEval method that includes the received JSON object with the NotEvaluableExpression class.
The toJson method (and others in the future) do not evaluate expressions and do not throw exceptions for instances of the NotEvaluableExpression class.
See the Spinnaker doc’s doNotEval SPeL expression changelog note for more details regarding this feature flag.

Automatically cancel Jenkins jobs

You now have the ability to cancel triggered Jenkins jobs when a pipeline is canceled, giving you more control over your full Jenkins workflow. Learn more this Spinnaker changelog.

Enhanced BitBucket Server pull request handling

Trigger pipelines natively when pull requests are opened in BitBucket with newly added events including PR opened, deleted, and declined. See Triggering pipelines with Bitbucket Server in the Spinnaker docs for details

Early access features enabled manually

New: Pipeline Triggers: only cache enabled pipelines with enabled triggers of specific types

Enabling this flag may allow Echo to better utilize its cache, improving overall pipeline trigger performance for frequently used pipelines. See the pull request for more information regarding this feature flag.

New: Option to disable healthcheck for Google provider

Added the option to disable the healthcheck for Google provider similar to AWS and Kubernetes.

Helm parameters

Spinnaker users baking Helm charts can now use SpEL expression parameters for API Version and Kubernetes Version in the Bake Manifest stage so that they can conditionally deploy different versions of artifacts depending on the target cluster API and Kubernetes versions. To learn more about this exciting new feature, see Helm Parameters in the Spinnaker docs.

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. Add this block to your orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

In Orca, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

In Deck, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Run Pipelines-as-Code with permissions scoped to a specific service account

Enhancing Pipelines-as-Code to upsert a pipeline using an Orca call instead of a Front50 call, to mimic the calls from Deck. By default, it is disabled. To enable, set the following in dinghy.yml:

upsertPipelineUsingOrcaTaskEnabled: true

Pipelines-as-Code PR checks

This feature, when enabled, verifies if the author of a commit that changed app parameters has sufficient WRITE permission for that app. You can specify a list of authors whose permissions are not valid. This option’s purpose is to skip permissions checks for bots and tools.

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Now you can configure Pipeline-as-Code to pull Pipelines-as-Code files from multiple branches on the same repo. Cut out the tedious task of managing multiple repos. Use a single repo for application pipelines. See Multiple branches for how to enable and configure this feature.

Terraform template fix

Armory fixed an issue with SpEL expression failures appearing while using Terraformer to serialize data from a Terraform Plan execution. With this feature flag fix enabled, you are able to use the Terraform template file provider. Open a support ticket if you need this fix.

Highlighted updates

Spring Boot

As part of the modernization effort, Spring Boot has been updated to 2.5. Note that there is no expected change for end users due to this change. Plugin developers may need to update their projects to work with 2.31.0+.

Clouddriver

Changed the validation Clouddriver runs before performing operations for the Kubernetes provider. The kinds and omitKinds fields on a Kubernetes account definition no longer restrict what Kubernetes kinds can be deployed by Clouddriver; instead, these fields now only control what kinds Clouddriver caches. Armory CD operators should ensure that Kubernetes RBAC controls are used to restrict what kinds Armory CD can deploy.
Bumped aws-cli to 1.22 to enable FIPS compliance configuration options.

Deck

Added Cloud Run manifest functionality in Deck.
Made the StageFailureMessage component overridable, which enables the ability to override the red error box in the component of a plugin.
Added the ability to allow plugins to provide custom icon components.
- Enables plugins to use the Icon component with a custom icon. Currently the Icon component is limited to only icons defined in iconsByName.
For the Helm bake feature, added additional input fields where the user can fill in details of the API’s versions. These input fields are not be pre-populated with versions of the target cluster available in the environment. They become part of the bake result. Added API_VERSIONS_ENABLED env variable flag.

Echo

Added a new configuration flag: pipelineCache.filterFront50Pipelines that defaults to false. When false, Echo caches all pipelines Front50. When true, it only caches enabled pipelines with enabled triggers of specific types. – The types that Echo knows how to trigger, along with some changes to the logic for handling manual executions so they continue to function. This is typically a very small subset of all pipelines.

Fiat

Added the ability to register SpinnakerRetrofitErrorHandler with each Retrofit.RestAdapter and replaces each RetrofitError catch block with a catch-block using SpinnakerServerException or the appropriate subclass. This change does not alter any of this service’s behavior, it merely allows error messages to surface even when the error was thrown in a microservice more than one network call from the service in which the request originated. This is part of an effort to consume SpinnakerRetrofitErrorHandler in each Spinnaker microservice, as detailed in this Github issue.

Front50

Added optional query params to the GET /pipelines endpoint.
Return all pipelines triggered when the given pipeline configuration ID completes with the given status. Initially used in this PR.
Added three new config flags to each object type under service-storage.
- Two of the three are performance improvements which you can read about in the Spinnaker 1.31.0 changelog

Kayenta

Added a storage service migrator.
- Added the ability to migrate account credentials and account configurations data from S3/GCS to MySQL/PostgreSQL and vice versa
- See the PR comment for instructions on how to use these properties (in kayenta-local.yml) to enable the data migration and MySQL or PostgreSQL data source.

Orca

Added a new configuration flag: front50.useTriggeredByEndpoint that defaults to false. When false, Orca queries Front50 for all pipelines each time a pipeline execution completes. When true, Orca only queries for pipelines triggered when a specific pipeline completes which is potentially a very small subset of all pipelines.

Enable Jenkins job triggers for jobs located sub-folders

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 feature:
 igor:
 jobNameAsQueryParameter: true
 orca:
 feature:
 igor:
 jobNameAsQueryParameter: true
 igor:
 feature:
 igor:
 jobNameAsQueryParameter: true

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.31.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: cb7a25cc5d610afc67346cf25af98082566e38f6
version: 2.31.1
deck:
commit: 1dd95e4ef5ed631f24253bf917200c3cf52655af
version: 2.31.1
dinghy:
commit: 1bbb649f71d128d167229d72a1c94aa480f99684
version: 2.31.1
echo:
commit: abefa81c6eac597a0db45e33ebaebd464cfdc5df
version: 2.31.1
fiat:
commit: f1079f69f0184aae517680c48283cf9a52c9cf26
version: 2.31.1
front50:
commit: 13814c48944265261af52c3929a4b96fc6c45add
version: 2.31.1
gate:
commit: abfb0120ca617cb5806c7f2082ab4f8e9d7190b2
version: 2.31.1
igor:
commit: a66db7a9037a4ddec4e131ec0b0bb137956a9395
version: 2.31.1
kayenta:
commit: 18b22f0e9ca778f354ec5ac8255d0014ba6339ff
version: 2.31.1
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: e46aab32af0ec1031eb216fc3fa2cf00f957aea0
version: 2.31.1
rosco:
commit: 9812503db8271e32cd5d7960db12441fa8a39494
version: 2.31.1
terraformer:
commit: 50082463ccd180cb4763078671a105ab70dee5e6
version: 2.31.1
timestamp: "2024-03-14 18:17:56"
version: 2.31.1

Armory

Armory Orca - 2.31.0…2.31.1

Adding aws mysql jdbc drivers (#816)
chore(cd): update armory-commons version to 3.14.4 (#832)
chore(cd): update armory-commons version to 3.14.5 (#835)
chore(cd): update base orca version to 2024.03.11.15.12.53.release-1.31.x (#843)
chore(cd): update base orca version to 2024.03.14.15.56.51.release-1.31.x (#848)
chore(cd): update base orca version to 2024.03.14.16.21.01.release-1.31.x (#849)

Terraformer™ - 2.31.0…2.31.1

Armory Fiat - 2.31.0…2.31.1

Armory Igor - 2.31.0…2.31.1

chore(cd): update base service version to igor:2024.01.22.15.24.57.release-1.31.x (#555)
chore: OS Updates (#516) (#567)
chore(cd): update armory-commons version to 3.14.4 (#578)
chore(cd): update armory-commons version to 3.14.5 (#580)
chore(cd): update base service version to igor:2024.03.14.15.50.26.release-1.31.x (#589)

Armory Deck - 2.31.0…2.31.1

Armory Echo - 2.31.0…2.31.1

chore(cd): update armory-commons version to 3.14.4 (#691)
chore(cd): update armory-commons version to 3.14.5 (#693)
chore(cd): update base service version to echo:2024.03.14.14.32.38.release-1.31.x (#701)
chore(cd): update base service version to echo:2024.03.14.16.01.06.release-1.31.x (#702)

Armory Rosco - 2.31.0…2.31.1

fix(ci): Removing integration tests as not stable (backport #627) (#629)
chore(cd): update armory-commons version to 3.14.4 (#645)
chore(cd): update armory-commons version to 3.14.5 (#646)

Armory Kayenta - 2.31.0…2.31.1

chore(cd): update base service version to kayenta:2023.11.21.08.03.27.release-1.31.x (#499)
chore(cd): update armory-commons version to 3.14.4 (#521)
chore(cd): update armory-commons version to 3.14.5 (#522)

Armory Front50 - 2.31.0…2.31.1

chore: Front50 OS upgrade (#604) (#640)
chore(cd): update armory-commons version to 3.14.4 (#657)
chore(cd): update armory-commons version to 3.14.5 (#658)
Updating force dependency on com.google.cloud:google-cloud-storage:1.108.0 (#663) (#664)

Armory Clouddriver - 2.31.0…2.31.1

chore(cd): update armory-commons version to 3.14.4 (#1081)
chore(cd): update base service version to clouddriver:2024.02.27.14.37.01.release-1.31.x (#1082)
chore(cd): update armory-commons version to 3.14.5 (#1085)

Armory Gate - 2.31.0…2.31.1

chore(gate): Removing Instance registration from Gate (backport #677) (#679)
fix(header): Fixing header plugin reference in config (backport #684) (#686)
chore(cd): update armory-commons version to 3.14.4 (#701)
chore(cd): update armory-commons version to 3.14.5 (#702)

Dinghy™ - 2.31.0…2.31.1

chore(dependencies): v0.0.0-20240213103436-d0dc889db2c6 (backport #529) (#531)

Spinnaker

Spinnaker Orca - 1.31.3

feat(servergroup): Allow users to opt-out of the target desired size check when verifying if the instances scaled up or down successfully (#4649) (#4652)
feat(jenkins): Enable Jenkins job triggers for jobs in sub-folders (#4618) (#4633)
fix(jenkins): Enable properties and artifacts with job name as query parameter (#4661) (#4677)

Spinnaker Fiat - 1.31.3

Spinnaker Igor - 1.31.3

feat(jenkins): Enable Jenkins job triggers for jobs in sub-folders (#1204) (#1215)
fix(jenkins): Enable properties and artifacts with job name as query parameter (#1230) (#1240)

Spinnaker Deck - 1.31.3

Spinnaker Echo - 1.31.3

feat(jenkins): Enable Jenkins job triggers for jobs in sub-folders (#1373) (#1380)
fix(jenkins): Enable properties and artifacts with job name as query parameter (#1393) (#1403)

Spinnaker Rosco - 1.31.3

Spinnaker Kayenta - 1.31.3

chore(dependencies): Autobump orcaVersion (#1001)

Spinnaker Front50 - 1.31.3

Spinnaker Clouddriver - 1.31.3

fix: Change the agent type name to not include the account name since this would generate LOTS of tables and cause problems long term (#6158) (#6164)

Spinnaker Gate - 1.31.3

Continuous-Deployment: v2.32.1 Armory Continuous Deployment Release (Spinnaker™ v1.32.4)

Thu, 14 Mar 2024 00:00:00 +0000

2024/03/14 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.32.1, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

In versions 2.32.0 and 2.32.1 of Spinnaker, there is an issue with x509 authentication that affects certificates without roles. Certificates lacking roles will fail to authenticate in these versions. However, certificates with roles are not affected and will continue to function properly. Users relying on x509 authentication are advised to exercise caution when upgrading to versions 2.32.0 and 2.32.1. It’s recommended to wait for version 2.32.2 or a later release, which includes a fix for this issue. Testing the upgrade in a non-production environment is advisable to ensure smooth operation.

AWS Lambda plugin migrated to OSS

Additionally, the AWS Lambda stages are now enabled using the Deck feature flag feature.lambdaAdditionalStages = true; as shown in the configuration block below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.functions = true;
 // Enable the AWS Lambda pipeline stages in Deck using the feature flag
 window.spinnakerSettings.feature.lambdaAdditionalStages = true;
 ...
 clouddriver:
 aws:
 enabled: true
 features:
 lambda:
 enabled: true
 ## Remove the AWS Lambda plugin from the Armory CD configuration.
 #gate:
 # spinnaker:
 # extensibility:
 # deck-proxy:
 # enabled: true
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json 
 #orca:
 # spinnaker:
 # extensibility:
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # extensions:
 # Aws.LambdaDeploymentStage:
 # enabled: true
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # id: awsLambdaDeploymentPluginRepo
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json

Related OSS PRs:

Known issues

In versions 2.32.0 and 2.32.1 of Spinnaker, there is an issue with x509 authentication that affects certificates without roles. Certificates lacking roles will fail to authenticate in these versions. However, certificates with roles are not affected and will continue to function properly. Users relying on x509 authentication are advised to exercise caution when upgrading to versions 2.32.0 and 2.32.1. It’s recommended to update on version 2.32.2 or a later release, which includes a fix for this issue. Testing the upgrade in a non-production environment is advisable to ensure smooth operation.

Terraform Show stage failures

In Armory version 2.32.0 and 2.32.1, the Terraform Show stage fails with Buffer errors during execution. It’s recommended to update on version 2.32.2 or a later release, which includes a fix for this issue.

AWS Lambda Stages are not visible in the UI

In Armory version 2.32.0 and 2.32.1, the AWS Lambda stages are not visible in the UI due to an issue with the Deck feature flag. It’s recommended to update on version 2.32.2 or a later release, which includes a fix for this issue.

Highlighted updates

Terraformer support for AWS S3 Artifact Store

Armory version 2.32.0 adds support for the same feature for the Terraform Integration stage.

Note: The artifact-store feature is disabled by default. To enable the artifact-store feature the following configuration is required:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

When enabling the artifact-store feature it is recommended to deploy the services in this order:

Clouddriver service
Terraformer service
Orca service
Rosco service

Enable Jenkins job triggers for jobs located sub-folders

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 feature:
 igor:
 jobNameAsQueryParameter: true
 orca:
 feature:
 igor:
 jobNameAsQueryParameter: true
 igor:
 feature:
 igor:
 jobNameAsQueryParameter: true

Pipeline As Code: Bitbucket fallback support for default branch

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 dinghy:
 repoConfig:
 - branch: some_branch
 provider: bitbucket-server
 repo: my-bitbucket-repository

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.32.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: b29acea67a40b4145431137ba96454c1d1bf0d73
version: 2.32.1
deck:
commit: e7c8c0982afe9a49ab6c3d230f3aaa38e874eb30
version: 2.32.1
dinghy:
commit: f5b14ffba75721322ada662f2325e80ec86347de
version: 2.32.1
echo:
commit: 9d2abeeea4341e5ba94654925ba6488a9038af3f
version: 2.32.1
fiat:
commit: 3f3fe6bf09708847a0f853bc74f6755920a4312b
version: 2.32.1
front50:
commit: ba318cd2c445f14e5d6c3db87fa1658549385403
version: 2.32.1
gate:
commit: dd64887668a2e2212667ca942e0bfd303aa34c60
version: 2.32.1
igor:
commit: 9339ab63ab3d85ebcb00131033d19f26ad436f05
version: 2.32.1
kayenta:
commit: bccd150fcc8a7cb7df537ec6269bce5d2843c703
version: 2.32.1
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 9d45d87956abd9aad29ef8f9858e602e72d78c3c
version: 2.32.1
rosco:
commit: dfe611ffdd2cf9ae7c524fb9970af47350ca5e96
version: 2.32.1
terraformer:
commit: 6dbdb8b4c277cca4285b4d29d10f6cf3765f7590
version: 2.32.1
timestamp: "2024-03-12 14:53:28"
version: 2.32.1

Armory

Armory Front50 - 2.32.0…2.32.1

chore(cd): update armory-commons version to 3.15.3 (#659)
chore(cd): update armory-commons version to 3.15.4 (#660)
Fixing gcs dependencies (#662)
chore(armory-commons): Update armory-commons to 3.15.4 (#665)
chore(cd): update base service version to front50:2024.03.08.16.52.13.release-1.32.x (#666)
chore(cd): update base service version to front50:2024.03.08.19.18.53.release-1.32.x (#667)

Armory Clouddriver - 2.32.0…2.32.1

chore(cd): update base service version to clouddriver:2024.02.27.14.37.13.release-1.32.x (#1083)
chore(cd): update armory-commons version to 3.15.3 (#1086)
chore(cd): update armory-commons version to 3.15.4 (#1088)
chore(cd): update base service version to clouddriver:2024.03.08.19.52.28.release-1.32.x (#1091)

Armory Deck - 2.32.0…2.32.1

Armory Orca - 2.32.0…2.32.1

chore(cd): update base orca version to 2024.02.27.15.33.36.release-1.32.x (#833)
chore(cd): update armory-commons version to 3.15.3 (#836)
chore(cd): update armory-commons version to 3.15.4 (#837)
chore(cd): update base orca version to 2024.03.08.16.54.30.release-1.32.x (#840)
chore(cd): update base orca version to 2024.03.08.19.21.42.release-1.32.x (#841)

Dinghy™ - 2.32.0…2.32.1

Armory Gate - 2.32.0…2.32.1

fix: esapi CVE scan report (#602) (#700)
chore(cd): update armory-commons version to 3.15.4 (#704)
chore(cd): update base service version to gate:2024.03.08.19.17.43.release-1.32.x (#707)

Armory Rosco - 2.32.0…2.32.1

chore(cd): update armory-commons version to 3.15.3 (#647)
chore(cd): update armory-commons version to 3.15.4 (#648)
chore(cd): update base service version to rosco:2024.03.08.16.49.31.release-1.32.x (#650)

Armory Echo - 2.32.0…2.32.1

chore(cd): update base service version to echo:2024.02.27.15.33.43.release-1.32.x (#692)
chore(cd): update armory-commons version to 3.15.3 (#694)
chore(cd): update armory-commons version to 3.15.4 (#695)
chore(cd): update base service version to echo:2024.03.08.16.50.19.release-1.32.x (#697)
chore(cd): update base service version to echo:2024.03.08.19.17.18.release-1.32.x (#698)

Terraformer™ - 2.32.0…2.32.1

fix(remote/artifacts): Passing user to clouddriver when using remote store (#548) (#549)

Armory Fiat - 2.32.0…2.32.1

chore(cd): update armory-commons version to 3.15.4 (#587)
chore(cd): update base service version to fiat:2024.03.08.16.48.59.release-1.32.x (#590)

Armory Kayenta - 2.32.0…2.32.1

chore(cd): update armory-commons version to 3.15.4 (#524)
chore(cd): update base service version to kayenta:2024.03.08.20.48.11.release-1.32.x (#525)

Armory Igor - 2.32.0…2.32.1

chore(cd): update base service version to igor:2024.02.27.15.32.19.release-1.32.x (#579)
chore(cd): update armory-commons version to 3.15.3 (#581)
chore(cd): update armory-commons version to 3.15.4 (#582)
chore(cd): update base service version to igor:2024.03.08.16.52.17.release-1.32.x (#584)
chore(cd): update base service version to igor:2024.03.08.19.18.39.release-1.32.x (#585)

Spinnaker

Spinnaker Front50 - 1.32.4

chore(dependencies): Autobump korkVersion (#1439)
chore(dependencies): Autobump fiatVersion (#1440)

Spinnaker Clouddriver - 1.32.4

fix: Change the agent type name to not include the account name since this would generate LOTS of tables and cause problems long term (#6158) (#6165)
chore(dependencies): Autobump korkVersion (#6169)
chore(dependencies): Autobump fiatVersion (#6170)

Spinnaker Deck - 1.32.4

Spinnaker Orca - 1.32.4

fix(jenkins): Enable properties and artifacts with job name as query parameter (#4661) (#4664)
chore(dependencies): Autobump korkVersion (#4667)
chore(dependencies): Autobump fiatVersion (#4668)

Spinnaker Gate - 1.32.4

chore(dependencies): Autobump korkVersion (#1773)
chore(dependencies): Autobump fiatVersion (#1774)

Spinnaker Rosco - 1.32.4

chore(dependencies): Autobump korkVersion (#1077)

Spinnaker Echo - 1.32.4

fix(jenkins): Enable properties and artifacts with job name as query parameter (#1393) (#1396)
chore(dependencies): Autobump korkVersion (#1398)
chore(dependencies): Autobump fiatVersion (#1399)

Spinnaker Fiat - 1.32.4

chore(dependencies): Autobump korkVersion (#1145)

Spinnaker Kayenta - 1.32.4

chore(dependencies): Autobump orcaVersion (#1023)

Spinnaker Igor - 1.32.4

fix(jenkins): Enable properties and artifacts with job name as query parameter (#1230) (#1233)
chore(dependencies): Autobump korkVersion (#1235)
chore(dependencies): Autobump fiatVersion (#1236)

Continuous-Deployment: v2.32.0 Armory Continuous Deployment Feature Release (Spinnaker™ v1.32.3)

Fri, 09 Feb 2024 00:00:00 +0000

2024/02/09 release notes

Note: If you experience production issues after upgrading Armory Continuous Deployment, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory CD 2.32.0, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

AWS Lambda plugin migrated to OSS

Additionally, the AWS Lambda stages are now enabled using the Deck feature flag feature.lambdaAdditionalStages = true; as shown in the configuration block below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 deck:
 settings-local.js: |
 ...
 window.spinnakerSettings.feature.functions = true;
 // Enable the AWS Lambda pipeline stages in Deck using the feature flag
 window.spinnakerSettings.feature.lambdaAdditionalStages = true;
 ...
 clouddriver:
 aws:
 enabled: true
 features:
 lambda:
 enabled: true
 ## Remove the AWS Lambda plugin from the Armory CD configuration.
 #gate:
 # spinnaker:
 # extensibility:
 # deck-proxy:
 # enabled: true
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json 
 #orca:
 # spinnaker:
 # extensibility:
 # plugins:
 # Aws.LambdaDeploymentPlugin:
 # enabled: true
 # version: <version>
 # extensions:
 # Aws.LambdaDeploymentStage:
 # enabled: true
 # repositories:
 # awsLambdaDeploymentPluginRepo:
 # id: awsLambdaDeploymentPluginRepo
 # url: https://raw.githubusercontent.com/spinnaker-plugins/aws-lambda-deployment-plugin-spinnaker/master/plugins.json

Related OSS PRs:

Known issues

With S3 artifact storage enabled Terraformer stages break when authentication is set on applications

The Terraform Integration stage does not support Applications that have RBAC rules enabled (Application roles) with the AWS S3 Artifact Store feature enabled. Customers that enable the AWS S3 Artifact Store feature and have Application level RBAC rules will experience issues with the Terraform Integration stage leading to pipeline failures with Failed to fetch artifact errors, similar to:

level=error msg="Error executing job c5b8edb5-7944-49ac-adb4-26875e999030: failed to stage directory for terraform execution:
There was a problem downloading an artifact type: remote/base64, reference: ref://myapp/c01487060c05cc2c31301c41c5811ca4ea02310e03bd02e879f13f87ec43c221 - failed to fetch artifact.

This will be resolved in 2.32.1 release of Armory CD. Customers are advised to contact Armory Support for assistance on working around this issue on 2.32.0

Highlighted updates

Terraformer support for AWS S3 Artifact Store

Armory version 2.32.0 adds support for the same feature for the Terraform Integration stage.

Note: The artifact-store feature is disabled by default. To enable the artifact-store feature the following configuration is required:

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 spinnaker:
 artifact-store:
 enabled: true
 s3:
 enabled: true
 region: <S3Bucket Region>
 bucket: <S3Bucket Name>

When enabling the artifact-store feature it is recommended to deploy the services in this order:

Clouddriver service
Terraformer service
Orca service
Rosco service

Enable Jenkins job triggers for jobs located sub-folders

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 echo:
 feature:
 igor:
 jobNameAsQueryParameter: true
 orca:
 feature:
 igor:
 jobNameAsQueryParameter: true
 igor:
 feature:
 igor:
 jobNameAsQueryParameter: true

Pipeline As Code: Bitbucket fallback support for default branch

apiVersion: spinnaker.armory.io/v1alpha2
kind: SpinnakerService
metadata:
 name: spinnaker
spec:
 spinnakerConfig:
 profiles:
 dinghy:
 repoConfig:
 - branch: some_branch
 provider: bitbucket-server
 repo: my-bitbucket-repository

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.32.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Expand to see the BOM

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 27d2b5f64b07ae03a49edac6f3e937b06f15d1bf
version: 2.32.0
deck:
commit: e7c8c0982afe9a49ab6c3d230f3aaa38e874eb30
version: 2.32.0
dinghy:
commit: f5b14ffba75721322ada662f2325e80ec86347de
version: 2.32.0
echo:
commit: d7483b6acd82b7b7a8053a1ec66aa9897930dbea
version: 2.32.0
fiat:
commit: 2c0d010ce00d9519b316e15af734a05835df1048
version: 2.32.0
front50:
commit: c68b97b642a6d9168d361d74dad373e565850f5d
version: 2.32.0
gate:
commit: 1f96d4f238c63798cf34e818760ffb25b3a4b009
version: 2.32.0
igor:
commit: fe40091df01e89e9abc4b6b761002397c4022298
version: 2.32.0
kayenta:
commit: af68e872b806eb49f4f0071187f998f18f04c3c2
version: 2.32.0
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 538b577c932e3c67af7db78f28fa3ee0209e934b
version: 2.32.0
rosco:
commit: 776c66208dd16ad41defad3d0b6d8bcc3dbba24d
version: 2.32.0
terraformer:
commit: 58c3386295676fccf44aa9d38c69e1e0482109ca
version: 2.32.0
timestamp: "2024-02-13 16:21:59"
version: 2.32.0

Armory

Armory Deck - 2.31.0…2.32.0

chore(cd): update base deck version to 2023.0.0-20231018060056.release-1.31.x (#1361)
fix(action): upgrade node version to match OSS (#1356) (#1357)
chore(alpine): Fix Deck to support ARM processor - SAAS-1953 (backport #1341) (#1355)
chore(ci): removed aquasec scan action (#1340) (#1344)
chore(cd): update base deck version to 2023.0.0-20230403112432.master (#1325)
chore(ci): removed aquasec scan action (#1340) (#1387)
chore: OS updates (#1354) (#1388)
chore(alpine): Fix Deck to support ARM processor - SAAS-1953 (backport #1341) (#1386)
fix(action): upgrade node version to match OSS (#1356) (#1385)
chore(cd): update base deck version to 2023.0.0-20231024141913.release-1.32.x (#1380)
chore(oss): Sync oss with release-2.32-x (#1389)
build(action): pass version to fix build (#1390) (#1391)
chore(cd): update base deck version to 2023.0.0-20231024141913.release-1.32.x (#1395)

Armory Fiat - 2.31.0…2.32.0

chore(feat): Support ARM with docker buildx - SAAS-1953 (#540) (#541)
chore(ci): removed aquasec scan action (#523) (#525)
fix(okhttp): Decrypt properties before creating client. (#501) (#504)
chore(cd): update armory-commons version to 3.14.2 (#500)
chore(armory-commons): upgrading armory-commons to 3.14.0-rc.3 (#497)
chore(ci): removed aquasec scan action (#523) (#569)
chore: OS Updates (#532) (#568)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #540) (#567)
chore(cd): update armory-commons version to 3.15.2 (#572)
chore(cd): update base service version to 2023.08.24.21.54.55.master (#573)

Armory Clouddriver - 2.31.0…2.32.0

chore(cd): update base service version to clouddriver:2023.11.20.21.43.26.release-1.31.x (#1030)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #999) (#1004)
fix: CVE-2023-37920 (#977) (#993)
chore(ci): removed aquasec scan action (#971) (#982)
chore(cd): update base service version to clouddriver:2023.09.20.19.42.06.release-1.31.x (#981)
chore(cd): update base service version to clouddriver:2023.09.08.18.30.47.release-1.31.x (#968)
chore(cd): update base service version to clouddriver:2023.08.29.05.45.59.release-1.31.x (#942)
chore(cd): update base service version to clouddriver:2023.08.28.17.52.39.release-1.31.x (#941)
chore(cd): update base service version to clouddriver:2023.08.28.14.14.40.release-1.31.x (#939)
fix: AWS CLI pip installation (#918) (#924)
chore(cd): update base service version to clouddriver:2023.07.21.18.25.26.release-1.31.x (#915)
chore(cd): update armory-commons version to 3.14.2 (#911)
chore(cd): update base service version to clouddriver:2023.06.05.20.51.02.master (#885)
chore(cd): update base service version to clouddriver:2023.11.22.08.49.43.release-1.32.x (#1053)
fix: Enable bootstrap mechanism disabled and deprecated starting with spring cloud 2020.0.0 (#888) (#1061)
fix: CVE-2023-37920 (#977) (#1062)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #999) (#1064)
chore(cd): update armory-commons version to 3.15.2 (#1068)

Armory Front50 - 2.31.0…2.32.0

chore(ci): removed aquasec scan action (#590) (#593)
chore(cd): update base service version to front50:2023.09.05.18.25.32.release-1.31.x (#584)
chore(cd): update base service version to front50:2023.08.29.04.59.48.release-1.31.x (#581)
chore(cd): update base service version to front50:2023.08.28.17.17.25.release-1.31.x (#580)
chore(cd): update armory-commons version to 3.14.2 (#567)
chore(cd): update base service version to front50:2023.07.18.21.40.31.master (#563)
chore(cd): update base service version to front50:2023.09.05.18.32.03.release-1.32.x (#633)
chore: Front50 OS upgrade (#604) (#639)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #612) (#642)
chore(cd): update armory-commons version to 3.15.2 (#645)

Armory Orca - 2.31.0…2.32.0

chore(cd): update base orca version to 2023.11.07.16.19.53.release-1.31.x (#765)
chore(cd): update base orca version to 2023.11.06.18.16.18.release-1.31.x (#763)
chore(cd): update base orca version to 2023.10.18.06.01.58.release-1.31.x (#751)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #704) (#746)
fix(ci): added release.version to docker build (#745)
chore(cd): update base orca version to 2023.10.10.16.08.51.release-1.31.x (#743)
fix(terraformer): Ignoring logs from the Terraformer stage context (#740) (#742)
chore(ci): removing docker build and aquasec scans (#715)
chore(cd): update base orca version to 2023.09.22.18.05.39.release-1.31.x (#714)
chore(cd): update base orca version to 2023.09.22.14.30.27.release-1.31.x (#711)
chore(ci): removed aquasec scan action (#695) (#705)
chore(cd): update base orca version to 2023.08.29.05.07.45.release-1.31.x (#688)
chore(cd): update base orca version to 2023.08.28.20.04.29.release-1.31.x (#687)
chore(cd): update base orca version to 2023.07.21.15.43.04.release-1.31.x (#675)
chore(cd): update armory-commons version to 3.14.2 (#671)
chore(cd): update base orca version to 2022.04.01.22.15.58.master (#459)
chore(cd): update base orca version to 2023.11.07.00.08.45.release-1.32.x (#791)
fix(terraformer): Ignoring logs from the Terraformer stage context (#740) (#802)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #704) (#801)
chore(cd): update armory-commons version to 3.15.2 (#805)
chore(build): pull latest changes from master (#806)
fix(terraformer): Fixing NPE for artifact binding (#810)
Update RunTerraformTask.java
feat(jenkins): Enable Jenkins job triggers for jobs in sub-folders (#822)

Armory Kayenta - 2.31.0…2.32.0

Update buildx for build gradle and action workflow (#484) (#485)
chore(ci): removed aquasec scan action (#469) (#470)
chore(cd): update armory-commons version to 3.14.2 (#456)
fix: Remove whitespace when defining spring properties (#437)
chore: OS Updates (#476) (#508)
fix(dev): renaming package of main class to run kayenta locally (#452) (#509)
chore(cd): update base service version to kayenta:2023.11.22.03.11.43.master (#493) (#510)
chore(feat): Support ARM arch - SAAS-1953 (backport #484) (#507)
chore(cd): update armory-commons version to 3.15.2 (#513)
Update gradle.properties (#514)

Armory Echo - 2.31.0…2.32.0

chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #637) (#640)
chore(cd): update base service version to echo:2023.08.29.05.00.24.release-1.31.x (#612)
chore(ci): removed aquasec scan action (#618) (#621)
chore(cd): update armory-commons version to 3.14.2 (#601)
chore(cd): update base service version to echo:2023.02.20.21.09.15.master (#539)
fix: Upgrade grpc-netty-shaded to address the service initialization failure issue. (#647) (#649) (#672)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #637) (#674)
chore(cd): update base service version to echo:2023.09.27.02.27.14.master (backport #630) (#673)
chore(cd): update armory-commons version to 3.15.2 (#677)
chore(cd): update base service version to echo:2023.08.29.18.12.32.master (#678)
chore(cd): update base service version to echo:2024.02.13.00.21.09.release-1.32.x (#684)

Armory Gate - 2.31.0…2.32.0

chore(ci): removed aquasec scan action (#616) (#621)
chore(cd): update base service version to gate:2023.09.01.15.43.46.release-1.31.x (#607)
fix: esapi CVE scan report (#602) (#605)
chore(cd): update base service version to gate:2023.08.29.05.01.02.release-1.31.x (#604)
chore(cd): update base service version to gate:2023.08.28.17.15.40.release-1.31.x (#600)
chore(cd): update armory-commons version to 3.14.2 (#586)
chore(armory-commons): upgrading armory-commons to 3.14.0-rc.3 (#583)
Updating Banner plugin to 0.2.0 (#630) (#672)
chore: OS Upgrades (#629) (#671)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #640) (#670)
chore(cd): update base service version to gate:2023.09.01.15.44.50.release-1.32.x (#664)
chore(cd): update armory-commons version to 3.15.2 (#676)
Removing Instance registration from Gate (#677) (#678)
Fixnig armory header plugin (#681)
fix(header): Fix local repo for Armory.Header (#682)
Fixing header plugin reference (#684) (#685)
chore(cd): update base service version to gate:2024.02.01.16.29.20.release-1.32.x (#689)

Terraformer™ - 2.31.0…2.32.0

fix(cd): Fix terraform build fail (#529) (#530)
Minor changes for Terraform tag name (#527) (#528)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #525) (#526)
chore(ci): removed aquasec scan action (#510) (#511)
chore(ci): removing aquasec scans on push (#517) (#518)
chore(alpine): Update alpine version (#497)
chore(cd): Merge master to release-2.32.x branch (#540)
fix(remote/artifacts): Adding support to fetch remote artifacts from clouddriver (#543) (#544)
fixes for planfile (#545) (#546)

Armory Igor - 2.31.0…2.32.0

fix: NoSuchMethodError exception in JenkinsClient. (#377) (#529)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#524) (#525)
chore(ci): removed aquasec scan action (#495) (#507)
chore(cd): update armory-commons version to 3.14.2 (#475)
chore(cd): update base service version to igor:2022.09.14.15.59.58.master (#368)
fix: NoSuchMethodError exception in JenkinsClient. (#377) (#558)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #524) (#557)
chore(cd): update base service version to igor:2024.01.22.15.24.36.release-1.32.x (#554)
chore(cd): update armory-commons version to 3.15.2 (#562)
chore: OS Updates (#516) (#566)

Dinghy™ - 2.31.0…2.32.0

chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #504) (#511)
chore(ci): removing aquasec scans for any push (#497) (#498)
chore(ci): removed aquasec scan action (#489) (#491)
chore(alpine): Upgrade alpine version (#481)
chore(ci): removing aquasec scans for any push (#497) (#519)
fix: Builds (backport #512) (#521)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #504) (#520)
feat(stash): bumped oss dinghy version to introduce upgraded downloaded logic for BitBucket/Stash (#524)
chore(dependencies): updated oss dinghy version (backport #525) (#527)
chore(dependencies): v0.0.0-20240213103436-d0dc889db2c6 (backport #529) (#532)

Armory Rosco - 2.31.0…2.32.0

chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #584) (#587)
chore(cd): update base service version to rosco:2023.08.28.17.15.52.release-1.31.x (#562)
chore(ci): removed aquasec scan action (#565) (#567)
chore(cd): update armory-commons version to 3.14.2 (#552)
chore(armory-commons): upgrading armory-commons to 3.14.0-rc.3 (#549)
chore(cd): update armory-commons version to 3.15.2 (#626)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #584) (#622)
fix(ci): Removing integration tests as not stable (#627) (#628)
chore(cd): update base service version to rosco:2023.10.18.06.02.52.release-1.32.x (#616)

Spinnaker

Spinnaker Deck - 1.32.3

feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#10036) (#10047)
fix: Scaling bounds should parse float not int (#10026) (#10032)
Revert “fix(core): conditionally hide expression evaluation warning messages (#9771)” (#10021) (#10023)
Publish packages to NPM (#10000)
chore(dependencies): Autobump spinnakerGradleVersion (#10002)
chore(dependencies): Autobump spinnakerGradleVersion (#10004)
feat(lambda): Migrate Lambda plugin to OSS (#9988)
chore(dependencies): Autobump spinnakerGradleVersion (#10006)
chore(build): upgrade to Gradle 7.6.1 (#10008)
fix(core/pipeline): Resolved issue getting during pipeline save with spaces in pipeline name. (#10009)
feat(cdevents-webhooks) : CDEvents Webhook type in Automated Triggers type (#9977)
fix(security): don’t expose server information on error pages (#10010)
feat(artifacts): Add support for artifact store views and calls (#10011)
feat(kubernetes): Add Deck stage for Rolling Restart (#10012)
chore(dependencies): Autobump spinnakerGradleVersion (#10013)
feat(stages/bakeManifests): add helmfile support (#9998)
Publish packages to NPM (#10005)
feat(core): set Cancellation Reason to be expanded by default (#10018)
Revert “fix(core): conditionally hide expression evaluation warning messages (#9771)” (#10021) (#10022)
fix: Scaling bounds should parse float not int (#10026) (#10033)
fix(kubernetes): export rollout restart stage so it’s actually available for use (#10037) (#10043)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#10036) (#10048)
fix(lambda): available Runtimes shared between Deploy stage and Functions tab (#10050) (#10054)

Spinnaker Fiat - 1.32.3

fix(ssl): Removed unused deprecated okHttpClientConfig from retrofitConfig. (#1082) (#1092)
fix(roles-sync): fix CallableCache’s NPE exception for caching synchronization strategy (#1077) (#1081)
chore(dependencies): Autobump korkVersion (#1057)
feat(fiat): Suppress application details when updating permissions (#1060)
feat(ldap): Support for handling DN based multiloaded roles (#1058)
chore(build): upgrade gradle to 7.6.1 (#1059)
chore(dependencies): Autobump korkVersion (#1061)
chore(dependencies): Autobump spinnakerGradleVersion (#1062)
chore(dependencies): Autobump korkVersion (#1063)
chore(dependencies): Autobump korkVersion (#1064)
chore(dependencies): Autobump spinnakerGradleVersion (#1065)
chore(dependencies): Autobump spinnakerGradleVersion (#1067)
chore(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#1068)
feat(fiat) - Cache fetched LDAP roles to speed up role syncs. (#1066)
chore(dependencies): Autobump korkVersion (#1070)
chore(dependencies): Autobump korkVersion (#1071)
chore(dependencies): Autobump korkVersion (#1072)
refactor(tests): convert junit4 based testcases to junit5 and clean up in fiat (#1073)
chore(dependencies): Autobump korkVersion (#1074)
chore(dependencies): Autobump korkVersion (#1075)
fix(ldap): fixed sporadic occurrence of InvalidCacheLoadException (#1076)
fix(roles-sync): fix CallableCache’s NPE exception for caching synchronization strategy (#1077)
chore(dependencies): Autobump spinnakerGradleVersion (#1078)
chore(dependencies): Autobump korkVersion (#1083)
chore(dependencies): Autobump korkVersion (#1084)
chore(dependencies): Autobump korkVersion (#1085)
chore(dependencies): Autobump korkVersion (#1086)
fix(ssl): Removed unused deprecated okHttpClientConfig from retrofitConfig. (#1082)
chore(dependencies): Autobump korkVersion (#1093)
chore(dependencies): Autobump korkVersion (#1094)

Spinnaker Clouddriver - 1.32.3

fix(cats): passing incorrect redis config into interval provider (#6105) (#6108)
fix(lambda): Lambda is leaking threads on agent refreshes. remove the custom threadpool (#6048) (#6049)
fix: Fix docker build in GHA by removing some of the GHA tools (#6033) (#6036)
chore(dependencies): Autobump fiatVersion (#6011)
chore(dependencies): Autobump korkVersion (#6010)
fix(builds): Backport flag for installing aws cli (#6009)
fix(gce): remove the duplicate cache attribute “subnet” and update the test (#5977) (#5984)
chore(dependencies): Autobump fiatVersion (#5962)
chore(dependencies): Autobump korkVersion (#5964)
chore(dependencies): Autobump spinnakerGradleVersion (#5965)
chore(build): upgrade gradle to 7.6.1 (#5966)
chore(dependencies): Autobump korkVersion (#5967)
chore(dependencies): Autobump korkVersion (#5968)
feat: Add the possibility to update the default handler for the Global Resource Property Registry. (#5963)
chore(dependencies): Autobump spinnakerGradleVersion (#5969)
chore(dependencies): Autobump spinnakerGradleVersion (#5970)
chore(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#5974)
chore(dependencies): Autobump korkVersion (#5975)
chore(dependencies): Autobump korkVersion (#5978)
chore(dependencies): Autobump korkVersion (#5979)
feat(artifacts): Adds ArtifactStore logic to clouddriver (#5976)
chore(dependencies): Autobump korkVersion (#5980)
chore(dependencies): Autobump korkVersion (#5981)
chore(dependencies): Autobump spinnakerGradleVersion (#5983)
perf(cache): Optimise heap usage in SqlCache (#5982)
fix(gce): remove the duplicate cache attribute “subnet” and update the test (#5977)
refactor(tests): convert junit4 based testcases to junit5 and clean up in clouddriver (#5987)
feat(integration-tests): increase kubernetes integration test coverage (#5990)
chore(dependencies): Autobump korkVersion (#5991)
chore(dependencies): Autobump korkVersion (#5992)
chore(dependencies): Autobump korkVersion (#5993)
chore(kubectl): upgrade kubectl version from 1.20.6 to 1.22.17 (#5953)
chore(upgrades): Upgrade Ubuntu to latest release and fixes aws cli i… (#5996)
chore(awscli): Bump AWS CLI and fix install of AWS CLI (#5995)
chore(dependencies): Autobump korkVersion (#5994)
chore(dependencies): Autobump korkVersion (#6005)
chore(os): Update download location and get the kubectl the same between ubuntu and slim (#6003)
chore(dependencies): Autobump fiatVersion (#6012)
fix: Fix docker build in GHA by removing some of the GHA tools (#6033) (#6037)
fix(lambda): Lambda is leaking threads on agent refreshes. remove the custom threadpool (#6048) (#6050)
fix(cats): passing incorrect redis config into interval provider (#6105) (#6109)
feat(gcp): provide a configurable option to bypass gcp account health check. (backport #6093) (#6096)

Spinnaker Front50 - 1.32.3

chore(dependencies): Autobump fiatVersion (#1300)
chore(dependencies): Autobump korkVersion (#1299)
fix(core): skip existing items with null ids in StorageServiceSupport.fetchAllItemsOptimized (#1279) (#1281)
fix(core): tolerate items with null ids (#1276) (#1280)
fix(web): check trigger.getType() for null before invoking equals method (#1277) (#1278)
chore(dependencies): Autobump fiatVersion (#1264)
chore(build): upgrade gradle to 7.6.1 (#1265)
chore(dependencies): Autobump korkVersion (#1266)
chore(dependencies): Autobump spinnakerGradleVersion (#1267)
chore(dependencies): Autobump korkVersion (#1268)
chore(dependencies): Autobump korkVersion (#1269)
chore(dependencies): Autobump spinnakerGradleVersion (#1270)
chore(dependencies): Autobump spinnakerGradleVersion (#1271)
chore(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#1272)
chore(dependencies): Autobump korkVersion (#1273)
feat(sql): add configuration property sql.healthIntervalMillis (#1275)
fix(core): tolerate items with null ids (#1276)
fix(web): check trigger.getType() for null before invoking equals method (#1277)
fix(core): skip existing items with null ids in StorageServiceSupport.fetchAllItemsOptimized (#1279)
chore(dependencies): Autobump korkVersion (#1282)
chore(dependencies): Autobump korkVersion (#1283)
chore(dependencies): Autobump korkVersion (#1284)
chore(dependencies): Autobump korkVersion (#1285)
chore(build): update default containers to JRE 17 (#1274)
chore(dependencies): Autobump spinnakerGradleVersion (#1286)
chore(dependencies): Autobump korkVersion (#1287)
chore(dependencies): Autobump korkVersion (#1288)
chore(dependencies): Autobump korkVersion (#1289)
chore(dependencies): Autobump korkVersion (#1290)
chore(dependencies): Autobump korkVersion (#1297)
chore(dependencies): Autobump korkVersion (#1298)
chore(dependencies): Autobump fiatVersion (#1301)
fix(dependency): fix dependency version leak of google-api-services-storage from kork in front50-web (#1302) (#1385)

Spinnaker Orca - 1.32.3

fix(artifacts): Parent and child pipeline artifact resolution (backport #4575) (#4582)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#4546) (#4564)
fix(front50): teach MonitorPipelineTask to handle missing/null execution ids (#4555) (#4561)
fix(vpc): add data annotation to vpc (#4534) (#4537)
fix: duplicate entry exception for correlation_ids table. (#4521) (#4531)
chore(dependencies): Autobump fiatVersion (#4514)
chore(dependencies): Autobump korkVersion (#4513)
fix(artifacts): consider requiredArtifactIds in expected artifacts when trigger is pipeline type (#4489) (#4491)
fix(queue): fix ability to cancel a zombied execution (#4473) (#4477)
chore(dependencies): Autobump fiatVersion (#4464)
feat(mpt-v1): Support for jinja expressions in stages (#4462)
chore(dependencies): Autobump korkVersion (#4465)
chore(dependencies): Autobump spinnakerGradleVersion (#4466)
chore(build): upgrade gradle to 7.6.1 (#4463)
chore(dependencies): Autobump korkVersion (#4467)
chore(dependencies): Autobump spinnakerGradleVersion (#4468)
feat(lambda): migrate stages from AWS Lambda plugin to OSS (#4449)
fix(queue): Manual Judgment propagation (#4469)
chore(dependencies): Autobump spinnakerGradleVersion (#4472)
fix(queue): fix ability to cancel a zombied execution (#4473)
chore(dependencies): Autobump korkVersion (#4480)
chore(dependencies): Autobump korkVersion (#4482)
chore(dependencies): Autobump korkVersion (#4483)
feat(artifacts): Add ArtifactStore to orca (#4481)
refactor(tests): convert junit4 based test cases to junit5, clean up and unpin mockito in orca (#4484)
chore(dependencies): Autobump korkVersion (#4485)
chore(dependencies): Autobump korkVersion (#4486)
chore(dependencies): Autobump spinnakerGradleVersion (#4488)
feat(orca-bakery/manfests): add helmfile support (#4460)
fix(artifacts): consider requiredArtifactIds in expected artifacts when trigger is pipeline type (#4489)
feat(provider/google): Added cloudrun manifest functionality in orca. (#4396)
chore(dependencies): Autobump korkVersion (#4499)
chore(dependencies): Autobump korkVersion (#4500)
chore(dependencies): Autobump korkVersion (#4501)
chore(dependencies): Autobump korkVersion (#4502)
fix(expressions): fetch labels from actually deployed manfiest (#4508)
chore(dependencies): Autobump korkVersion (#4511)
chore(dependencies): Autobump korkVersion (#4512)
chore(dependencies): Autobump fiatVersion (#4515)
fix: duplicate entry exception for correlation_ids table. (#4521) (#4530)
fix(vpc): add data annotation to vpc (#4534) (#4538)
fix(front50): teach MonitorPipelineTask to handle missing/null execution ids (#4555) (#4559)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#4546) (#4565)
fix(artifacts): Parent and child pipeline artifact resolution (backport #4575) (#4583)
fix(artifacts): Automated triggers with artifact constraints are broken if you have 2 or more of the same type (backport #4579) (#4588)
feat(jenkins): Enable Jenkins job triggers for jobs in sub-folders (#4618) (#4634)

Spinnaker Kayenta - 1.32.3

fix(orca): Fix orca contributors status. (backport #977) (#980)
chore(dependencies): Autobump orcaVersion (#966)
chore(dependencies): Autobump spinnakerGradleVersion (#968)
chore(build): upgrade gradle to 7.6.1 (#967)
chore(dependencies): Autobump spinnakerGradleVersion (#969)
chore(dependencies): Autobump spinnakerGradleVersion (#970)
chore(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#971)
chore(dependencies): Autobump spinnakerGradleVersion (#973)
chore(dependencies): Autobump orcaVersion (#974)
feat(exceptions): Add SpinnakerRetrofitErrorHandler and replace RetrofitError catch blocks (#972)
fix(orca): Fix orca contributors status. (#977)
chore(dependencies): Autobump orcaVersion (#984)
chore(dependencies): Autobump orcaVersion (#1002)

Spinnaker Echo - 1.32.3

chore(dependencies): Autobump korkVersion (#1333)
fix(gha): Fix github status log and add tests (#1316) (#1318)
chore(dependencies): Autobump fiatVersion (#1299)
chore(dependencies): Autobump korkVersion (#1301)
chore(dependencies): Autobump spinnakerGradleVersion (#1302)
chore(build): upgrade gradle to 7.6.1 (#1300)
chore(dependencies): Autobump korkVersion (#1303)
chore(dependencies): Autobump korkVersion (#1304)
chore(dependencies): Autobump spinnakerGradleVersion (#1305)
chore(dependencies): Autobump spinnakerGradleVersion (#1306)
chore(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#1307)
chore(dependencies): Autobump korkVersion (#1308)
feat(cdevents-webhooks) : Consume CDEvents webhook API implementation (#1290)
chore(dependencies): Autobump korkVersion (#1309)
chore(dependencies): Autobump korkVersion (#1310)
refactor(tests): convert junit4 based testcases to junit5 and clean up in echo (#1311)
chore(dependencies): Autobump korkVersion (#1312)
chore(dependencies): Autobump korkVersion (#1313)
chore(dependencies): Autobump spinnakerGradleVersion (#1314)
fix(gha): Fix github status log and add tests (#1316)
chore(dependencies): Autobump korkVersion (#1321)
chore(dependencies): Autobump korkVersion (#1322)
feat(rest/circuit-breaker): Optimize Circuit Breaker in Rest Events (#1315)
chore(dependencies): Autobump korkVersion (#1323)
chore(dependencies): Autobump korkVersion (#1324)
chore(dependencies): Autobump korkVersion (#1331)
chore(dependencies): Autobump korkVersion (#1332)
chore(dependencies): Autobump fiatVersion (#1335)
feat(jenkins): Enable Jenkins job triggers for jobs in sub-folders (#1373) (#1381)

Spinnaker Gate - 1.32.3

chore(dependencies): Autobump fiatVersion (#1697)
chore(dependencies): Autobump korkVersion (#1695)
chore(dependencies): Autobump fiatVersion (#1662)
chore(dependencies): Autobump korkVersion (#1664)
chore(dependencies): Autobump spinnakerGradleVersion (#1665)
chore(build): upgrade gradle to 7.6.1 (#1660)
chore(dependencies): Autobump korkVersion (#1666)
chore(dependencies): Autobump korkVersion (#1667)
chore(dependencies): Autobump spinnakerGradleVersion (#1668)
chore(dependencies): Autobump spinnakerGradleVersion (#1669)
cleanup(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#1670)
chore(dependencies): Autobump korkVersion (#1672)
fix(retrofit): use OkHttpClient from Kork (#1673)
Migration of various Groovy classes to Java (#1663)
chore(dependencies): Autobump korkVersion (#1675)
chore(dependencies): Autobump korkVersion (#1676)
feat(artifacts): Add new ArtifactStore endpoints (#1674)
refactor(tests): convert junit4 based test cases to junit5 and clean up in gate (#1677)
chore(dependencies): Autobump korkVersion (#1678)
chore(dependencies): Autobump korkVersion (#1679)
chore(dependencies): Autobump spinnakerGradleVersion (#1680)
chore(cleanup): Removing un-implemented dead code (#1681)
chore(dependencies): Autobump korkVersion (#1682)
chore(dependencies): Autobump korkVersion (#1683)
chore(dependencies): Autobump korkVersion (#1684)
chore(dependencies): Autobump korkVersion (#1685)
feat(cdevents-webhooks) : Consume CDEvents webhook API implementation (#1651)
chore(dependencies): Autobump korkVersion (#1692)
chore(dependencies): Autobump korkVersion (#1693)
fix(md): update env model to have post deploy (#1576)
chore(dependencies): Autobump fiatVersion (#1698)
fix(cachingFilter: Allow disabling the content caching filter (#1699) (#1702)
fix: Fix git trigger issue caused by a misconfig of the object mapper when creating the echo retrofit service (#1756) (#1757)

Spinnaker Igor - 1.32.3

chore(dependencies): Autobump korkVersion (#1162)
chore(dependencies): Autobump fiatVersion (#1134)
chore(dependencies): Autobump spinnakerGradleVersion (#1137)
chore(build): upgrade gradle to 7.6.1 (#1135)
chore(dependencies): Autobump korkVersion (#1136)
chore(dependencies): Autobump korkVersion (#1138)
chore(dependencies): Autobump spinnakerGradleVersion (#1139)
chore(dependencies): Autobump spinnakerGradleVersion (#1140)
chore(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#1141)
chore(dependencies): Autobump korkVersion (#1142)
chore(dependencies): Autobump korkVersion (#1144)
chore(dependencies): Autobump korkVersion (#1145)
refactor(tests): convert junit4 based testcases to junit5 and clean up in igor (#1146)
chore(dependencies): Autobump korkVersion (#1147)
chore(dependencies): Autobump korkVersion (#1148)
chore(build): default containers to JRE 17 (#1143)
chore(dependencies): Autobump spinnakerGradleVersion (#1149)
chore(dependencies): Autobump korkVersion (#1150)
chore(dependencies): Autobump korkVersion (#1151)
chore(dependencies): Autobump korkVersion (#1152)
chore(dependencies): Autobump korkVersion (#1153)
chore(dependencies): Autobump korkVersion (#1160)
chore(dependencies): Autobump korkVersion (#1161)
chore(dependencies): Autobump fiatVersion (#1164)
fix(java17): remove long-deprecated import that doesn’t work with JRE17 (#1170) (#1171)
fix(java17): add Jackson converter to RestAdapters to avoid Gson (#1174) (#1176)
fix(java17): stop accessing private fields, run tests using JRE17 (#1173) (#1175)
feat(jenkins): Enable Jenkins job triggers for jobs in sub-folders (#1204) (#1216)

Spinnaker Rosco - 1.32.3

chore(dependencies): Autobump korkVersion (#1014)
chore(dependencies): Autobump korkVersion (#988)
chore(dependencies): Autobump korkVersion (#990)
chore(dependencies): Autobump spinnakerGradleVersion (#991)
chore(build): upgrade gradle to 7.6.1 (#989)
chore(dependencies): Autobump korkVersion (#992)
chore(dependencies): Autobump korkVersion (#993)
chore(dependencies): Autobump spinnakerGradleVersion (#994)
chore(dependencies): Autobump spinnakerGradleVersion (#995)
chore(preview): remove preview feature of version ordering (VERSION_ORDERING_V2) for gradle dependencies (#996)
chore(dependencies): Autobump korkVersion (#997)
chore(dependencies): Autobump korkVersion (#999)
chore(dependencies): Autobump korkVersion (#1000)
feat(artifacts): Add ArtifactStore to rosco (#998)
refactor(tests): convert junit4 based testcases to junit5 and clean up in rosco (#1001)
chore(dependencies): Autobump korkVersion (#1002)
chore(dependencies): Autobump korkVersion (#1003)
feat(manifests/helmfile): add helmfile templating engine (#986)
chore(dependencies): Autobump spinnakerGradleVersion (#1004)
chore(dependencies): Autobump korkVersion (#1005)
chore(dependencies): Autobump korkVersion (#1006)
chore(dependencies): Autobump korkVersion (#1007)
chore(dependencies): Autobump korkVersion (#1008)
chore(dependencies): Autobump korkVersion (#1012)
chore(dependencies): Autobump korkVersion (#1013)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#1020) (#1031)

Continuous-Deployment: v2.31.0 Armory Continuous Deployment Feature Release (Spinnaker™ v1.31.3)

Mon, 11 Dec 2023 00:00:00 +0000

2023/12/05 Release Notes

Note: If you’re experiencing production issues after upgrading Armory CD, roll back to a previous working version and report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.31.0, use Armory Operator 1.8.6 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.30.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0
Kubernetes Custom Resource Status	3.0.x

Known issues

Clouddriver and Spring Cloud

Affected versions: Armory CD 2.30.0 and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

New: doNotEval SPeL expression

This feature introduces a new SpEL doNotEval method that includes the received JSON object with the NotEvaluableExpression class.
The toJson method (and others in the future) do not evaluate expressions and do not throw exceptions for instances of the NotEvaluableExpression class.
See the Spinnaker doc’s doNotEval SPeL expression changelog note for more details regarding this feature flag.

Automatically cancel Jenkins jobs

You now have the ability to cancel triggered Jenkins jobs when a pipeline is canceled, giving you more control over your full Jenkins workflow. Learn more this Spinnaker changelog.

Enhanced BitBucket Server pull request handling

Early access features enabled manually

New: Pipeline Triggers: only cache enabled pipelines with enabled triggers of specific types

New: Option to disable healthcheck for Google provider

Added the option to disable the healthcheck for Google provider similar to AWS and Kubernetes.

Helm parameters

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. Add this block to your orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

In Orca, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

In Deck, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Run Pipelines-as-Code with permissions scoped to a specific service account

Enhancing Pipelines-as-Code to upsert a pipeline using an Orca call instead of a Front50 call, to mimic the calls from Deck. By default, it is disabled. To enable, set the following in dinghy.yml:

upsertPipelineUsingOrcaTaskEnabled: true

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Terraform template fix

Highlighted updates

Spring Boot

Clouddriver

Changed the validation Clouddriver runs before performing operations for the Kubernetes provider. The kinds and omitKinds fields on a Kubernetes account definition no longer restrict what Kubernetes kinds can be deployed by Clouddriver; instead, these fields now only control what kinds Clouddriver caches. Armory CD operators should ensure that Kubernetes RBAC controls are used to restrict what kinds Armory CD can deploy.
Bumped aws-cli to 1.22 to enable FIPS compliance configuration options.

Deck

Added Cloud Run manifest functionality in Deck.
Made the StageFailureMessage component overridable, which enables the ability to override the red error box in the component of a plugin.
Added the ability to allow plugins to provide custom icon components.
- Enables plugins to use the Icon component with a custom icon. Currently the Icon component is limited to only icons defined in iconsByName.
For the Helm bake feature, added additional input fields where the user can fill in details of the API’s versions. These input fields are not be pre-populated with versions of the target cluster available in the environment. They become part of the bake result. Added API_VERSIONS_ENABLED env variable flag.

Echo

Added a new configuration flag: pipelineCache.filterFront50Pipelines that defaults to false. When false, Echo caches all pipelines Front50. When true, it only caches enabled pipelines with enabled triggers of specific types. – The types that Echo knows how to trigger, along with some changes to the logic for handling manual executions so they continue to function. This is typically a very small subset of all pipelines.

Fiat

Added the ability to register SpinnakerRetrofitErrorHandler with each Retrofit.RestAdapter and replaces each RetrofitError catch block with a catch-block using SpinnakerServerException or the appropriate subclass. This change does not alter any of this service’s behavior, it merely allows error messages to surface even when the error was thrown in a microservice more than one network call from the service in which the request originated. This is part of an effort to consume SpinnakerRetrofitErrorHandler in each Spinnaker microservice, as detailed in this Github issue.

Front50

Added optional query params to the GET /pipelines endpoint.
Return all pipelines triggered when the given pipeline configuration ID completes with the given status. Initially used in this PR.
Added three new config flags to each object type under service-storage.
- Two of the three are performance improvements which you can read about in the Spinnaker 1.31.0 changelog

Kayenta

Added a storage service migrator.
- Added the ability to migrate account credentials and account configurations data from S3/GCS to MySQL/PostgreSQL and vice versa
- See the PR comment for instructions on how to use these properties (in kayenta-local.yml) to enable the data migration and MySQL or PostgreSQL data source.

Orca

Added a new configuration flag: front50.useTriggeredByEndpoint that defaults to false. When false, Orca queries Front50 for all pipelines each time a pipeline execution completes. When true, Orca only queries for pipelines triggered when a specific pipeline completes which is potentially a very small subset of all pipelines.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.31.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 1db66b13244c3d25b48e767992c5bb7730772271
version: 2.31.0
deck:
commit: 1dd95e4ef5ed631f24253bf917200c3cf52655af
version: 2.31.0
dinghy:
commit: 362913af0c5d00eee5ea3b157274cabbef920c43
version: 2.31.0
echo:
commit: a700e1233d1eca8642b54413c87860737662d4c2
version: 2.31.0
fiat:
commit: f1079f69f0184aae517680c48283cf9a52c9cf26
version: 2.31.0
front50:
commit: 5db553c003950174757e6438ba024b6a4b51c9ed
version: 2.31.0
gate:
commit: 1a4fc24d3d4870c375f6bc10fe6892c6b39a789e
version: 2.31.0
igor:
commit: e94591b4172e7d75ce94db23ebed5deb756af92d
version: 2.31.0
kayenta:
commit: 4a528f19b704cc0f25295daef56d27b78a84a25e
version: 2.31.0
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: b1a6fe2247ef18f6239b3ab90b101197c57314c4
version: 2.31.0
rosco:
commit: a30386ed64ae490e4788fe80b453528731a923bd
version: 2.31.0
terraformer:
commit: 50082463ccd180cb4763078671a105ab70dee5e6
version: 2.31.0
timestamp: "2023-11-23 15:13:30"
version: 2.31.0

Armory

Armory Gate - 2.30.0…2.31.0

chore(cd): update armory-commons version to 3.13.3 (#559)
fix(tests): Fix JUnit tests (#558)
chore(cd): update base service version to gate:2023.04.07.01.27.28.release-1.30.x (#553)
chore(cd): update armory-commons version to 3.13.2 (#554)
chore(cd): update armory-commons version to 3.13.1 (#537)
revert(header): update plugins.json with newest header version (#484)
chore(cd): update base service version to gate:2023.04.17.18.59.00.master (#557)
chore(cd): update base service version to gate:2023.05.02.16.41.37.master (#560)
chore(cd): update base service version to gate:2023.05.02.16.49.52.master (#561)
chore(cd): update base service version to gate:2023.05.12.14.58.29.master (#562)
chore(cd): update base service version to gate:2023.05.18.17.05.02.master (#564)
chore(cd): update base service version to gate:2023.05.25.21.38.35.master (#565)
chore(cd): update base service version to gate:2023.06.02.20.01.30.master (#566)
chore(cd): update base service version to gate:2023.06.05.20.11.44.master (#567)
chore(cd): update base service version to gate:2023.06.12.23.37.52.master (#568)
chore(cd): update base service version to gate:2023.06.13.05.17.05.master (#569)
chore(cd): update base service version to gate:2023.06.16.09.48.18.master (#570)
chore(cd): update base service version to gate:2023.06.17.10.05.03.master (#571)
chore(cd): update base service version to gate:2023.06.26.17.12.12.master (#572)
chore(cd): update base service version to gate:2023.06.28.20.06.44.master (#573)
chore(armory-commons): upgrading armory-commons to 3.14.0-rc.3 (#583)
chore(cd): update armory-commons version to 3.14.2 (#586)
chore(cd): update base service version to gate:2023.08.28.17.15.40.release-1.31.x (#600)
chore(cd): update base service version to gate:2023.08.29.05.01.02.release-1.31.x (#604)
fix: esapi CVE scan report (#602) (#605)
chore(cd): update base service version to gate:2023.09.01.15.43.46.release-1.31.x (#607)
chore(ci): removed aquasec scan action (#616) (#621)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#640) (#641)

Armory Front50 - 2.30.0…2.31.0

chore(cd): update base service version to front50:2023.05.22.19.11.48.release-1.30.x (#548)
chore(cd): update armory-commons version to 3.13.3 (#538)
chore(cd): update base service version to front50:2023.04.27.18.45.08.release-1.30.x (#541)
chore(cd): update armory-commons version to 3.13.2 (#533)
chore(cd): update armory-commons version to 3.13.1 (#514)
chore(cd): update base service version to front50:2023.04.07.01.28.32.release-1.30.x (#532)
chore(dockerfile): upgrade to latest alpine image (#434)
chore(cd): update base service version to front50:2023.04.05.11.05.16.master (#529)
chore(cd): update base service version to front50:2023.04.21.14.37.41.master (#540)
chore(cd): update base service version to front50:2023.05.02.05.06.08.master (#542)
chore(armory-commons): upgrading armory-commons to 3.14.0-rc.3 (#564)
chore(cd): update base service version to front50:2023.07.18.21.40.31.master (#563)
chore(cd): update armory-commons version to 3.14.2 (#567)
chore(cd): update base service version to front50:2023.08.28.17.17.25.release-1.31.x (#580)
chore(cd): update base service version to front50:2023.08.29.04.59.48.release-1.31.x (#581)
chore(cd): update base service version to front50:2023.09.05.18.25.32.release-1.31.x (#584)
chore(ci): removed aquasec scan action (#590) (#593)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#612) (#613)

Armory Rosco - 2.30.0…2.31.0

chore(cd): update armory-commons version to 3.13.3 (#528)
chore(cd): update base service version to rosco:2023.04.05.11.40.04.release-1.30.x (#523)
chore(cd): update armory-commons version to 3.13.1 (#508)
feat(dockerfile): add Kustomize 4 to Dockerfiles (#434)
fix(rosco): added missing rosco-core dependency and upgrading embedded redis for tests (#456)
chore(packer): copied templates and config from oss (#457)
chore(cd): update base service version to rosco:2022.11.10.16.54.39.master (#458)
chore(cd): update base service version to rosco:2022.11.15.19.33.07.master (#459)
chore(cd): update base service version to rosco:2022.11.16.17.50.30.master (#460)
chore(cd): update base service version to rosco:2022.11.17.15.34.54.master (#461)
chore(cd): update base service version to rosco:2022.11.18.18.20.19.master (#462)
chore(cd): update base service version to rosco:2022.11.19.01.16.08.master (#463)
chore(cd): update base service version to rosco:2022.11.19.16.30.34.master (#464)
chore(cd): update base service version to rosco:2022.11.22.14.31.01.master (#466)
chore(azure): copying config from oss, upgrading centos (#465)
chore(cd): update base service version to rosco:2022.11.24.15.56.54.master (#469)
chore(cd): update base service version to rosco:2022.12.08.14.30.19.master (#472)
chore(cd): update base service version to rosco:2022.12.08.20.50.39.master (#473)
chore(cd): update base service version to rosco:2022.12.09.00.48.23.master (#476)
chore(cd): update base service version to rosco:2022.12.09.02.57.42.master (#477)
chore(cd): update base service version to rosco:2022.12.09.06.01.36.master (#478)
chore(cd): update base service version to rosco:2022.12.09.17.27.05.master (#479)
fix(build): Add javax.validation dependency (#480)
chore(cd): update base service version to rosco:2022.12.15.16.52.34.master (#481)
chore(cd): update base service version to rosco:2022.12.22.04.48.59.master (#482)
chore(cd): update base service version to rosco:2023.01.12.21.47.32.master (#485)
chore(cd): update base service version to rosco:2023.01.23.17.14.17.master (#487)
chore(cd): update base service version to rosco:2023.01.27.00.40.58.master (#488)
chore(cd): update base service version to rosco:2023.01.30.16.28.07.master (#489)
chore(cd): update base service version to rosco:2023.02.08.19.46.54.master (#490)
chore(cd): update base service version to rosco:2023.02.08.22.19.58.master (#491)
chore(cd): update base service version to rosco:2023.02.08.23.30.28.master (#492)
chore(cd): update base service version to rosco:2023.02.09.00.57.01.master (#493)
chore(cd): update base service version to rosco:2023.02.09.06.34.37.master (#494)
chore(cd): update base service version to rosco:2023.02.16.16.48.52.master (#495)
chore(cd): update base service version to rosco:2023.02.20.19.50.47.master (#496)
chore(cd): update armory-commons version to 3.9.5 (#505)
chore(armory-commons): upgrading armory-commons to 3.14.0-rc.3 (#549)
chore(cd): update armory-commons version to 3.14.2 (#552)
chore(ci): removed aquasec scan action (#565) (#567)
chore(cd): update base service version to rosco:2023.08.28.17.15.52.release-1.31.x (#562)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #584) (#587)
chore(cd): update base service version to rosco:2023.10.18.06.02.57.release-1.31.x (#590)

Terraformer™ - 2.30.0…2.31.0

chore(alpine): Update alpine version (#497)
chore(ci): removing aquasec scans on push (#517) (#518)
chore(ci): removed aquasec scan action (#510) (#511)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #525) (#526)
Minor changes for Terraform tag name (#527) (#528)
fix(cd): Fix terraform build fail (#529) (#530)
Fix build cd artifact erro, no space lef on the device (#531) (#532)

Armory Clouddriver - 2.30.0…2.31.0

chore(cd): update base service version to clouddriver:2023.05.30.19.45.40.release-1.30.x (#882)
chore(cd): update armory-commons version to 3.13.5 (#874)
chore(cd): update armory-commons version to 3.13.4 (#869)
chore(cd): update armory-commons version to 3.13.3 (#867)
chore(cd): update armory-commons version to 3.13.2 (#861)
chore(cd): update base service version to clouddriver:2023.04.07.02.16.05.release-1.30.x (#860)
chore(cd): update base service version to clouddriver:2023.04.06.10.03.44.release-1.30.x (#859)
chore(cd): update base service version to clouddriver:2023.04.05.14.02.06.release-1.30.x (#856)
chore(cd): update base service version to clouddriver:2023.03.24.23.48.26.release-1.30.x (#839)
chore(cd): update armory-commons version to 3.13.1 (#837)
chore(cd): update base service version to clouddriver:2023.03.18.00.04.47.master (#818)
chore(cd): update base service version to clouddriver:2023.03.21.00.31.33.master (#819)
chore(cd): update base service version to clouddriver:2023.03.21.19.49.36.master (#820)
chore(cd): update base service version to clouddriver:2023.03.22.20.00.03.master (#824)
chore(cd): update base service version to clouddriver:2023.03.23.21.01.03.master (#827)
chore(cd): update base service version to clouddriver:2023.03.24.23.48.26.master (#828)
chore(cd): update base service version to clouddriver:2023.03.29.20.10.21.master (#834)
chore(cd): update base service version to clouddriver:2023.03.30.15.20.14.master (#835)
chore(cd): update base service version to clouddriver:2023.03.30.16.52.08.master (#838)
chore(cd): update base service version to clouddriver:2023.03.31.19.56.29.master (#840)
chore(cd): update base service version to clouddriver:2023.03.31.22.03.23.master (#841)
chore(cd): update base service version to clouddriver:2023.03.31.22.50.54.master (#842)
chore(cd): update base service version to clouddriver:2023.04.01.00.13.01.master (#843)
chore(cd): update base service version to clouddriver:2023.04.01.03.32.05.master (#845)
chore(cd): update base service version to clouddriver:2023.04.01.04.39.47.master (#846)
chore(cd): update base service version to clouddriver:2023.04.01.05.26.14.master (#847)
chore(cd): update base service version to clouddriver:2023.04.01.06.46.40.master (#848)
chore(cd): update base service version to clouddriver:2023.04.02.04.27.18.master (#849)
chore(cd): update base service version to clouddriver:2023.04.02.05.24.21.master (#850)
chore(cd): update base service version to clouddriver:2023.04.02.06.10.44.master (#851)
chore(cd): update base service version to clouddriver:2023.04.03.15.54.26.master (#852)
chore(cd): update base service version to clouddriver:2023.04.03.17.05.33.master (#853)
Bumped aws-cli to 1.22 for FIPS compliance (#854)
chore(cd): update base service version to clouddriver:2023.04.05.11.43.53.master (#855)
chore(cd): update base service version to clouddriver:2023.04.05.21.36.10.master (#857)
chore(cd): update base service version to clouddriver:2023.04.17.19.36.00.master (#865)
chore(cd): update base service version to clouddriver:2023.05.02.05.46.22.master (#871)
chore(cd): update base service version to clouddriver:2023.05.04.00.42.22.master (#872)
chore(cd): update base service version to clouddriver:2023.05.11.19.04.48.master (#873)
chore(cd): update base service version to clouddriver:2023.05.18.17.41.51.master (#875)
chore(cd): update base service version to clouddriver:2023.05.19.23.07.09.master (#876)
chore(cd): update base service version to clouddriver:2023.05.25.22.18.08.master (#877)
chore(cd): update base service version to clouddriver:2023.05.30.17.49.03.master (#879)
chore(cd): update base service version to clouddriver:2023.06.02.19.20.42.master (#884)
chore(cd): update base service version to clouddriver:2023.06.05.20.51.02.master (#885)
chore(cd): update armory-commons version to 3.14.2 (#911)
chore(cd): update base service version to clouddriver:2023.07.21.18.25.26.release-1.31.x (#915)
fix: AWS CLI pip installation (#918) (#924)
chore(cd): update base service version to clouddriver:2023.08.28.14.14.40.release-1.31.x (#939)
chore(cd): update base service version to clouddriver:2023.08.28.17.52.39.release-1.31.x (#941)
chore(cd): update base service version to clouddriver:2023.08.29.05.45.59.release-1.31.x (#942)
chore(cd): update base service version to clouddriver:2023.09.08.18.30.47.release-1.31.x (#968)
chore(cd): update base service version to clouddriver:2023.09.20.19.42.06.release-1.31.x (#981)
chore(ci): removed aquasec scan action (#971) (#982)
fix: CVE-2023-37920 (#977) (#993)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #999) (#1004)
chore(cd): update base service version to clouddriver:2023.11.20.21.43.26.release-1.31.x (#1030)
chore(cd): update base service version to clouddriver:2023.11.22.08.49.50.release-1.31.x (#1037)

Dinghy™ - 2.30.0…2.31.0

chore(ci): removed aquasec scan action (#489) (#491)
chore(ci): removing aquasec scans for any push (#497) (#498)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #504) (#511)
fix: Builds (#512) (#515)

Armory Fiat - 2.30.0…2.31.0

fix(okhttp): Decrypt properties before creating client. (#501)
chore(cd): update base service version to fiat:2023.07.21.15.45.35.release-1.30.x (#496)
chore(cd): update armory-commons version to 3.13.5 (#478)
chore(cd): update armory-commons version to 3.13.3 (#475)
chore(cd): update armory-commons version to 3.13.2 (#471)
chore(cd): update base service version to fiat:2023.04.05.11.36.40.release-1.30.x (#470)
chore(cd): update armory-commons version to 3.13.1 (#456)
chore(cd): update base service version to fiat:2023.02.20.19.50.58.master (#437)
chore(armory-commons): upgrading armory-commons to 3.14.0-rc.3 (#497)
chore(cd): update armory-commons version to 3.14.2 (#500)
fix(okhttp): Decrypt properties before creating client. (#501) (#504)
chore(ci): removed aquasec scan action (#523) (#525)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#540) (#541)
chore(cd): update base service version to fiat:2023.08.28.17.11.42.release-1.31.x (#519)

Armory Igor - 2.30.0…2.31.0

chore(cd): update armory-commons version to 3.13.3 (#452)
chore(cd): update armory-commons version to 3.13.2 (#449)
chore(cd): update base service version to igor:2023.04.07.01.27.38.release-1.30.x (#448)
chore(cd): update armory-commons version to 3.13.1 (#431)
chore(cd): update base service version to igor:2022.09.14.15.59.58.master (#368)
chore(cd): update armory-commons version to 3.14.2 (#475)
chore(ci): removed aquasec scan action (#495) (#507)
chore(feat): Support ARM with docker buildx - SAAS-1953 (#524) (#525)
fix: NoSuchMethodError exception in JenkinsClient. (#377) (#529)
chore(cd): update base service version to igor:2023.08.29.04.59.43.release-1.31.x (#488)

Armory Echo - 2.30.0…2.31.0

chore(cd): update armory-commons version to 3.13.5 (#583)
chore(cd): update armory-commons version to 3.13.4 (#580)
chore(cd): update armory-commons version to 3.13.3 (#578)
chore(cd): update armory-commons version to 3.13.2 (#575)
chore(cd): update base service version to echo:2023.04.07.01.30.15.release-1.30.x (#573)
chore(cd): update base service version to echo:2023.04.05.11.38.02.release-1.30.x (#572)
chore(cd): update armory-commons version to 3.13.1 (#558)
chore(cd): update base service version to echo:2023.02.20.21.09.15.master (#539)
chore(cd): update armory-commons version to 3.14.2 (#601)
chore(ci): removed aquasec scan action (#618) (#621)
chore(cd): update base service version to echo:2023.08.29.05.00.24.release-1.31.x (#612)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #637) (#640)
fix: Upgrade grpc-netty-shaded to address the service initialization failure issue. (#647) (#648)

Armory Kayenta - 2.30.0…2.31.0

chore(cd): update armory-commons version to 3.13.5 (#439)
fix: Remove whitespace when defining spring properties (#437) (#438)
fix(config): add missing exclude spring config (#435) (#436)
fix: Update path of main class. (#432)
chore(refactoring): refactored setting default system properties (#429)
chore(cd): update armory-commons version to 3.13.3 (#428)
chore(cd): update base service version to kayenta:2023.04.13.23.42.23.release-1.30.x (#427)
chore(cd): update armory-commons version to 3.13.2 (#424)
chore(cd): update base service version to kayenta:2023.01.24.16.10.35.master (#387)
fix: Update path of main class. (#432) (#433)
fix(config): add missing exclude spring config (#435)
fix: Remove whitespace when defining spring properties (#437)
chore(cd): update armory-commons version to 3.14.2 (#456)
chore(ci): removed aquasec scan action (#469) (#470)
Update buildx for build gradle and action workflow (#484) (#485)
chore(cd): update base service version to kayenta:2023.08.29.15.29.59.release-1.31.x (#464)

Armory Deck - 2.30.0…2.31.0

chore(cd): update base deck version to 2023.0.0-20230621174859.release-1.30.x (#1335)
chore(cd): update base deck version to 2023.0.0-20230321144223.release-1.30.x (#1331)
chore(cd): update base deck version to 2023.0.0-20230220132814.master (#1300)
chore(alpine): Upgrade alpine version (#1302)
chore(cd): update base deck version to 2023.0.0-20230308202716.master (#1305)
chore(cd): update base deck version to 2023.0.0-20230309231023.master (#1306)
chore(cd): update base deck version to 2023.0.0-20230310120132.master (#1307)
chore(cd): update base deck version to 2023.0.0-20230315120430.master (#1308)
chore(cd): update base deck version to 2023.0.0-20230321144223.master (#1309)
chore(cd): update base deck version to 2023.0.0-20230329194405.master (#1310)
chore(cd): update base deck version to 2023.0.0-20230330162636.master (#1311)
chore(cd): update base deck version to 2023.0.0-20230331215046.master (#1312)
chore(cd): update base deck version to 2023.0.0-20230331223352.master (#1313)
chore(cd): update base deck version to 2023.0.0-20230331235900.master (#1317)
chore(cd): update base deck version to 2023.0.0-20230401002322.master (#1318)
chore(build): only run security scans on PR merge (#1319)
chore(cd): update base deck version to 2023.0.0-20230401030506.master (#1320)
chore(cd): update base deck version to 2023.0.0-20230402044748.master (#1322)
chore(cd): update base deck version to 2023.0.0-20230402051752.master (#1323)
chore(cd): update base deck version to 2023.0.0-20230402053723.master (#1324)
chore(cd): update base deck version to 2023.0.0-20230403112432.master (#1325)
chore(ci): removed aquasec scan action (#1340) (#1344)
chore(alpine): Fix Deck to support ARM processor - SAAS-1953 (backport #1341) (#1355)
fix(action): upgrade node version to match OSS (#1356) (#1357)
chore(cd): update base deck version to 2023.0.0-20231018060056.release-1.31.x (#1361)
chore(cd): update base deck version to 2023.0.0-20231024154256.release-1.31.x (#1363)

Armory Orca - 2.30.0…2.31.0

chore(cd): update base orca version to 2023.06.29.14.44.25.release-1.30.x (#658)
chore(cd): update base orca version to 2023.06.20.15.55.26.release-1.30.x (#656)
chore(cd): update base orca version to 2023.05.18.14.27.05.release-1.30.x (#644)
chore(cd): update armory-commons version to 3.13.5 (#642)
chore(cd): update armory-commons version to 3.13.4 (#637)
chore(cd): update armory-commons version to 3.13.3 (#635)
chore(build): Backport missing build changes (#634)
chore(cd): update armory-commons version to 3.13.2 (#630)
chore(cd): update base orca version to 2023.04.07.01.52.33.release-1.30.x (#629)
chore(cd): update armory-commons version to 3.13.1 (#613)
chore(cd): update base orca version to 2022.04.01.22.15.58.master (#459)
chore(cd): update armory-commons version to 3.14.2 (#671)
chore(cd): update base orca version to 2023.07.21.15.43.04.release-1.31.x (#675)
chore(cd): update base orca version to 2023.08.28.20.04.29.release-1.31.x (#687)
chore(cd): update base orca version to 2023.08.29.05.07.45.release-1.31.x (#688)
chore(ci): removed aquasec scan action (#695) (#705)
chore(cd): update base orca version to 2023.09.22.14.30.27.release-1.31.x (#711)
chore(cd): update base orca version to 2023.09.22.18.05.39.release-1.31.x (#714)
chore(ci): removing docker build and aquasec scans (#715)
fix(terraformer): Ignoring logs from the Terraformer stage context (#740) (#742)
chore(cd): update base orca version to 2023.10.10.16.08.51.release-1.31.x (#743)
fix(ci): added release.version to docker build (#745)
chore(feat): Support ARM with docker buildx - SAAS-1953 (backport #704) (#746)
chore(cd): update base orca version to 2023.10.18.06.01.58.release-1.31.x (#751)
chore(cd): update base orca version to 2023.11.06.18.16.18.release-1.31.x (#763)
chore(cd): update base orca version to 2023.11.07.16.19.53.release-1.31.x (#765)
chore(build): trigger 2.31.x build (#777)

Spinnaker

Spinnaker Gate - 1.31.3

chore(dependencies): Autobump korkVersion (#1649)
chore(dependencies): Autobump fiatVersion (#1630)
chore(dependencies): Autobump spinnakerGradleVersion (#1634)
chore(dependencies): Autobump fiatVersion (#1635)
chore(gha): update to docker/login-action@v2 to stay up to date (#1636)
chore(dependencies): Autobump korkVersion (#1637)
chore(dependencies): Autobump fiatVersion (#1638)
feat(gha): configure dependabot to keep github actions up to date (#1639)
chore(deps): bump google-github-actions/auth from 0 to 1 (#1641)
chore(deps): bump actions/checkout from 2 to 3 (#1642)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#1644)
chore(deps): bump docker/build-push-action from 3 to 4 (#1640)
chore(deps): bump actions/setup-java from 2 to 3 (#1643)
chore(gha): replace action for creating github releases (#1645)
chore(gha): replace deprecated set-output commands with environment files (#1646)
chore(dependencies): Autobump korkVersion (#1647)
chore(dependencies): Autobump korkVersion (#1648)
chore(dependencies): Autobump korkVersion (#1652)
fix(web/test): move GateConfigAuthenticatedRequestFilterTest out of the com.netflix.spinnaker.gate.config package (#1655)
chore(dependencies): Autobump korkVersion (#1654)
fix(web/test): remove race in FunctionalSpec (#1657)
chore(dependencies): Autobump spinnakerGradleVersion (#1658)
chore(dependencies): Autobump korkVersion (#1659)
chore(dependencies): Autobump korkVersion (#1661)
chore(dependencies): Autobump fiatVersion (#1662)
chore(dependencies): Autobump korkVersion (#1695)
chore(dependencies): Autobump fiatVersion (#1697)
fix(cachingFilter: Allow disabling the content caching filter (#1699) (#1701)

Spinnaker Front50 - 1.31.3

fix(validator): Fix NPE when traffic management is not defined in a deployment manifest (#1253) (#1254)
chore(dependencies): Autobump fiatVersion (#1248)
chore(dependencies): don’t create an autobump PR for halyard on a front50 release branch (#1115) (#1247)
chore(dependencies): Autobump korkVersion (#1246)
chore(dependencies): Autobump fiatVersion (#1225)
chore(dependencies): Autobump spinnakerGradleVersion (#1229)
chore(dependencies): Autobump fiatVersion (#1230)
chore(gha): update to docker/login-action@v2 to stay up to date (#1231)
chore(dependencies): Autobump korkVersion (#1232)
chore(dependencies): Autobump fiatVersion (#1233)
feat(gha): configure dependabot to keep github actions up to date (#1234)
chore(deps): bump actions/checkout from 2 to 3 (#1235)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#1238)
chore(deps): bump peter-evans/repository-dispatch from 1 to 2 (#1236)
chore(deps): bump docker/build-push-action from 3 to 4 (#1237)
chore(deps): bump actions/setup-java from 2 to 3 (#1239)
chore(gha): replace action for creating github releases (#1240)
chore(deps): bump google-github-actions/auth from 0 to 1 (#1242)
chore(dependencies): Autobump korkVersion (#1243)
chore(dependencies): Autobump korkVersion (#1244)
chore(gha): replace deprecated set-output commands with environment files (#1241)
chore(dependencies): Autobump korkVersion (#1245)
chore(dependencies): Autobump korkVersion (#1250)
feat(core + sql): Optimize cache refresh (#1249)
feat(pipelines): add new GET /pipelines/triggeredBy/{id:.+}/{status} endpoint (#1251)
feat(web): add optional query params to the GET /pipelines endpoint (#1252)
fix(validator): Fix NPE when traffic management is not defined in a deployment manifest (#1253)
chore(dependencies): Autobump korkVersion (#1255)
perf(sql): add index on last_modified_at (#1256)
chore(dependencies): Autobump spinnakerGradleVersion (#1258)
refactor(deprecation): remove deprecated gradle constructs/features from front50 in order to upgrade gradle 7 (#1257)
fix(migrations): do not migrate redblack pipelines without stages (#1259)
chore(dependencies): Autobump korkVersion (#1262)
chore(dependencies): Autobump korkVersion (#1263)
chore(dependencies): Autobump fiatVersion (#1264)
fix(web): check trigger.getType() for null before invoking equals method (#1277) (#1278)
fix(core): tolerate items with null ids (#1276) (#1280)
fix(core): skip existing items with null ids in StorageServiceSupport.fetchAllItemsOptimized (#1279) (#1281)
chore(dependencies): Autobump korkVersion (#1299)
chore(dependencies): Autobump fiatVersion (#1300)
fix(dependency): fix dependency version leak of google-api-services-storage from kork in front50-web (#1302) (#1384)

Spinnaker Rosco - 1.31.3

fix(manifests/test): add org.junit.jupiter:junit-jupiter-engine as a test runtime dependency (#963)
chore(dependencies): Autobump spinnakerGradleVersion (#964)
chore(gha): update to docker/login-action@v2 to stay up to date (#965)
chore(gha): replace action for creating github releases (#966)
fix(gha): remove empty env block (#967)
fix(gha): remove refs/tags from github release names (#968)
chore(gha): use checkout@v3 to stay up to date (#969)
feat(gha): configure dependabot to keep github actions up to date (#970)
chore(deps): bump google-github-actions/auth from 0 to 1 (#972)
chore(deps): bump docker/build-push-action from 3 to 4 (#973)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#971)
chore(dependencies): Autobump korkVersion (#974)
chore(dependencies): Autobump korkVersion (#975)
chore(dependencies): Autobump korkVersion (#976)
chore(dependencies): Autobump korkVersion (#977)
refactor(retrofit2): Use retrofit2.x client instead of retrofit1.9 for artifact fetch from clouddriver (#953)
refactor(web/test): V2BakeryControllerWithClouddriverServiceTest cleanup (#979)
chore(dependencies): Autobump korkVersion (#981)
refactor(retrofit2): use retrofit2 client to clouddriver API calls instead of retrofit1.9 (#980)
chore(dependencies): Autobump korkVersion (#982)
refactor(manifests): use new methods in manifest exception handling (#983)
chore(dependencies): Autobump spinnakerGradleVersion (#985)
chore(dependencies): Autobump korkVersion (#987)
chore(dependencies): Autobump korkVersion (#988)
chore(dependencies): Autobump korkVersion (#1014)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#1020) (#1030)

Spinnaker Clouddriver - 1.31.3

chore(dependencies): Autobump fiatVersion (#5943)
fix(metrics): revert metric names to pre-Java (#5936) (#5942)
chore(dependencies): don’t create an autobump PR for halyard on a clouddriver release branch (#5677) (#5939)
chore(dependencies): Autobump korkVersion (#5938)
chore(dependencies): Autobump fiatVersion (#5912)
chore(dependencies): Autobump spinnakerGradleVersion (#5918)
chore(dependencies): Autobump fiatVersion (#5919)
chore(gha): update to docker/login-action@v2 to stay up to date (#5920)
chore(dependencies): Autobump korkVersion (#5921)
chore(dependencies): Autobump fiatVersion (#5922)
feat(gha): configure dependabot to keep github actions up to date (#5923)
chore(deps): bump actions/cache from 2 to 3 (#5926)
chore(deps): bump actions/checkout from 2 to 3 (#5924)
chore(gha): replace action for creating github releases (#5929)
chore(deps): bump peter-evans/repository-dispatch from 1 to 2 (#5925)
chore(deps): bump actions/setup-java from 2 to 3 (#5928)
chore(deps): bump docker/build-push-action from 3 to 4 (#5927)
chore(gha): replace deprecated set-output commands with environment files (#5930)
chore(deps): bump github/codeql-action from 1 to 2 (#5932)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#5931)
chore(deps): bump google-github-actions/auth from 0 to 1 (#5933)
chore(dependencies): Autobump korkVersion (#5934)
chore(dependencies): Autobump korkVersion (#5935)
chore(dependencies): Autobump korkVersion (#5937)
fix(metrics): revert metric names to pre-Java (#5936)
chore(dependencies): Autobump korkVersion (#5944)
chore(dependencies): Autobump korkVersion (#5946)
fix(aws): standardize retry logic in LocalFileUserDataProvider.isLegacyUdf (#5947)
feat(kubernetes): skip checking and allow operations on all kinds (#5949)
chore(dependencies): Autobump spinnakerGradleVersion (#5951)
refactor(deprecation): remove deprecated gradle constructs/features from clouddriver in order to upgrade gradle 7 (#5950)
chore(dependencies): Autobump korkVersion (#5952)
fix(aws): ECS Service Tagging broken (#5954)
chore(dependencies): Autobump korkVersion (#5961)
chore(dependencies): Autobump fiatVersion (#5962)
fix(gce): remove the duplicate cache attribute “subnet” and update the test (#5977) (#5984)
fix(builds): Backport flag for installing aws cli (#6009)
chore(dependencies): Autobump korkVersion (#6010)
chore(dependencies): Autobump fiatVersion (#6011)
fix: Fix docker build in GHA by removing some of the GHA tools (#6033) (#6036)
fix(lambda): Lambda is leaking threads on agent refreshes. remove the custom threadpool (#6048) (#6049)
fix(cats): passing incorrect redis config into interval provider (#6105) (#6108)
feat(gcp): provide a configurable option to bypass gcp account health check. (backport #6093) (#6097)

Spinnaker Fiat - 1.31.3

chore(dependencies): Autobump korkVersion (#1050)
chore(dependencies): Autobump korkVersion (#1033)
chore(dependencies): Autobump spinnakerGradleVersion (#1035)
feat(exceptions): Add SpinnakerRetrofitErrorHandler and replace RetrofitError catch blocks (#1034)
chore(gha): update to docker/login-action@v2 to stay up to date (#1036)
chore(dependencies): Autobump korkVersion (#1037)
feat(gha): configure dependabot to keep github actions up to date (#1038)
chore(deps): bump actions/setup-java from 2 to 3 (#1039)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#1040)
chore(deps): bump actions/checkout from 2 to 3 (#1043)
chore(deps): bump peter-evans/repository-dispatch from 1 to 2 (#1041)
chore(deps): bump google-github-actions/auth from 0 to 1 (#1042)
chore(gha): replace action for creating github releases (#1044)
chore(gha): replace deprecated set-output commands with environment files (#1045)
chore(deps): bump docker/build-push-action from 3 to 4 (#1046)
chore(dependencies): Autobump korkVersion (#1047)
chore(dependencies): Autobump korkVersion (#1048)
chore(dependencies): Autobump korkVersion (#1049)
chore(dependencies): Autobump korkVersion (#1051)
chore(dependencies): Autobump korkVersion (#1052)
chore(dependencies): Autobump spinnakerGradleVersion (#1054)
refactor(test): prefix redis:5-alpine images with library/ (#1055)
chore(dependencies): Autobump korkVersion (#1056)
chore(dependencies): Autobump korkVersion (#1057)
fix(roles-sync): fix CallableCache’s NPE exception for caching synchronization strategy (#1077) (#1081)
fix(ssl): Removed unused deprecated okHttpClientConfig from retrofitConfig. (#1082) (#1092)
chore(dependencies): Autobump korkVersion (#1095)

Spinnaker Igor - 1.31.3

chore(dependencies): Autobump korkVersion (#1120)
chore(dependencies): Autobump fiatVersion (#1099)
chore(dependencies): Autobump spinnakerGradleVersion (#1103)
chore(dependencies): Autobump fiatVersion (#1105)
chore(gha): update to docker/login-action@v2 to stay up to date (#1106)
chore(dependencies): Autobump korkVersion (#1107)
chore(dependencies): Autobump fiatVersion (#1108)
feat(gha): configure dependabot to keep github actions up to date (#1109)
chore(deps): bump actions/setup-java from 2 to 3 (#1111)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#1110)
chore(deps): bump google-github-actions/auth from 0 to 1 (#1112)
chore(deps): bump docker/build-push-action from 2 to 4 (#1114)
chore(deps): bump actions/checkout from 2 to 3 (#1113)
chore(gha): replace action for creating github releases (#1115)
chore(gha): replace deprecated set-output commands with environment files (#1116)
chore(dependencies): Autobump korkVersion (#1117)
chore(dependencies): Autobump korkVersion (#1118)
chore(dependencies): Autobump korkVersion (#1119)
chore(dependencies): Autobump korkVersion (#1122)
chore(dependencies): Autobump korkVersion (#1123)
chore(dependencies): Autobump spinnakerGradleVersion (#1127)
feat(travis): Add another Travis termination string (#1131)
chore(dependencies): Autobump korkVersion (#1132)
chore(dependencies): Autobump korkVersion (#1133)
chore(dependencies): Autobump fiatVersion (#1134)
chore(dependencies): Autobump korkVersion (#1162)
chore(dependencies): Autobump fiatVersion (#1163)

Spinnaker Echo - 1.31.3

chore(dependencies): Autobump korkVersion (#1288)
chore(dependencies): Autobump fiatVersion (#1268)
chore(dependencies): Autobump spinnakerGradleVersion (#1272)
chore(dependencies): Autobump fiatVersion (#1273)
chore(gha): update to docker/login-action@v2 to stay up to date (#1274)
chore(dependencies): Autobump korkVersion (#1275)
chore(dependencies): Autobump fiatVersion (#1276)
feat(gha): configure dependabot to keep github actions up to date (#1277)
chore(deps): bump docker/build-push-action from 2 to 4 (#1279)
chore(deps): bump google-github-actions/auth from 0 to 1 (#1280)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#1278)
chore(deps): bump actions/setup-java from 2 to 3 (#1282)
chore(deps): bump actions/checkout from 2 to 3 (#1281)
chore(gha): replace action for creating github releases (#1283)
chore(gha): replace deprecated set-output commands with environment files (#1284)
chore(dependencies): Autobump korkVersion (#1285)
chore(dependencies): Autobump korkVersion (#1286)
chore(dependencies): Autobump korkVersion (#1287)
chore(dependencies): Autobump korkVersion (#1291)
feat(pipelinetriggers): only cache enabled pipelines with enabled triggers of specific types (#1292)
chore(dependencies): Autobump korkVersion (#1293)
chore(dependencies): Autobump spinnakerGradleVersion (#1296)
chore(dependencies): Autobump korkVersion (#1297)
chore(dependencies): Autobump korkVersion (#1298)
chore(dependencies): Autobump fiatVersion (#1299)
fix(gha): Fix github status log and add tests (#1316) (#1318)
chore(dependencies): Autobump korkVersion (#1333)
chore(dependencies): Autobump fiatVersion (#1334)

Spinnaker Kayenta - 1.31.3

fix(signalfx): Fixed metric type missing due to duplicated field from parent class (#957) (#958)
chore(dependencies): Autobump orcaVersion (#956)
chore(dependencies): Autobump orcaVersion (#941)
chore(dependencies): Autobump spinnakerGradleVersion (#945)
chore(gha): update to docker/login-action@v2 to stay up to date (#946)
chore(dependencies): Autobump orcaVersion (#947)
feat(gha): configure dependabot to keep github actions up to date (#948)
chore(deps): bump actions/checkout from 2 to 3 (#949)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#950)
chore(deps): bump google-github-actions/auth from 0 to 1 (#953)
chore(deps): bump actions/setup-java from 2 to 3 (#951)
chore(deps): bump docker/build-push-action from 3 to 4 (#952)
chore(gha): replace action for creating github releases (#954)
chore(gha): replace deprecated set-output commands with environment files (#955)
feat: SPLAT-582: Add a storage data migrator. (#940)
fix(signalfx): Fixed metric type missing due to duplicated field from parent class (#957)
feat: Add API endpoint to remove account credentials by account name(id) (#939)
chore(dependencies): Autobump spinnakerGradleVersion (#960)
refactor(deprecation): remove deprecated gradle constructs/features from kayenta in order to upgrade gradle 7 (#961)
chore(dependencies): Autobump orcaVersion (#966)
fix(orca): Fix orca contributors status. (backport #977) (#980)
chore(dependencies): Autobump orcaVersion (#983)

Spinnaker Deck - 1.31.3

Publish packages to NPM (#9955)
chore(dependencies): Autobump spinnakerGradleVersion (#9957)
chore(gha): update to docker/login-action@v2 to stay up to date (#9958)
chore(gha): replace deprecated set-output commands (#9952)
feat(gha): configure dependabot to keep github actions up to date (#9959)
chore(deps): bump actions/github-script from 0.9.0 to 6.4.0 (#9962)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#9966)
chore(deps): bump peter-evans/create-pull-request from 3 to 4 (#9964)
chore(deps): bump docker/build-push-action from 3 to 4 (#9963)
chore(deps): bump google-github-actions/auth from 0 to 1 (#9965)
chore(gha): replace action for creating github releases (#9961)
chore(deps): bump actions/setup-node from 1 to 3 (#9967)
chore(deps): bump actions/cache from 1 to 3 (#9970)
chore(deps): bump actions/setup-java from 2 to 3 (#9969)
chore(deps): bump actions/checkout from 2 to 3 (#9968)
fix: UI crashes when running pipeline(s) with many stages. (#9960)
Publish packages to NPM (#9972)
chore(build): update to Node 14 and es2019 (#9981)
chore(build): fix typo in GHA (#9982)
Node 14 fix (#9983)
feat(provider/google): Added Cloud Run manifest functionality in Deck. (#9971)
chore(deps): bump peter-evans/create-pull-request from 4 to 5 (#9985)
chore(deps): bump actions/github-script from 6.4.0 to 6.4.1 (#9986)
Publish packages to NPM (#9984)
update(rolling red/black) remove experimental label (#9987)
fix(angular): fix missed AngularJS bindings (#9989)
Publish packages to NPM (#9990)
fix(ecs): VPC Subnet dropdown fix in ecs server group creation.
feat(deck): make StageFailureMessage component overridable (#9994)
chore(build): fix package bump PR action (#9995)
Publish packages to NPM (#9993)
chore(dependencies): Autobump spinnakerGradleVersion (#9996)
fix(core/pipeline): Pipeline builder-pipeline action dropdown closing not properly (#9999)
feat(icons): allow plugins to provide custom icon components (#10001)
Publish packages to NPM (#10000)
Revert “fix(core): conditionally hide expression evaluation warning messages (#9771)” (#10021) (#10023)
fix: Scaling bounds should parse float not int (#10026) (#10032)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#10036) (#10047)
fix: Updating Lambda functions available Runtimes (#10055)

Spinnaker Orca - 1.31.3

fix(queue): fix ability to cancel a zombied execution (#4473) (#4478)
fix(queue): Manual Judgment propagation (#4474)
fix(deployment): fixed missing namespace while fetching manifest details from clouddriver (#4453) (#4457)
chore(dependencies): Autobump korkVersion (#4444) (#4446)
chore(dependencies): Autobump korkVersion (#4444)
chore(dependencies): Autobump fiatVersion (#4417)
Fix/manual judgment concurrent execution (#4410)
chore(dependencies): Autobump spinnakerGradleVersion (#4427)
chore(dependencies): Autobump fiatVersion (#4428)
chore(gha): update to docker/login-action@v2 to stay up to date (#4429)
chore(dependencies): Autobump korkVersion (#4430)
chore(dependencies): Autobump fiatVersion (#4431)
feat(gha): configure dependabot to keep github actions up to date (#4432)
chore(deps): bump peter-evans/create-pull-request from 3 to 4 (#4433)
chore(deps): bump google-github-actions/upload-cloud-storage from 0 to 1 (#4436)
chore(deps): bump docker/build-push-action from 3 to 4 (#4435)
chore(deps): bump google-github-actions/auth from 0 to 1 (#4437)
chore(deps): bump actions/setup-java from 2 to 3 (#4434)
chore(gha): replace action for creating github releases (#4438)
chore(deps): bump peter-evans/repository-dispatch from 1 to 2 (#4440)
chore(deps): bump actions/checkout from 2 to 3 (#4441)
chore(dependencies): Autobump korkVersion (#4442)
chore(dependencies): Autobump korkVersion (#4443)
chore(gha): replace deprecated set-output commands with environment files (#4439)
chore(dependencies): Autobump korkVersion (#4447)
feat(front50): call front50’s GET /pipelines/triggeredBy/{pipelineId}/{status} endpoint (#4448)
chore(deps): bump peter-evans/create-pull-request from 4 to 5 (#4450)
chore(dependencies): Autobump korkVersion (#4451)
fix(waiting-executions) : concurrent waiting executions doesn’t follow FIFO (#4415)
fix(deployment): fixed missing namespace while fetching manifest details from clouddriver (#4453)
chore(dependencies): Autobump spinnakerGradleVersion (#4458)
chore(dependencies): Autobump korkVersion (#4459)
chore(dependencies): Autobump korkVersion (#4461)
chore(dependencies): Autobump fiatVersion (#4464)
fix(queue): fix ability to cancel a zombied execution (#4473) (#4477)
fix(artifacts): consider requiredArtifactIds in expected artifacts when trigger is pipeline type (#4489) (#4491)
chore(dependencies): Autobump korkVersion (#4513)
chore(dependencies): Autobump fiatVersion (#4514)
fix: duplicate entry exception for correlation_ids table. (#4521) (#4531)
fix(vpc): add data annotation to vpc (#4534) (#4537)
fix(front50): teach MonitorPipelineTask to handle missing/null execution ids (#4555) (#4561)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#4546) (#4564)
fix(artifacts): Parent and child pipeline artifact resolution (backport #4575) (#4582)
fix(artifacts): Automated triggers with artifact constraints are broken if you have 2 or more of the same type (backport #4579) (#4587)

Continuous-Deployment: v2.30.5 Armory Continuous Deployment LTS Release (Spinnaker™ v1.30.4)

Fri, 10 Nov 2023 00:00:00 +0000

2023/11/10 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.30.5, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured for UTF-8 encoding

Impact

2.28.6 migrates to the AWS MySQL driver from the OSS MySQL drivers. This change is mostly seamless, but we’ve identified one breaking change. If your database was created without utf8mb4 you will see failures after this upgrade. utf8mb4 is the recommended DB format for any Spinnaker database, and we don’t anticipate most users who’ve followed setup instructions to encounter this failure. However, we’re calling out this change as a safeguard.

Introduced in: Armory CD 2.28.6

Update kubectl to 1.20

Impact

With 2.28 of Spinnaker, we’ve updated the kubectl binary to a 1.20 release. You may have potential caching issues as a result due to certain resources in Kubernetes being removed and/or no longer supported. Look for failures in your log files and exclude resources that don’t match your target cluster. For example, adding “PodPreset” to the “omitKinds” on your Kubernetes account configs would cause Spinnaker to skip trying to cache resources that no longer be able to be cached in newer kubernetes releases.

Introduced in: Armory CD 2.28.0

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.30.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0
Kubernetes Custom Resource Status	3.0.x

Known issues

Pipelines-as-Code `multipleBranchesEnabled: false` not working as expected

When multipleBranchesEnabled: false, you may notice that the configuration multipleBranchesEnabled is never set to even though it is set to false under the Dinghy profiles settings. This may cause dinghyfile changes on the master/main branch to be pushed unexpectedly.

You can read more about this issue in the KB article.

Affected versions: Armory CD 2.30.3, 2.30.4, 2.30.5

Clouddriver and Spring Cloud

Affected versions: Armory CD 2.30.0 and later

SpEL expressions and artifact binding

There is an issue where it appears that SpEL expressions are not being evaluated properly in artifact declarations (such as container images) for events such as the Deploy Manifest stage. What is actually happening is that an artifact binding is overriding the image value.

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false. This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.27.x and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

Automatically cancel Jenkins jobs

You now have the ability to cancel triggered Jenkins jobs when a Spinnaker pipeline is canceled, giving you more control over your full Jenkins workflow. Learn more about Jenkins + Spinnaker in this Spinnaker changelog.

Enhanced BitBucket Server pull request handling

Trigger Spinnaker pipelines natively when pull requests are opened in BitBucket with newly added events including PR opened, deleted, and declined. See Triggering pipelines with Bitbucket Server in the Spinnaker docs for details

Early access features enabled manually

Helm Parameters

Spinnaker users baking Helm charts can now use SpEL expression parameters for API Version and Kubernetes Version in the Bake Manifest stage so that they can conditionally deploy different versions of artifacts depending on the target cluster API and K8s versions. To learn more about this exciting new feature, visit Helm Parameters.

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Run Pipelines-as-Code with permissions scoped to a specific service account

Enhancing Pipelines-as-Code to upsert pipeline using an Orca call instead of a Front50 call, to mimic the calls from Deck. By default, it is disabled. Enabling can be achieved by setting the following in dinghy.yml:

upsertPipelineUsingOrcaTaskEnabled: true

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Now you can configure Pipeline-as-Code to pull Pipelines-as-Code files from multiple branches on the same repo. Cut out the tedious task of managing multiple repos; have a single repo for Spinnaker application pipelines. See Multiple branches for how to enable and configure this feature.

Terraform template fix

Highlighted updates

Echo

Fixed an issue where Echo didn’t start in GKE.

Orca

Addressed an issue where artifacts between parent/child pipeline executions were binding incorrectly.

Deck

Updated Lambda Function runtime options.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.30.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 767aa739e9c38d2ec7822e9e9a1838b69a56d4c0
version: 2.30.5
deck:
commit: b14f5660fbe9cde883dfaf25442a1e8cfe0c27b0
version: 2.30.5
dinghy:
commit: a3b59d9e4b810cc968d0f5e8e8370e1670574768
version: 2.30.5
echo:
commit: ea2081903be070da4b217a4c54d070f1503e6d00
version: 2.30.5
fiat:
commit: 5d44e1f53d2f33b17f8decfb057a18cfe4b6fa08
version: 2.30.5
front50:
commit: 5d9bb31f65f96087be30ce96cea1b6d481a6bef4
version: 2.30.5
gate:
commit: 5758316afba1260d2012730c471fd461819e7f39
version: 2.30.5
igor:
commit: 3123451525458f96548859b9bf2b15c89810f577
version: 2.30.5
kayenta:
commit: 1d2f5193ec681b5122fe7c34da6bbd569da8e0b8
version: 2.30.5
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: fdac510ea4f54b33abafbc840d7380100c6ab689
version: 2.30.5
rosco:
commit: 7907c80fd9ca1d956d5927a3e190617671b7e012
version: 2.30.5
terraformer:
commit: 249e7be18074af100212ddd554d9fb35afd65873
version: 2.30.5
timestamp: "2023-11-08 19:09:49"
version: 2.30.5

Armory

Armory Clouddriver - 2.30.4…2.30.5

Armory Orca - 2.30.4…2.30.5

chore(cd): update base orca version to 2023.11.06.18.16.22.release-1.30.x (#762)
chore(cd): update base orca version to 2023.11.07.00.08.28.release-1.30.x (#764)

Armory Igor - 2.30.4…2.30.5

Armory Rosco - 2.30.4…2.30.5

Armory Gate - 2.30.4…2.30.5

Armory Front50 - 2.30.4…2.30.5

Armory Fiat - 2.30.4…2.30.5

Armory Kayenta - 2.30.4…2.30.5

Terraformer™ - 2.30.4…2.30.5

Armory Echo - 2.30.4…2.30.5

fix: Upgrade grpc-netty-shaded to address the service initialization failure issue. (#647)

Dinghy™ - 2.30.4…2.30.5

Armory Deck - 2.30.4…2.30.5

chore(cd): update base deck version to 2023.0.0-20231024161913.release-1.30.x (#1364)

Spinnaker

Spinnaker Clouddriver - 1.30.4

Spinnaker Orca - 1.30.4

fix(artifacts): Parent and child pipeline artifact resolution (backport #4575) (#4581)
fix(artifacts): Automated triggers with artifact constraints are broken if you have 2 or more of the same type (backport #4579) (#4586)

Spinnaker Igor - 1.30.4

Spinnaker Rosco - 1.30.4

Spinnaker Gate - 1.30.4

Spinnaker Front50 - 1.30.4

Spinnaker Fiat - 1.30.4

Spinnaker Kayenta - 1.30.4

Spinnaker Echo - 1.30.4

Spinnaker Deck - 1.30.4

fix: Updating Lambda functions available Runtimes (#10055) (#10056)

Continuous-Deployment: v2.30.4 Armory Continuous Deployment Release (Spinnaker™ v1.30.4)

Mon, 06 Nov 2023 00:00:00 +0000

2023/11/06 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker or Armory CD, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.30.4+, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured for UTF-8 encoding

Impact

2.28.6 migrates to the AWS MySQL driver from the OSS MySQL drivers. This change is mostly seamless, but we’ve identified one breaking change. If your database was created without utf8mb4 you will see failures after this upgrade. utf8mb4 is the recommended DB format for any Spinnaker database, and we don’t anticipate most users who’ve followed setup instructions to encounter this failure. However, we’re calling out this change as a safeguard.

Introduced in: Armory CD 2.28.6

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.30.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0
Kubernetes Custom Resource Status	3.0.x

Known issues

Pipelines-as-Code `multipleBranchesEnabled: false` not working as expected

You can read more about this issue in the KB article.

Affected versions: Armory CD 2.30.3, 2.30.4

Artifact Binding

Customers who utilize parent pipelines to provide artifacts to child pipelines may encounter unexpected errors or results in 2.30+ as child pipelines may not resolve those artifacts correctly.

Affected versions: Armory CD 2.30.0 and later

1.30+ “required artifacts to bind” breaks pipelines

Expected artifacts can be used in automated triggers and stages, and OSS 1.30 changed the way artifact constraints work on triggers. Unfortunately those changes broke the previous behavior when triggering a pipeline from a stage, and this fix restores the previous behavior.

Affected versions: Armory CD 2.30.0 and later

Clouddriver and Spring Cloud

Affected versions: Armory CD 2.30.0 and later

SpEL expressions and artifact binding

Workaround:

Affected versions: Armory CD 2.27.x and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

Automatically cancel Jenkins jobs

Enhanced BitBucket Server pull request handling

Early access features enabled manually

NEW in this release - Helm Parameters

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Run Pipelines-as-Code with permissions scoped to a specific service account

upsertPipelineUsingOrcaTaskEnabled: true

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Terraform template fix

Highlighted updates

Igor

Fixed an issue that involved Jenkins backlinks being enabled in Orca. Igor was encountering an issue while attempting to invoke the JenkinsClient.submitDescription method.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.30.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 767aa739e9c38d2ec7822e9e9a1838b69a56d4c0
version: 2.30.4
deck:
commit: 305d4e3ccdd7ad009c14a0093cd64bdb0ad9aeaa
version: 2.30.4
dinghy:
commit: a3b59d9e4b810cc968d0f5e8e8370e1670574768
version: 2.30.4
echo:
commit: 2ef241fd3da29fb70cdb05432d022f0edd752d51
version: 2.30.4
fiat:
commit: 5d44e1f53d2f33b17f8decfb057a18cfe4b6fa08
version: 2.30.4
front50:
commit: 5d9bb31f65f96087be30ce96cea1b6d481a6bef4
version: 2.30.4
gate:
commit: 5758316afba1260d2012730c471fd461819e7f39
version: 2.30.4
igor:
commit: 3123451525458f96548859b9bf2b15c89810f577
version: 2.30.4
kayenta:
commit: 1d2f5193ec681b5122fe7c34da6bbd569da8e0b8
version: 2.30.4
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: abf688128f3557e53d8873b5f2fe623b1ad478f9
version: 2.30.4
rosco:
commit: 7907c80fd9ca1d956d5927a3e190617671b7e012
version: 2.30.4
terraformer:
commit: 249e7be18074af100212ddd554d9fb35afd65873
version: 2.30.4
timestamp: "2023-10-19 13:42:07"
version: 2.30.4

Armory

Dinghy™ - 2.30.3…2.30.4

Armory Echo - 2.30.3…2.30.4

Armory Clouddriver - 2.30.3…2.30.4

Armory Kayenta - 2.30.3…2.30.4

Armory Gate - 2.30.3…2.30.4

Updating Banner plugin to 0.2.0 (#630) (#631)

Terraformer™ - 2.30.3…2.30.4

Armory Rosco - 2.30.3…2.30.4

chore(cd): update base service version to rosco:2023.10.18.06.02.34.release-1.30.x (#591)

Armory Deck - 2.30.3…2.30.4

chore(cd): update base deck version to 2023.0.0-20231018060032.release-1.30.x (#1359)

Armory Igor - 2.30.3…2.30.4

fix: NoSuchMethodError exception in JenkinsClient. (#377) (#528)

Armory Orca - 2.30.3…2.30.4

chore(cd): update base orca version to 2023.10.09.23.59.23.release-1.30.x (#738)
fix(terraformer): Ignoring logs from the Terraformer stage context (#740) (#741)
chore(cd): update base orca version to 2023.10.18.06.01.45.release-1.30.x (#752)

Armory Fiat - 2.30.3…2.30.4

Armory Front50 - 2.30.3…2.30.4

Spinnaker

Spinnaker Echo - 1.30.4

Spinnaker Clouddriver - 1.30.4

Spinnaker Kayenta - 1.30.4

Spinnaker Gate - 1.30.4

Spinnaker Rosco - 1.30.4

feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#1020) (#1029)

Spinnaker Deck - 1.30.4

feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#10036) (#10046)

Spinnaker Igor - 1.30.4

Spinnaker Orca - 1.30.4

fix(front50): teach MonitorPipelineTask to handle missing/null execution ids (#4555) (#4558)
feat(helm/bake): Add additional input fields where we can fill in details of the APIs versions (#4546) (#4563)

Spinnaker Fiat - 1.30.4

Spinnaker Front50 - 1.30.4

Continuous-Deployment: v2.30.3 Armory Continuous Deployment Release (Spinnaker™ v1.30.4)

Mon, 09 Oct 2023 00:00:00 +0000

2023/10/09 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.30.3, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.>

Orca requires RDBMS configured for UTF-8 encoding

Impact

2.28.6 migrates to the AWS MySQL driver from the OSS MySQL drivers. This change is mostly seamless, but we’ve identified one breaking change. If your database was created without utf8mb4 you will see failures after this upgrade. utf8mb4 is the recommended DB format for any Spinnaker database, and we don’t anticipate most users who’ve followed setup instructions to encounter this failure. However, we’re calling out this change as a safeguard.

Introduced in: Armory CD 2.28.6

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.30.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0
Kubernetes Custom Resource Status	3.0.x

Known issues

Pipelines-as-Code `multipleBranchesEnabled: false` not working as expected

You can read more about this issue in the KB article.

Affected versions: Armory CD 2.30.3

Artifact Binding

Customers who utilize parent pipelines to provide artifacts to child pipelines may encounter unexpected errors or results in 2.30+ as child pipelines may not resolve those artifacts correctly.

Affected versions: Armory CD 2.30.0 and later

1.30+ “required artifacts to bind” breaks pipelines

Affected versions: Armory CD 2.30.0 and later

Clouddriver and Spring Cloud

Affected versions: Armory CD 2.30.0 and later

SpEL expressions and artifact binding

Workaround:

Affected versions: Armory CD 2.27.x and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

Automatically cancel Jenkins jobs

Enhanced BitBucket Server pull request handling

Early access features enabled manually

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Run Pipelines-as-Code with permissions scoped to a specific service account

upsertPipelineUsingOrcaTaskEnabled: true

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Terraform template fix

Highlighted updates

Front50

Rectified an issue related to incorrect versions of Google authentication dependencies.

Clouddriver

Addressed on issue where Lambda was leaking threads and eventually causing failures.
Added configurable timeouts for Lambda invocations.

Deck

Added decimal support for upper/lower bound ASG tests.

Gate

Added the ability to disable the caching filter. By default it is set to on.

Orca

Addressed an issue where errors were being generated when deploying an ECSService.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.30.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 767aa739e9c38d2ec7822e9e9a1838b69a56d4c0
version: 2.30.3
deck:
commit: 18e1727665cc52111760bf8e7f41cbf23da3b1a9
version: 2.30.3
dinghy:
commit: a3b59d9e4b810cc968d0f5e8e8370e1670574768
version: 2.30.3
echo:
commit: 2ef241fd3da29fb70cdb05432d022f0edd752d51
version: 2.30.3
fiat:
commit: 5d44e1f53d2f33b17f8decfb057a18cfe4b6fa08
version: 2.30.3
front50:
commit: 5d9bb31f65f96087be30ce96cea1b6d481a6bef4
version: 2.30.3
gate:
commit: 04598366642300d6f028df33b6206b5ce75f1038
version: 2.30.3
igor:
commit: f3d890427c79b7db6cf5fcb681e30542df97ff7c
version: 2.30.3
kayenta:
commit: 1d2f5193ec681b5122fe7c34da6bbd569da8e0b8
version: 2.30.3
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: ba62a86ef3af0007506b589a4272e3c2e03de00b
version: 2.30.3
rosco:
commit: a2b4662a40281e553de2182b680d5fd7e6bc3955
version: 2.30.3
terraformer:
commit: 249e7be18074af100212ddd554d9fb35afd65873
version: 2.30.3
timestamp: "2023-09-29 15:15:45"
version: 2.30.3

Armory

Armory Gate - 2.30.2…2.30.3

chore(cd): update base service version to gate:2023.09.01.01.26.23.release-1.30.x (#608)
chore(cd): update base service version to gate:2023.09.07.17.47.28.release-1.30.x (#612)

Armory Rosco - 2.30.2…2.30.3

Armory Orca - 2.30.2…2.30.3

chore(cd): update base orca version to 2023.09.07.17.59.31.release-1.30.x (#693)
chore(cd): update base orca version to 2023.09.26.15.03.20.release-1.30.x (#721)

Armory Fiat - 2.30.2…2.30.3

Armory Echo - 2.30.2…2.30.3

chore(cd): update base service version to echo:2023.09.07.17.49.13.release-1.30.x (#616)

Dinghy™ - 2.30.2…2.30.3

chore(log): Bumped up dinghy and plank versions. (backport #490) (#505)

Armory Kayenta - 2.30.2…2.30.3

Armory Clouddriver - 2.30.2…2.30.3

chore(cd): update base service version to clouddriver:2023.08.29.09.35.30.release-1.30.x (#945)
chore(cd): update base service version to clouddriver:2023.09.07.19.02.07.release-1.30.x (#953)
chore(cd): update base service version to clouddriver:2023.09.07.22.04.28.release-1.30.x (#955)
chore(cd): update base service version to clouddriver:2023.09.08.02.48.03.release-1.30.x (#958)
chore(cd): update base service version to clouddriver:2023.09.08.03.51.25.release-1.30.x (#959)
chore(cd): update base service version to clouddriver:2023.09.08.04.42.03.release-1.30.x (#962)
chore(cd): update base service version to clouddriver:2023.09.08.05.40.38.release-1.30.x (#963)
chore(cd): update base service version to clouddriver:2023.09.08.14.33.30.release-1.30.x (#965)
chore(cd): update base service version to clouddriver:2023.09.16.22.42.11.release-1.30.x (#976)
chore(cd): update base service version to clouddriver:2023.09.20.19.03.35.release-1.30.x (#980)
fix: CVE-2023-37920 (#977) (#992)

Armory Front50 - 2.30.2…2.30.3

chore(cd): update base service version to front50:2023.09.07.17.50.48.release-1.30.x (#588)
chore(cd): update base service version to front50:2023.09.25.18.58.31.release-1.30.x (#601)
fix(dependencies): match google cloud storage version to this set in OSS, and bump OSS front50 version. (#602)

Terraformer™ - 2.30.2…2.30.3

Armory Deck - 2.30.2…2.30.3

chore(cd): update base deck version to 2023.0.0-20230918174859.release-1.30.x (#1342)
chore(cd): update base deck version to 2023.0.0-20230920215154.release-1.30.x (#1343)

Armory Igor - 2.30.2…2.30.3

chore(cd): update base service version to igor:2023.09.07.17.50.00.release-1.30.x (#491)

Spinnaker

Spinnaker Gate - 1.30.4

fix(cachingFilter: Allow disabling the content caching filter (#1699) (#1700)
chore(dependencies): Autobump fiatVersion (#1708)

Spinnaker Rosco - 1.30.4

Spinnaker Orca - 1.30.4

chore(dependencies): Autobump fiatVersion (#4520)
fix(vpc): add data annotation to vpc (#4534) (#4536)
fix: duplicate entry exception for correlation_ids table. (#4521) (#4532)

Spinnaker Fiat - 1.30.4

Spinnaker Echo - 1.30.4

chore(dependencies): Autobump fiatVersion (#1338)

Spinnaker Kayenta - 1.30.4

Spinnaker Clouddriver - 1.30.4

chore(dependencies): Autobump fiatVersion (#6017)
chore(gha): update to docker/login-action@v2 to stay up to date (#5920) (#6020)
chore(deps): bump actions/cache from 2 to 3 (#5926) (#6022)
chore(deps): bump actions/checkout from 2 to 3 (#5924) (#6024)
chore(gha): replace action for creating github releases (backport #5929) (#6026)
chore(deps): bump actions/setup-java from 2 to 3 (#5928) (#6029)
chore(deps): bump docker/build-push-action from 3 to 4 (#5927) (#6030)
chore(gha): replace deprecated set-output commands with environment files (#5930) (#6032)
fix: Fix docker build in GHA by removing some of the GHA tools (#6033) (#6035)
feat(lambda): Lambda calls default timeout after 50 seconds causing longer running lambdas to fail. This adds configurable timeouts for lambda invocations (#6041) (#6044)
fix(lambda): Lambda is leaking threads on agent refreshes. remove the custom threadpool (#6048) (#6051)

Spinnaker Front50 - 1.30.4

chore(dependencies): Autobump fiatVersion (#1388)
fix(dependency): fix dependency version leak of google-api-services-storage from kork in front50-web (#1302) (#1393)

Spinnaker Deck - 1.30.4

Revert “fix(core): conditionally hide expression evaluation warning messages (#9771)” (#10021) (#10024)
fix: Scaling bounds should parse float not int (#10026) (#10031)

Spinnaker Igor - 1.30.4

chore(dependencies): Autobump fiatVersion (#1167)

Continuous-Deployment: v2.28.7 Armory Continuous Deployment LTS Release (Spinnaker™ v1.28.0)

Wed, 13 Sep 2023 00:00:00 +0000

2023/09/13 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.28.7, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Known issues

Application Attributes section displays “This Application has not been configured”

There is a known issue that relates to the Application Attributes section under the Config menu. An application that was already created and configured in Spinnaker displays the message, “This application has not been configured.” While the information is missing, there is no functional impact.

Affected versions: Armory CD 2.28.0

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Pipelines-as-Code GitHub comments

There is a known issue where Pipelines-as-Code can generate hundreds of comments in a GitHub Pull Request (PR) when updates are made, such as when a module that is used by multiple dinghyfiles gets changed. These comments may prevent the GitHub UI from loading or related API calls may lead to rate limiting.

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

2.26.x or later: Change the artifact binding behavior in spec.spinnakerConfig.profiles.clouddriver (Operator) or clouddriver-local.yml (Halyard) to the following, which causes artifacts to only bind the version when the tag is missing:

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Early access features enabled by default

Automatically cancel Jenkins jobs

Enhanced BitBucket Server pull request handling

Pipelines adapt to sub pipeline with manual judgment color

When a child/sub pipeline is running and requires a manual judgment, the parent pipeline provides a visual representation that the child pipeline has an manual judgement waiting. This Github pull request shows a visual representation of the feature in action.

Early access features enabled manually

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Terraform template fix

Highlighted updates

Clouddriver

Addressed an issue where deploying to an ECS cluster with tags was failing

Orca

Fixed an issue where Blue/Green(Red/Black) in the non-default namespace for kubernetes was failing
Fixed an issue where a missing “namespace” attribute in a HTTP call was being sent while fetching manifest details from Clouddriver.

Deck

Fixed some bugs related to Clone CX when instance types are incompatible. For full details, visit the Github PR

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.0 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 50b4f4881597a374a9ba85aac90c0c0b9b22cee5
version: 2.28.7
deck:
commit: 5e7cef7a443e096cf8158c0c405c3ebbf8b97c35
version: 2.28.7
dinghy:
commit: 912007004f7720b418cd133301c7fb20207e1f2f
version: 2.28.7
echo:
commit: a602d9d5def0815cb52bdf6d695ca69cbf0abe3b
version: 2.28.7
fiat:
commit: d0874307a60cbc457616569be910f4142c152586
version: 2.28.7
front50:
commit: 3292cf2715a9e52bb4690601d4fd877407505ced
version: 2.28.7
gate:
commit: c8058f4362f3f4ad108fa146d628a162445c7579
version: 2.28.7
igor:
commit: 00998fa8b33acd6db5ffa8722e37593f608e9f64
version: 2.28.7
kayenta:
commit: 3da923fd822202425b90a181c9734910c5c4a609
version: 2.28.7
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 27a66c125270377772675b0e24d93566d878cfb9
version: 2.28.7
rosco:
commit: 27d4a2b4a1d5f099b68471303d4fd14af156d46d
version: 2.28.7
terraformer:
commit: ea9b0255b7d446bcbf0f0d4e03fc8699b7508431
version: 2.28.7
timestamp: "2023-06-01 05:41:58"
version: 2.28.7

Armory

Armory Echo - 2.28.6…2.28.7

Armory Kayenta - 2.28.6…2.28.7

chore(cd): update base service version to kayenta:2023.06.01.03.10.17.release-1.28.x (#443)

Armory Igor - 2.28.6…2.28.7

chore(cd): update base service version to igor:2023.03.27.19.09.31.release-1.28.x (#426)
chore(cd): update armory-commons version to 3.11.5 (#450)
chore(cd): update armory-commons version to 3.11.6 (#453)

Armory Gate - 2.28.6…2.28.7

Armory Orca - 2.28.6…2.28.7

chore(cd): update base orca version to 2023.05.18.14.27.20.release-1.28.x (#645)

Armory Deck - 2.28.6…2.28.7

chore(cd): update base deck version to 2023.0.0-20230430115438.release-1.28.x (#1334)

Armory Fiat - 2.28.6…2.28.7

chore(cd): update armory-commons version to 3.11.5 (#472)
chore(cd): update armory-commons version to 3.11.6 (#476)

Armory Rosco - 2.28.6…2.28.7

Armory Front50 - 2.28.6…2.28.7

Terraformer™ - 2.28.6…2.28.7

Armory Clouddriver - 2.28.6…2.28.7

chore(cd): update base service version to clouddriver:2023.05.30.19.45.25.release-1.28.x (#880)

Dinghy™ - 2.28.6…2.28.7

Spinnaker

Spinnaker Echo - 1.28.0

Spinnaker Kayenta - 1.28.0

chore(dependencies): Autobump orcaVersion (#963)

Spinnaker Igor - 1.28.0

chore(dependencies): Autobump fiatVersion (#1101)

Spinnaker Gate - 1.28.0

Spinnaker Orca - 1.28.0

fix(deployment): fixed missing namespace while fetching manifest details from clouddriver (#4453) (#4455)

Spinnaker Deck - 1.28.0

fix(aws): Fixing bugs related to clone CX when instance types are incompatible with image/region (backport #9901) (#9975)

Spinnaker Fiat - 1.28.0

Spinnaker Rosco - 1.28.0

Spinnaker Front50 - 1.28.0

Spinnaker Clouddriver - 1.28.0

chore(dependencies): Autobump fiatVersion (#5916)

Continuous-Deployment: v2.30.2 Armory Continuous Deployment Release (Spinnaker™ v1.30.3)

Tue, 29 Aug 2023 00:00:00 +0000

2023/08/29 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.30.2, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured for UTF-8 encoding

Impact

2.28.6 migrates to the AWS MySQL driver from the OSS MySQL drivers. This change is mostly seamless, but we’ve identified one breaking change. If your database was created without utf8mb4 you will see failures after this upgrade. utf8mb4 is the recommended DB format for any Spinnaker database, and we don’t anticipate most users who’ve followed setup instructions to encounter this failure. However, we’re calling out this change as a safeguard.

Introduced in: Armory CD 2.28.6

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.30.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0
Kubernetes Custom Resource Status	3.0.x

Known issues

Artifact Binding

Customers who utilize parent pipelines to provide artifacts to child pipelines may encounter unexpected errors or results in 2.30+ as child pipelines may not resolve those artifacts correctly.

Affected versions: Armory CD 2.30.0 and later

1.30+ “required artifacts to bind” breaks pipelines

Affected versions: Armory CD 2.30.0

Clouddriver and Spring Cloud

Affected versions: Armory CD 2.30.0

SpEL expressions and artifact binding

Workaround:

Affected versions: Armory CD 2.27.x and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

Automatically cancel Jenkins jobs

Enhanced BitBucket Server pull request handling

Early access features enabled manually

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Terraform template fix

Highlighted updates

Gate

fix: regression in saml configuration that prevented successful configuration of authn/z

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.30.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 9e69fcd6cd17f31e35eeb7d443cdbf9c2d9ac187
version: 2.30.2
deck:
commit: 7737669d9a68843f448cc4c93ac2a6ea3485f95e
version: 2.30.2
dinghy:
commit: 5250de80948732c8caac6ffc5293a8af80a63a0f
version: 2.30.2
echo:
commit: 56844c654cd1b3981686933a9d5bc68011ee2bae
version: 2.30.2
fiat:
commit: 30319b57d40a7e9fd61067b7e0d9fb73bf9a6c46
version: 2.30.2
front50:
commit: ec0919166ced870668d787708c249945e9291a01
version: 2.30.2
gate:
commit: df941ff5c34d14e794c8784c28a1b30b28754971
version: 2.30.2
igor:
commit: 67b4c66f33b8b97b89e6b052654bebfea460a41f
version: 2.30.2
kayenta:
commit: 4d82ef4a72129a715749005235ce0d6ba4778603
version: 2.30.2
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 638d81c8d3186b6deb8829574c6ac5b65c88c94a
version: 2.30.2
rosco:
commit: e74de6eaccbed6301505d9f3d2f6745b410211a7
version: 2.30.2
terraformer:
commit: 650746ae3f596f9c6458987487c81840c85dd2a0
version: 2.30.2
timestamp: "2023-08-29 01:03:06"
version: 2.30.2

Armory

Terraformer™ - 2.30.1…2.30.2

Armory Igor - 2.30.1…2.30.2

Armory Clouddriver - 2.30.1…2.30.2

chore(cd): update base service version to clouddriver:2023.08.25.16.41.50.release-1.30.x (#933)
chore(cd): update base service version to clouddriver:2023.08.28.14.14.14.release-1.30.x (#937)

Armory Rosco - 2.30.1…2.30.2

Armory Gate - 2.30.1…2.30.2

fix: esapi CVE scan report (#602) (#603)

Armory Front50 - 2.30.1…2.30.2

Armory Deck - 2.30.1…2.30.2

Armory Kayenta - 2.30.1…2.30.2

Dinghy™ - 2.30.1…2.30.2

Armory Fiat - 2.30.1…2.30.2

Armory Orca - 2.30.1…2.30.2

Armory Echo - 2.30.1…2.30.2

Spinnaker

Spinnaker Igor - 1.30.3

Spinnaker Clouddriver - 1.30.3

fix(builds): Backport flag for installing aws cli (#6006)

Spinnaker Rosco - 1.30.3

Spinnaker Gate - 1.30.3

Spinnaker Front50 - 1.30.3

Spinnaker Deck - 1.30.3

Spinnaker Kayenta - 1.30.3

Spinnaker Fiat - 1.30.3

Spinnaker Orca - 1.30.3

Spinnaker Echo - 1.30.3

Continuous-Deployment: v2.30.1 Armory Continuous Deployment Release (Spinnaker™ v1.30.3)

Thu, 24 Aug 2023 00:00:00 +0000

2023/08/24 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.30.1, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured for UTF-8 encoding

Impact

2.28.6 migrates to the AWS MySQL driver from the OSS MySQL drivers. This change is mostly seamless, but we’ve identified one breaking change. If your database was created without utf8mb4 you will see failures after this upgrade. utf8mb4 is the recommended DB format for any Spinnaker database, and we don’t anticipate most users who’ve followed setup instructions to encounter this failure. However, we’re calling out this change as a safeguard.

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.30.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0
Kubernetes Custom Resource Status	3.0.x

Introduced in: Armory CD 2.28.6

Known issues

Artifact Binding

Customers who utilize parent pipelines to provide artifacts to child pipelines may encounter unexpected errors or results in 2.30+ as child pipelines may not resolve those artifacts correctly.

Affected versions: Armory CD 2.30.0 and later

Using Custom Resource Status Plugin and Scale Agent generates an error

Armory customers that may be using the Custom Resource Status Plugin (2.0.3) may encounter an error “An attempt was made to call a method that does not exist." That error will prevent Armory CDSH from starting.

Affected versions: Armory CD 2.30.0 and later

Workaround: Customers encountering this issue can downgrade to Custom Resource Status Plugin (2.0.2) as an option until Armory CDSH versions 2.30.3+ or 2.28.7+ are available.

1.30+ “required artifacts to bind” breaks pipelines

Affected versions: Armory CD 2.30.0

Clouddriver and Spring Cloud

Affected versions: Armory CD 2.30.0

SpEL expressions and artifact binding

Workaround:

Affected versions: Armory CD 2.27.x and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

Automatically cancel Jenkins jobs

Enhanced BitBucket Server pull request handling

Early access features enabled manually

Dynamic Rollback Timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Terraform template fix

Highlighted updates

Clouddriver

Addressed an issue related to AWS CLI pip installation where users were unable to install aws-cli via pip because a package dependency broke
Add the possibility to update the default handler for the Global Resource Property Registry. Due to the fact it is not possible to override the default handler behavior from a Spinnaker plugin code, we introduced a new setter function specifically designed to update the default handler for the Global Resource.

Orca

Waiting executions didn’t follow FIFO. The fix makes changes to push StartWaitingExecutions to the queue only when execution status is not running and disabled concurrent executions, in all other cases no need to push StartWaitingExecutions to the queue.

Terraformer

Session duration support on AWS roles

Kayenta

Addressed an issue related to verbose error messages in Kayenta logs

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.30.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: e83f27627c37921732db249ca823b2e6485a6f97
version: 2.30.1
deck:
commit: 7737669d9a68843f448cc4c93ac2a6ea3485f95e
version: 2.30.1
dinghy:
commit: 5250de80948732c8caac6ffc5293a8af80a63a0f
version: 2.30.1
echo:
commit: 56844c654cd1b3981686933a9d5bc68011ee2bae
version: 2.30.1
fiat:
commit: 30319b57d40a7e9fd61067b7e0d9fb73bf9a6c46
version: 2.30.1
front50:
commit: ec0919166ced870668d787708c249945e9291a01
version: 2.30.1
gate:
commit: 2dc9b4b767ab502faaa1b99c131eb7263cf519da
version: 2.30.1
igor:
commit: 67b4c66f33b8b97b89e6b052654bebfea460a41f
version: 2.30.1
kayenta:
commit: 4d82ef4a72129a715749005235ce0d6ba4778603
version: 2.30.1
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 638d81c8d3186b6deb8829574c6ac5b65c88c94a
version: 2.30.1
rosco:
commit: e74de6eaccbed6301505d9f3d2f6745b410211a7
version: 2.30.1
terraformer:
commit: 650746ae3f596f9c6458987487c81840c85dd2a0
version: 2.30.1
timestamp: "2023-08-23 17:49:50"
version: 2.30.1

Armory

Armory Clouddriver - 2.30.0…2.30.1

chore(cd): update base service version to clouddriver:2023.07.19.19.07.34.release-1.30.x (#902)
chore(cd): update base service version to clouddriver:2023.07.21.18.23.46.release-1.30.x (#905)
chore(kubectl): upgrade kubectl version from 1.20.6 to 1.22.17 (backport #878) (#917)
chore(cd): update base service version to clouddriver:2023.08.17.03.37.47.release-1.30.x (#920)
chore(cd): update base service version to clouddriver:2023.08.17.06.57.33.release-1.30.x (#922)
chore(cd): update base service version to clouddriver:2023.08.18.20.50.29.release-1.30.x (#923)
fix: AWS CLI pip installation (#918) (#925)
chore(cd): update base service version to clouddriver:2023.08.18.23.44.54.release-1.30.x (#926)

Armory Igor - 2.30.0…2.30.1

chore(cd): update base service version to igor:2023.08.17.02.51.58.release-1.30.x (#480)
chore(cd): update base service version to igor:2023.08.17.04.46.32.release-1.30.x (#481)
chore(cd): update base service version to igor:2023.08.18.20.06.35.release-1.30.x (#483)
chore(cd): update base service version to igor:2023.08.18.23.01.56.release-1.30.x (#484)

Terraformer™ - 2.30.0…2.30.1

Session duration support on AWS roles (#500) (#503)
fix: One more session timeout place (#501) (#505)

Armory Rosco - 2.30.0…2.30.1

chore(cd): update base service version to rosco:2023.08.17.02.48.33.release-1.30.x (#558)
chore(cd): update base service version to rosco:2023.08.18.20.06.48.release-1.30.x (#559)

Armory Front50 - 2.30.0…2.30.1

chore(cd): update base service version to front50:2023.08.18.20.06.26.release-1.30.x (#576)
chore(cd): update base service version to front50:2023.08.18.23.02.05.release-1.30.x (#577)

Armory Deck - 2.30.0…2.30.1

Armory Kayenta - 2.30.0…2.30.1

chore(cd): update base service version to kayenta:2023.08.17.05.53.17.release-1.30.x (#458)
chore(cd): update base service version to kayenta:2023.08.19.00.43.42.release-1.30.x (#461)
chore(cd): update base service version to kayenta:2023.08.22.17.00.47.release-1.30.x (#463)

Dinghy™ - 2.30.0…2.30.1

Armory Fiat - 2.30.0…2.30.1

chore(cd): update base service version to fiat:2023.08.17.02.48.22.release-1.30.x (#511)
chore(cd): update base service version to fiat:2023.08.18.20.06.20.release-1.30.x (#512)
chore(cd): update base service version to fiat:2023.08.22.18.06.01.release-1.30.x (#515)

Armory Orca - 2.30.0…2.30.1

chore(cd): update base orca version to 2023.08.15.19.18.48.release-1.30.x (#677)
chore(cd): update base orca version to 2023.08.17.02.56.00.release-1.30.x (#679)
chore(cd): update base orca version to 2023.08.17.04.55.06.release-1.30.x (#681)
chore(cd): update base orca version to 2023.08.18.20.16.18.release-1.30.x (#683)
chore(cd): update base orca version to 2023.08.18.23.14.04.release-1.30.x (#684)

Armory Echo - 2.30.0…2.30.1

chore(cd): update base service version to echo:2023.08.17.02.52.47.release-1.30.x (#604)
chore(cd): update base service version to echo:2023.08.17.04.48.12.release-1.30.x (#606)
chore(cd): update base service version to echo:2023.08.18.20.06.15.release-1.30.x (#607)
chore(cd): update base service version to echo:2023.08.18.23.04.19.release-1.30.x (#608)

Armory Gate - 2.30.0…2.30.1

chore(cd): update base service version to gate:2023.08.17.02.52.18.release-1.30.x (#592)
chore(cd): update base service version to gate:2023.08.17.04.50.02.release-1.30.x (#593)
chore(cd): update base service version to gate:2023.08.18.20.06.31.release-1.30.x (#595)
chore(cd): update base service version to gate:2023.08.18.23.02.38.release-1.30.x (#596)

Spinnaker

Spinnaker Clouddriver - 1.30.3

feat: Add the possibility to update the default handler for the Global Resource Property Registry. (#5963) (#5973)
fix(gce): remove the duplicate cache attribute “subnet” and update the test (#5977) (#5986)
chore(dependencies): Autobump korkVersion (#5998)
chore(dependencies): Autobump fiatVersion (#5999)
chore(dependencies): Autobump korkVersion (#6001)
chore(dependencies): Autobump fiatVersion (#6002)

Spinnaker Igor - 1.30.3

chore(dependencies): Autobump korkVersion (#1155)
chore(dependencies): Autobump fiatVersion (#1156)
chore(dependencies): Autobump korkVersion (#1158)
chore(dependencies): Autobump fiatVersion (#1159)

Spinnaker Rosco - 1.30.3

chore(dependencies): Autobump korkVersion (#1010)
chore(dependencies): Autobump korkVersion (#1011)

Spinnaker Front50 - 1.30.3

chore(dependencies): Autobump korkVersion (#1292)
chore(dependencies): Autobump fiatVersion (#1293)
chore(dependencies): Autobump korkVersion (#1295)
chore(dependencies): Autobump fiatVersion (#1296)

Spinnaker Deck - 1.30.3

Spinnaker Kayenta - 1.30.3

chore(dependencies): Autobump orcaVersion (#978)
chore(dependencies): Autobump orcaVersion (#982)
fix(orca): Fix orca contributors status. (backport #977) (#981)

Spinnaker Fiat - 1.30.3

chore(dependencies): Autobump korkVersion (#1088)
chore(dependencies): Autobump korkVersion (#1089)
fix(ssl): Removed unused deprecated okHttpClientConfig from retrofitConfig. (#1082) (#1091)

Spinnaker Orca - 1.30.3

fix(waiting-executions) : concurrent waiting executions doesn’t follow FIFO (backport #4415) (#4503)
chore(dependencies): Autobump korkVersion (#4505)
chore(dependencies): Autobump fiatVersion (#4506)
chore(dependencies): Autobump korkVersion (#4509)
chore(dependencies): Autobump fiatVersion (#4510)

Spinnaker Echo - 1.30.3

fix(gha): Fix github status log and add tests (#1316) (#1317)
chore(dependencies): Autobump korkVersion (#1326)
chore(dependencies): Autobump fiatVersion (#1327)
chore(dependencies): Autobump korkVersion (#1329)
chore(dependencies): Autobump fiatVersion (#1330)

Spinnaker Gate - 1.30.3

chore(dependencies): Autobump korkVersion (#1687)
chore(dependencies): Autobump fiatVersion (#1688)
chore(dependencies): Autobump korkVersion (#1690)
chore(dependencies): Autobump fiatVersion (#1691)

Continuous-Deployment: v2.30.0 Armory Continuous Deployment Release (Spinnaker™ v1.30.2)

Wed, 09 Aug 2023 00:00:00 +0000

2023/08/09 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.30.0, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Armory Compatibility Matrix

Please consult the Armory Compatibility Matrix for information about support and compatibility for Armory Continuous Deployment as well as the products and platforms with which it integrates.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured for UTF-8 encoding

Impact

2.28.6 migrates to the AWS MySQL driver from the OSS MySQL drivers. This change is mostly seamless, but we’ve identified one breaking change. If your database was created without utf8mb4 you will see failures after this upgrade. utf8mb4 is the recommended DB format for any Spinnaker database, and we don’t anticipate most users who’ve followed setup instructions to encounter this failure. However, we’re calling out this change as a safeguard.

Introduced in: Armory CD 2.28.6

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.30.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0
Kubernetes Custom Resource Status	3.0.x

Known issues

Artifact Binding

Customers who utilize parent pipelines to provide artifacts to child pipelines may encounter unexpected errors or results in 2.30+ as child pipelines may not resolve those artifacts correctly.

Affected versions: Armory CD 2.30.0 and later

Using Custom Resource Status Plugin and Scale Agent generates an error

Workaround: Customers encountering this issue can downgrade to Custom Resource Status Plugin (2.0.2) as an option until Armory CDSH versions 2.30.3+ or 2.28.7+ are available.

Affected versions: Armory CD 2.30.0

Kayenta errors on startup

In some instances Kayenta will error because the DiscoveryCompositeHealthContributor does not implement HealthIndicator. There is a fix for this that should land in the next dot release.

Affected versions: Armory CD 2.30.0

1.30+ “required artifacts to bind” breaks pipelines

Affected versions: Armory CD 2.30.0

Clouddriver and Spring Cloud

Affected versions: Armory CD 2.30.0

SpEL expressions and artifact binding

Workaround: 2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false. This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.27.x and later

Deprecations

Reference Feature Deprecations and end of support

Early access features enabled by default

Pipelines adapt to sub pipeline with manual judgment color

Automatically cancel Jenkins jobs

Enhanced BitBucket Server pull request handling

Early access features enabled manually

Dynamic rollback timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck. You need to add this block to orca.yml file if you want to enable the dynamic rollback timeout feature:

rollback:
 timeout:
 enabled: true

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines-as-Code PR checks

See Permissions check for a commit for details.

Pipelines-as-Code multi-branch enhancement

Terraform template fix

Highlighted updates

Cloudddriver

New mechanism to cache applications known to Front50. See https://spinnaker.io/changelogs/1.29.0-changelog/#clouddriver

Deck

Fixed an issue where the UI was crashing when running pipeline(s) with many stages. This change prevents iterating over child nodes as it has already been checked and as a result greatly reduces the number of interactions and increases speed.

Echo

Fixed an issue where Echo was failing to handle /webhooks/git/github requests

Fiat

New way to control how Fiat queries Clouddriver during a role sync (performance improvement)
- https://spinnaker.io/changelogs/1.29.0-changelog/#fiat
Addressed an issue related to concurrent sync calls causing memory exceptions and lack of available SQL connections. The fix prevents a new synchronization from starting if one is already in progress.

Front50

Resolved a performance regression where Front50 cached all pipeline configs on every sync, causing unnecessarily high service load

Gate

https://github.com/spinnaker/gate/pull/1610 expands support for adding request headers to the response header. Previously limited to X-SPINNAKER-REQUEST-ID, it’s now possible to specify any fields with a X-SPINNAKER prefix via the new interceptors.responseHeader.fields configuration property. The default value is X-SPINNAKER-REQUEST-ID to preserve the previous functionality.

#gate.yml

interceptors:
 responseHeader:
 fields:
 - X-SPINNAKER-REQUEST-ID
 - X-SPINNAKER-USER

Igor

New stop API endpoint
- https://spinnaker.io/changelogs/1.29.0-changelog/#igor

Kayenta

Implemented a MySQL data source for storage

Azure Baking

Visit Bake Azure Images in an Armory CD or Spinnaker pipeline to learn more about this feature.

AWS EC2 improvements, including UI changes

Improvements to AWS EC2 instance types API integration: The integration previously used AWS EC2 pricing docs to retrieve EC2 instance types and information. It was replaced with AWS EC2 describe-instance-types API instead.
Improvements to /instanceTypes API: Addition of instance type metadata/ information to API response. See before-after at (https://github.com/spinnaker/clouddriver/pull/5609).
Changes to /images API: ◦ Addition of architecture type to images API (used to filter out incompatible instance types in Deck). ◦ Images Caching agentType was modified to include the account information. Due to this change, your cache might still contain entries for the old cache keys as seen in Redis. These old keys will need to be cleaned up manually after upgrading to v1.29, if they are set to never expire. example:
- old key: com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider:AmazonInstanceTypeCachingAgent/eu-central-1:relationships
- new key: com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider:AmazonInstanceTypeCachingAgent/my-aws-devel-acct/eu-central-1:relationships

UI Changes

Displaying instance type info in Custom instance type selector in 2 places:
- As a tooltip for already selected instance types
- Enhanced drop down for list of available instance types
Adding filtering capability to the drop down in custom instance type selector. Filters implemented:
- instance family / size / type e.g. c3/ large/ c3.large
- min vcpu e.g. 16vcpu
- min memory e.g 32gib
- instance storage type e.g. ssd, hdd
- spot support
- ebs support
- gpu support
- current generation v/s old generation like *‘currentGen’ / ‘oldGen’

Kubernetes

Change ‘red/black’ to ‘blue/green’ in Spinnaker. Users coming to Spinnaker are now more familiar with Blue/Green industry terminology than the Netflix-specific phrasing Red/Black.

The Red/Black rollout strategy is marked as deprecated in the UI.
A Blue/Green rollout strategy is added that is functionally equivalent to the Red/Black rollout strategy. Changes made in Clouddriver and Orca.
Introduce a pipeline validator in Front50 that validates if red/black is used when creating/updating a Kubernetes pipeline. For now, it is logging a warning, but it will fail when we remove the red/black Kubernetes traffic management strategy.

Red/Black to Blue/Green migration details:

Front50 already supports migrations but you need to be enable it by adding migrations.enabled=true in your Front50 config. When Front50 starts, it automatically migrates existing pipelines using red/black to blue/green.
If you do not enable migration, red/black continues to work until the Spinnaker community decides to remove red/black.

Artifact handling

Changes to the way artifact constraints on triggers work If you have a pipeline with multiple triggers using different artifact constraints/expected artifacts, these have for a while been evaluated in an unexpected matter. To learn more, visit https://spinnaker.io/changelogs/1.30.0-changelog/#changes-to-the-way-artifact-constraints-on-triggers-work.

Spring Boot 2.4 changes

Read more about Spring boot in the 1.30 Release notes

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.30.2 changelog for details.

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 5dfa9fe9e2285a875f0f39cb29e46a6470f34665
version: 2.30.0
deck:
commit: a5ae63596f79df5c3dd4999253a9ed72dece7de3
version: 2.30.0
dinghy:
commit: 5250de80948732c8caac6ffc5293a8af80a63a0f
version: 2.30.0
echo:
commit: 86c586f7c523a4c320189eff00731271b8d31e32
version: 2.30.0
fiat:
commit: 0150c145b239568c294ab88251dc2fbb20ace279
version: 2.30.0
front50:
commit: bdbf36960c30b3599bdf0fa31620dfaf08927074
version: 2.30.0
gate:
commit: 679225a36b20fe39ecb175813929972c497d1a92
version: 2.30.0
igor:
commit: 020e01bbeaadf3d5eb745b33180bd1011c4b068f
version: 2.30.0
kayenta:
commit: 16aa401c453de95b670524b491cbaa682bcf2817
version: 2.30.0
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 25ccf32473a809846c1c3d4c967bb05ad9622549
version: 2.30.0
rosco:
commit: c72a24d8c560ea7b27fd8ecf45c9c11ca63682f4
version: 2.30.0
terraformer:
commit: 418546f57129380e383e62b6178ed582e6d64a93
version: 2.30.0
timestamp: "2023-05-31 22:11:31"
version: 2.30.0

Armory

Armory Clouddriver - 2.28.0…2.30.0

chore(cd): update base service version to clouddriver:2022.07.07.23.26.37.release-1.28.x (#688)
chore(cd): update base service version to clouddriver:2022.07.05.23.42.44.release-1.28.x (#685)
chore(cd): update base service version to clouddriver:2022.06.14.19.25.36.release-1.28.x (#674)
chore(cd): update base service version to clouddriver:2022.06.03.22.38.58.release-1.28.x (#667)
chore(cd): update armory-commons version to 3.11.4 (#655)
chore(cd): update base service version to clouddriver:2022.05.18.17.04.07.release-1.28.x (#653)
chore(cd): update base service version to clouddriver:2022.05.18.16.35.10.release-1.28.x (#652)
chore(cd): update base service version to clouddriver:2022.05.17.21.10.01.release-1.28.x (#651)
chore(gradle): removing spinnaker gradle fix version (#647) (#648)
feat(iam): use aws-mysql-jdbc (#586) (#617)
chore(cd): update armory-commons version to 3.11.3 (#642)
chore(build): upgrade armory settings (#640) (#641)
chore(cd): update armory-commons version to 3.11.2 (#638)
fix(build): clean mergify conflict (#637)
fix(build): pass version to nebula, remove publish devSnapshots (#630) (#636)
chore(cd): update base service version to clouddriver:2022.04.27.05.22.30.release-1.28.x (#634)
chore(cd): update base service version to clouddriver:2022.04.27.03.50.34.release-1.28.x (#631)
chore(cd): update base service version to clouddriver:2022.04.26.15.47.37.release-1.28.x (#627)
chore(cd): update base service version to clouddriver:2022.04.26.14.54.42.release-1.28.x (#625)
chore(cd): update armory-commons version to 3.11.1 (#624)
Updating kubectl version to match OSS (#608) (#609)
chore(cd): update base service version to clouddriver:2022.04.09.02.50.33.release-1.28.x (#604)
chore(cd): update base service version to clouddriver:2022.04.09.00.37.02.release-1.28.x (#603)
chore(cd): update base service version to clouddriver:2022.04.04.16.50.07.master (#600)
chore(cd): update base service version to clouddriver:2022.04.04.21.25.36.master (#601)
chore(cd): update base service version to clouddriver:2022.04.08.14.55.54.master (#602)
chore(cd): update base service version to clouddriver:2022.04.11.10.08.50.master (#605)
chore(cd): update base service version to clouddriver:2022.04.12.02.29.25.master (#606)
Updating kubectl version to match OSS (#608)
chore(cd): update base service version to clouddriver:2022.04.13.01.25.37.master (#612)
chore(cd): update base service version to clouddriver:2022.04.13.19.21.38.master (#613)
chore(cd): update base service version to clouddriver:2022.04.20.15.17.44.master (#620)
chore(cd): update base service version to clouddriver:2022.04.21.16.12.01.master (#622)
chore(cd): update base service version to clouddriver:2022.04.27.03.25.12.master (#629)
chore(cd): update base service version to clouddriver:2022.04.27.04.54.32.master (#633)
fix(build): pass version to nebula, remove publish devSnapshots (#630)
chore(cd): update base service version to clouddriver:2022.04.30.11.45.33.master (#639)
chore(build): upgrade armory settings (#640)
chore(cd): update base service version to clouddriver:2022.05.12.00.27.53.master (#643)
chore(cd): update base service version to clouddriver:2022.05.13.00.04.59.master (#644)
chore(gradle): removing spinnaker gradle fix version (#647)
chore(cd): update base service version to clouddriver:2022.05.16.18.23.27.master (#649)
chore(cd): update base service version to clouddriver:2022.05.18.17.57.41.master (#654)
fix(iam-auth): Fixes iam authenticator to dynamic check apis (#618)
chore(cd): update base service version to clouddriver:2022.05.19.21.46.28.master (#657)
chore(build): updating armory-commons (#656)
chore(cd): update base service version to clouddriver:2022.05.20.17.04.12.master (#658)
feat(iam): use aws-mysql-jdbc (backport #586) (#646)
chore(cd): update base service version to clouddriver:2022.05.24.02.37.11.master (#661)
chore(cd): update base service version to clouddriver:2022.05.27.00.24.49.master (#662)
chore(cd): update base service version to clouddriver:2022.05.27.15.27.14.master (#663)
chore(cd): update base service version to clouddriver:2022.05.27.17.07.39.master (#664)
chore(cd): update base service version to clouddriver:2022.06.01.18.30.18.master (#665)
chore(cd): update base service version to clouddriver:2022.06.03.19.48.46.master (#666)
chore(cd): update base service version to clouddriver:2022.06.06.17.18.06.master (#668)
chore(cd): update base service version to clouddriver:2022.06.07.17.42.23.master (#669)
chore(cd): update base service version to clouddriver:2022.06.08.20.20.30.master (#670)
chore(cd): update base service version to clouddriver:2022.06.11.16.26.30.master (#671)
chore(cd): update base service version to clouddriver:2022.06.14.18.16.06.master (#672)
chore(cd): update base service version to clouddriver:2022.06.14.18.57.25.master (#673)
chore(cd): update base service version to clouddriver:2022.06.14.23.00.38.master (#675)
chore(cd): update base service version to clouddriver:2022.06.15.23.35.34.master (#676)
chore(cd): update base service version to clouddriver:2022.06.16.18.28.41.master (#677)
chore(cd): update base service version to clouddriver:2022.06.16.22.59.43.master (#678)
chore(cd): update base service version to clouddriver:2022.06.18.02.14.56.master (#679)
chore(cd): update base service version to clouddriver:2022.06.21.14.10.58.master (#680)
chore(cd): update base service version to clouddriver:2022.06.23.19.56.04.master (#681)
chore(cd): update base service version to clouddriver:2022.06.24.01.25.13.master (#682)
chore(cd): update base service version to clouddriver:2022.07.05.21.07.29.master (#683)
chore(cd): update base service version to clouddriver:2022.07.05.23.42.48.master (#684)
chore(dockerfile): upgrade to latest alpine image (#689)
chore(cd): update base service version to clouddriver:2022.07.25.16.51.20.master (#693)
chore(cd): update base service version to clouddriver:2022.07.27.23.51.58.master (#694)
Updating aws-iam-authenticator to 0.5.9 due to CVE-2022-2385 (#692)
chore(cd): update base service version to clouddriver:2022.08.01.21.36.35.master (#697)
chore(cd): update base service version to clouddriver:2022.08.02.14.20.57.master (#698)
chore(cd): update base service version to clouddriver:2022.08.03.02.29.38.master (#699)
chore(cd): update base service version to clouddriver:2022.08.08.14.56.30.master (#702)
chore(cd): update base service version to clouddriver:2022.08.15.19.16.42.master (#705)
chore(cd): update base service version to clouddriver:2022.08.15.19.51.15.master (#706)
chore(cd): update base service version to clouddriver:2022.08.16.15.50.05.master (#707)
chore(cd): update base service version to clouddriver:2022.08.22.06.25.08.master (#710)
chore(cd): update base service version to clouddriver:2022.08.24.14.21.39.master (#711)
chore(cd): update base service version to clouddriver:2022.08.24.22.25.06.master (#712)
chore(cd): update base service version to clouddriver:2022.08.25.19.55.27.master (#713)
chore(cd): update base service version to clouddriver:2022.09.02.00.09.48.master (#714)
chore(cd): update base service version to clouddriver:2022.09.02.01.00.53.master (#715)
chore(cd): update base service version to clouddriver:2022.09.02.14.53.21.master (#716)
chore(cd): update base service version to clouddriver:2022.09.02.18.17.14.master (#717)
chore(cd): update base service version to clouddriver:2022.09.09.19.50.46.master (#718)
chore(cd): update base service version to clouddriver:2022.09.12.18.59.36.master (#719)
chore(cd): update base service version to clouddriver:2022.09.13.20.43.09.master (#720)
chore(cd): update base service version to clouddriver:2022.09.14.16.30.11.master (#721)
chore(cd): update base service version to clouddriver:2022.09.27.19.09.40.master (#722)
chore(cd): update base service version to clouddriver:2022.10.06.16.45.47.master (#725)
chore(cd): update base service version to clouddriver:2022.10.10.17.09.27.master (#726)
chore(cd): update base service version to clouddriver:2022.10.10.18.27.46.master (#727)
chore(cd): update base service version to clouddriver:2022.10.19.17.17.54.master (#730)
chore(cd): update base service version to clouddriver:2022.10.21.21.59.52.master (#731)
chore(cd): update base service version to clouddriver:2022.10.27.13.47.05.master (#732)
chore(cd): update base service version to clouddriver:2022.11.01.17.45.19.master (#734)
chore(cd): update base service version to clouddriver:2022.11.02.03.38.36.master (#735)
chore(cd): update base service version to clouddriver:2022.11.02.15.17.26.master (#736)
fix(azure): forcing reactor version for azure sdk (#737)
chore(cd): update base service version to clouddriver:2022.11.16.18.17.39.master (#739)
chore(cd): update base service version to clouddriver:2022.11.17.00.46.42.master (#740)
chore(cd): update base service version to clouddriver:2022.11.17.17.33.46.master (#743)
chore(cd): update base service version to clouddriver:2022.11.19.02.08.13.master (#745)
chore(cd): update base service version to clouddriver:2022.11.19.17.07.08.master (#746)
chore(cd): update base service version to clouddriver:2022.11.22.17.44.20.master (#747)
chore(cd): update base service version to clouddriver:2022.11.24.16.35.57.master (#748)
chore(cd): update base service version to clouddriver:2022.11.25.06.30.21.master (#749)
chore(cd): update base service version to clouddriver:2022.12.02.21.49.55.master (#753)
chore(cd): update base service version to clouddriver:2022.12.07.16.15.33.master (#754)
chore(cd): update base service version to clouddriver:2022.12.07.21.56.34.master (#755)
chore(cd): update base service version to clouddriver:2022.12.09.01.26.47.master (#756)
chore(cd): update base service version to clouddriver:2022.12.09.02.30.30.master (#757)
chore(cd): update base service version to clouddriver:2022.12.09.03.36.49.master (#758)
chore(cd): update base service version to clouddriver:2022.12.09.06.40.08.master (#759)
chore(cd): update base service version to clouddriver:2022.12.09.17.04.05.master (#760)
chore(cd): update base service version to clouddriver:2022.12.15.17.02.20.master (#762)
chore(cd): update base service version to clouddriver:2022.12.21.23.32.36.master (#763)
chore(cd): update base service version to clouddriver:2022.12.22.05.26.04.master (#764)
chore(cd): update base service version to clouddriver:2022.12.22.12.32.04.master (#765)
chore(cd): update base service version to clouddriver:2023.01.01.17.38.55.master (#766)
fix(cloudfoundry): upgrading armory-commons to use vault secrets (#767)
chore(cd): update base service version to clouddriver:2023.01.04.21.11.15.master (#768)
fix(sql): forcing liquibase version (#770)
feat(google): Updated google cloud SDK to support GKE >1.26 (#769)
update(docs): Updated docs on versions (#761)
chore(cd): update base service version to clouddriver:2023.01.11.18.48.59.master (#775)
chore(cd): update base service version to clouddriver:2023.01.12.22.30.21.master (#776)
chore(cd): update base service version to clouddriver:2023.01.13.22.46.13.master (#777)
chore(cd): update base service version to clouddriver:2023.01.27.00.21.34.master (#783)
chore(cd): update base service version to clouddriver:2023.01.30.16.08.58.master (#785)
chore(cd): update base service version to clouddriver:2023.01.30.17.21.25.master (#786)
chore(cd): update base service version to clouddriver:2023.02.01.16.00.05.master (#788)
chore(cd): update base service version to clouddriver:2023.02.08.20.35.59.master (#790)
chore(cd): update base service version to clouddriver:2023.02.08.23.13.15.master (#791)
chore(cd): update base service version to clouddriver:2023.02.09.00.22.48.master (#792)
chore(cd): update base service version to clouddriver:2023.02.09.01.38.58.master (#793)
chore(cd): update base service version to clouddriver:2023.02.09.05.02.13.master (#794)
chore(cd): update base service version to clouddriver:2023.02.09.07.11.08.master (#795)
chore(cd): update base service version to clouddriver:2023.02.14.05.08.28.master (#796)
chore(cd): update base service version to clouddriver:2023.02.15.21.12.08.master (#798)
chore(cd): update base service version to clouddriver:2023.02.16.16.45.16.master (#801)
chore(cd): update base service version to clouddriver:2023.02.20.20.42.57.master (#802)
chore(cd): update base service version to clouddriver:2023.02.20.21.51.30.master (#803)
chore(cd): update base service version to clouddriver:2023.02.22.20.12.12.master (#806)
chore(cd): update base service version to clouddriver:2023.02.23.17.25.27.master (#807)
chore(cd): update base service version to clouddriver:2023.02.23.21.38.10.master (#808)
chore(cd): update base service version to clouddriver:2023.03.02.12.13.06.master (#810)
chore(cd): update base service version to clouddriver:2023.03.09.16.05.50.master (#816)
chore(cd): update base service version to clouddriver:2023.03.13.22.28.44.master (#817)
chore(cd): update base service version to clouddriver:2023.03.18.00.04.47.master (#818)
chore(cd): update armory-commons version to 3.13.1 (#837)
chore(cd): update base service version to clouddriver:2023.03.24.23.48.26.release-1.30.x (#839)
chore(cd): update base service version to clouddriver:2023.04.05.14.02.06.release-1.30.x (#856)
chore(cd): update base service version to clouddriver:2023.04.06.10.03.44.release-1.30.x (#859)
chore(cd): update base service version to clouddriver:2023.04.07.02.16.05.release-1.30.x (#860)
chore(cd): update armory-commons version to 3.13.2 (#861)
chore(cd): update armory-commons version to 3.13.3 (#867)
chore(cd): update armory-commons version to 3.13.4 (#869)
chore(cd): update armory-commons version to 3.13.5 (#874)
chore(cd): update base service version to clouddriver:2023.05.30.19.45.40.release-1.30.x (#882)

Armory Deck - 2.28.0…2.30.0

fix(font): Switch font to Sans3 (backport #1239) (#1240)
chore(cd): update base deck version to 2022.0.0-20220713154638.release-1.28.x (#1237)
chore(cd): update base deck version to 2022.0.0-20220706232954.release-1.28.x (#1234)
chore(cd): update base deck version to 2022.0.0-20220705204056.release-1.28.x (#1233)
fix(expandnav): Update recoil version to the same version as in oss project (backport #1224) (#1225)
chore(cd): update base deck version to 2022.0.0-20220606173439.release-1.28.x (#1223)
chore(cd): update base deck version to 2022.0.0-20220524093036.release-1.28.x (#1221)
docs(tf): improve backend artifact help txt for the stage (#1113)
fix(expandnav): Update recoil version to the same version as in oss project (#1224)
fix(font): Switch font to Sans3 (#1239)
feat(armory): Add quickspin feature flag (#1249)
style(logo): Changed Armory logo (#1264)
docs(yarn): added troubleshooting for yarn and github (#1275)
chore(cd): update base deck version to 2022.0.0-20221128231909.master (#1276)
chore(cd): update base deck version to 2022.0.0-20221130174048.master (#1281)
chore(cd): update base deck version to 2022.0.0-20221212162149.master (#1283)
fix(runtime): There was an incompatibility between angular version (1.8.0) and angular sanitize version (#1284)
chore(cd): update base deck version to 2022.0.0-20221222045945.master (#1285)
chore(cd): update base deck version to 2023.0.0-20230105160952.master (#1286)
chore(cd): update base deck version to 2023.0.0-20230110154919.master (#1287)
chore(cd): update base deck version to 2023.0.0-20230110161007.master (#1288)
chore(cd): update base deck version to 2023.0.0-20230125224635.master (#1289)
chore(cd): update base deck version to 2023.0.0-20230202120433.master (#1293)
chore(cd): update base deck version to 2023.0.0-20230207090202.master (#1297)
chore(cd): update base deck version to 2023.0.0-20230214090728.master (#1298)
chore(cd): update base deck version to 2023.0.0-20230220114621.master (#1299)
chore(cd): update base deck version to 2023.0.0-20230220132814.master (#1300)
chore(cd): update base deck version to 2023.0.0-20230321144223.release-1.30.x (#1331)

Dinghy™ - 2.28.0…2.30.0

chore(dependencies): Bump OSS Dinghy version (#461)
chore(dependencies): update plank version (#464)
chore(dependencies): updated oss dinghy version to v0.0.0-20221025163127-2d465e0cea94 (#470)
chore(docs): added docs about backporting oss features (#474)
feat(tls): Enables TLS redis URLs (#476)
chore(dependencies): Updated oss dinghy version (#477)
chore(alpine): Upgrade alpine version (#481)

Armory Echo - 2.28.0…2.30.0

chore(cd): update armory-commons version to 3.11.4 (#472)
chore(cd): update armory-commons version to 3.11.3 (#471)
chore(build): upgrade armory settings (#469) (#470)
chore(cd): update armory-commons version to 3.11.2 (#468)
fix(build): use semver version from astrolabe variables (#464) (#465)
chore(cd): update base service version to echo:2022.04.27.04.44.17.release-1.28.x (#463)
chore(cd): update base service version to echo:2022.04.27.04.35.31.release-1.28.x (#462)
fix(build): include version to artifactory/nebula plugin (backport #456) (#458)
chore(cd): update base service version to echo:2022.04.26.16.15.57.release-1.28.x (#455)
chore(cd): update armory-commons version to 3.11.1 (#453)
chore(cd): update base service version to echo:2022.04.09.02.36.00.release-1.28.x (#447)
chore(cd): update base service version to echo:2022.04.01.15.36.33.master (#443)
chore(cd): update base service version to echo:2022.04.04.21.06.21.master (#446)
chore(cd): update base service version to echo:2022.04.14.16.53.32.master (#448)
chore(cd): update base service version to echo:2022.04.20.15.17.48.master (#449)
chore(cd): update base service version to echo:2022.04.20.18.17.24.master (#450)
chore(cd): update base service version to echo:2022.04.21.15.59.16.master (#451)
fix(build): include version to artifactory/nebula plugin (#456)
chore(cd): update base service version to echo:2022.04.27.04.21.23.master (#459)
chore(cd): update base service version to echo:2022.04.27.04.28.29.master (#460)
fix(build): use semver version from astrolabe variables (#464)
chore(build): upgrade armory settings (#469)
chore(build): updating armory-commons (#473)
chore(cd): update base service version to echo:2022.04.28.11.23.33.master (#467)
chore(cd): update base service version to echo:2022.05.27.15.13.57.master (#474)
chore(cd): update base service version to echo:2022.05.27.20.17.29.master (#475)
chore(cd): update base service version to echo:2022.06.06.17.04.57.master (#476)
chore(cd): update base service version to echo:2022.06.14.18.38.40.master (#477)
chore(cd): update base service version to echo:2022.07.27.23.37.25.master (#478)
chore(cd): update base service version to echo:2022.08.03.02.53.03.master (#480)
chore(cd): update base service version to echo:2022.08.13.04.22.48.master (#485)
chore(cd): update base service version to echo:2022.08.15.19.05.42.master (#486)
chore(cd): update base service version to echo:2022.08.25.19.33.36.master (#489)
chore(cd): update base service version to echo:2022.09.12.18.31.44.master (#490)
chore(cd): update base service version to echo:2022.09.13.20.21.05.master (#491)
chore(cd): update base service version to echo:2022.09.14.16.00.12.master (#492)
chore(cd): update base service version to echo:2022.09.27.18.06.29.master (#493)
chore(cd): update base service version to echo:2022.10.03.15.36.31.master (#494)
chore(cd): update base service version to echo:2022.10.10.17.49.34.master (#495)
chore(cd): update base service version to echo:2022.11.18.18.22.08.master (#498)
chore(cd): update base service version to echo:2022.11.19.16.28.16.master (#500)
chore(cd): update base service version to echo:2022.11.24.15.57.49.master (#501)
re-trigger build (#502)
re-trigger build for stack (#505)
chore(cd): update base service version to echo:2022.11.30.16.14.24.master (#506)
chore(cd): update base service version to echo:2022.12.07.16.52.30.master (#508)
chore(cd): update base service version to echo:2022.12.09.00.48.10.master (#510)
chore(cd): update base service version to echo:2022.12.09.02.57.46.master (#511)
chore(cd): update base service version to echo:2022.12.09.06.02.22.master (#512)
chore(cd): update base service version to echo:2022.12.09.16.42.31.master (#513)
chore(cd): update base service version to echo:2022.12.14.15.26.17.master (#514)
chore(cd): update base service version to echo:2022.12.14.22.12.50.master (#517)
chore(cd): update base service version to echo:2022.12.16.00.25.34.master (#518)
fix: Update config after OSS spring boot migration (#519)
chore(cd): update base service version to echo:2023.01.12.21.50.58.master (#522)
chore(cd): update base service version to echo:2023.01.20.14.32.19.master (#524)
chore(cd): update base service version to echo:2023.01.26.22.02.31.master (#528)
chore(cd): update base service version to echo:2023.01.30.15.29.44.master (#529)
chore(cd): update base service version to echo:2023.01.30.16.27.29.master (#530)
chore(cd): update base service version to echo:2023.02.08.08.42.16.master (#531)
chore(cd): update base service version to echo:2023.02.08.19.53.33.master (#532)
chore(cd): update base service version to echo:2023.02.08.22.19.31.master (#533)
chore(cd): update base service version to echo:2023.02.08.23.29.50.master (#534)
chore(cd): update base service version to echo:2023.02.09.00.59.31.master (#535)
chore(cd): update base service version to echo:2023.02.09.06.34.26.master (#536)
chore(cd): update base service version to echo:2023.02.10.05.34.06.master (#537)
chore(cd): update base service version to echo:2023.02.20.19.52.01.master (#538)
chore(cd): update base service version to echo:2023.02.20.21.09.15.master (#539)
chore(cd): update armory-commons version to 3.13.1 (#558)
chore(cd): update base service version to echo:2023.04.05.11.38.02.release-1.30.x (#572)
chore(cd): update base service version to echo:2023.04.07.01.30.15.release-1.30.x (#573)
chore(cd): update armory-commons version to 3.13.2 (#575)
chore(cd): update armory-commons version to 3.13.3 (#578)
chore(cd): update armory-commons version to 3.13.4 (#580)
chore(cd): update armory-commons version to 3.13.5 (#583)

Armory Fiat - 2.28.0…2.30.0

chore(cd): update base service version to fiat:2022.04.27.04.04.45.release-1.28.x (#370)
chore(cd): update armory-commons version to 3.11.4 (#365)
chore(cd): update armory-commons version to 3.11.3 (#362)
chore(build): upgrade armory settings (#360) (#361)
chore(cd): update armory-commons version to 3.11.2 (#359)
fix(build): pass version to nebula and remove devSnapshot publishing (backport #355) (#358)
chore(cd): update base service version to fiat:2022.04.26.16.36.30.release-1.28.x (#352)
chore(cd): update armory-commons version to 3.11.1 (#351)
chore(cd): update base service version to fiat:2022.04.09.02.00.53.release-1.28.x (#345)
chore(cd): update base service version to fiat:2022.04.01.22.02.12.master (#341)
chore(cd): update base service version to fiat:2022.04.04.21.04.58.master (#344)
chore(cd): update base service version to fiat:2022.04.13.19.19.16.master (#346)
chore(cd): update base service version to fiat:2022.04.20.15.19.32.master (#347)
chore(cd): update base service version to fiat:2022.04.21.15.56.28.master (#349)
chore(cd): update base service version to fiat:2022.04.27.03.57.12.master (#354)
chore(cd): update base service version to fiat:2022.04.27.04.03.50.master (#356)
fix(build): pass version to nebula and remove devSnapshot publishing (#355)
chore(build): upgrade armory settings (#360)
chore(build): updating armory-commons (#366)
chore(cd): update base service version to fiat:2022.05.19.22.57.38.master (#371)
chore(cd): update base service version to fiat:2022.05.27.15.12.30.master (#374)
chore(cd): update base service version to fiat:2022.06.06.17.03.12.master (#375)
chore(cd): update base service version to fiat:2022.06.14.18.38.36.master (#376)
chore(cd): update base service version to fiat:2022.06.24.16.02.34.master (#377)
chore(dockerfile): upgrade to latest alpine image (#378)
chore(cd): update base service version to fiat:2022.07.26.00.02.40.master (#381)
chore(cd): update base service version to fiat:2022.07.26.12.49.24.master (#382)
chore(cd): update base service version to fiat:2022.07.27.23.28.35.master (#383)
chore(cd): update base service version to fiat:2022.08.03.02.30.50.master (#384)
chore(cd): update base service version to fiat:2022.08.13.22.29.32.master (#389)
chore(cd): update base service version to fiat:2022.08.15.19.02.00.master (#390)
chore(cd): update base service version to fiat:2022.12.09.06.00.32.master (#416)
chore(cd): update base service version to fiat:2022.12.15.16.51.17.master (#417)
chore(cd): update base service version to fiat:2022.12.22.04.47.41.master (#418)
chore(cd): update base service version to fiat:2023.01.12.21.48.17.master (#421)
chore(cd): update base service version to fiat:2023.01.19.18.55.19.master (#422)
chore(cd): update base service version to fiat:2023.01.23.17.07.21.master (#423)
chore(cd): update base service version to fiat:2023.01.26.22.03.42.master (#424)
chore(cd): update base service version to fiat:2023.01.30.15.29.51.master (#425)
chore(cd): update base service version to fiat:2023.01.30.16.28.00.master (#426)
chore(cd): update base service version to fiat:2023.02.07.14.56.27.master (#427)
chore(cd): update base service version to fiat:2023.02.07.15.21.58.master (#428)
chore(cd): update base service version to fiat:2023.02.08.19.56.02.master (#431)
chore(cd): update base service version to fiat:2023.02.08.23.29.06.master (#433)
chore(cd): update base service version to fiat:2023.02.09.00.55.51.master (#434)
chore(cd): update base service version to fiat:2023.02.09.06.30.45.master (#435)
chore(cd): update base service version to fiat:2023.02.17.16.05.18.master (#436)
chore(cd): update base service version to fiat:2023.02.20.19.50.58.master (#437)
chore(cd): update armory-commons version to 3.13.1 (#456)
chore(cd): update base service version to fiat:2023.04.05.11.36.40.release-1.30.x (#470)
chore(cd): update armory-commons version to 3.13.2 (#471)
chore(cd): update armory-commons version to 3.13.3 (#475)
chore(cd): update armory-commons version to 3.13.5 (#478)

Armory Front50 - 2.28.0…2.30.0

fix(dependencies): match google api+auth versions to those set in oss (#432) (#433)
chore(cd): update armory-commons version to 3.11.4 (#424)
feat(iam): use aws-mysql-jdbc (#392) (#401)
chore(cd): update armory-commons version to 3.11.3 (#422)
fix(build): pass version to nebula and remove devSnapshot publishing (backport #419) (#421)
chore(cd): update armory-commons version to 3.11.2 (#420)
chore(cd): update base service version to front50:2022.04.27.05.12.35.release-1.28.x (#418)
chore(cd): update base service version to front50:2022.04.27.05.02.09.release-1.28.x (#414)
chore(cd): update base service version to front50:2022.04.26.16.45.10.release-1.28.x (#411)
chore(cd): update armory-commons version to 3.11.1 (#410)
chore(build): resolve conflicting armoryCommonsVersion to 3.10.6 (#403)
chore(cd): update armory-commons version to 3.10.6 (#382) (#402)
chore(cd): update base service version to front50:2022.04.09.02.35.50.release-1.28.x (#400)
chore(cd): update base service version to front50:2022.04.09.00.23.58.release-1.28.x (#399)
chore(cd): update base service version to front50:2022.04.01.15.36.24.master (#394)
fix(build): pass version to nebula and remove devSnapshot publishing (#419)
chore(build): updating armory-commons (#426)
feat(iam): use aws-mysql-jdbc (backport #392) (#405)
fix(dependencies): match google api+auth versions to those set in oss (#432)
chore(dockerfile): upgrade to latest alpine image (#434)
chore(cd): update base service version to front50:2023.04.07.01.28.32.release-1.30.x (#532)
chore(cd): update armory-commons version to 3.13.1 (#514)
chore(cd): update armory-commons version to 3.13.2 (#533)
chore(cd): update base service version to front50:2023.04.27.18.45.08.release-1.30.x (#541)
chore(cd): update armory-commons version to 3.13.3 (#538)
chore(cd): update base service version to front50:2023.05.22.19.11.48.release-1.30.x (#548)
chore(cd): update armory-commons version to 3.13.5 (#544)

Armory Gate - 2.28.0…2.30.0

chore(release): Change the URL to point to the local opt/gate repository (#450) (#451) (#452)
chore(release): Change the URL to point to the local opt/gate repository (#450) (#451)
chore(release): Bump armory header version (#448) (#449)
chore(cd): update armory-commons version to 3.11.4 (#444)
chore(cd): update armory-commons version to 3.11.3 (#443)
chore(build): upgrade armory settings (#441) (#442)
chore(cd): update armory-commons version to 3.11.2 (#440)
chore(cd): update base service version to gate:2022.04.27.05.20.04.release-1.28.x (#436)
chore(cd): update armory-commons version to 3.11.1 (#428)
fix(build): pass version to nebula and remove devSnapshots publishing (backport #438) (#439)
chore(cd): update base service version to gate:2022.04.01.15.36.20.master (#417)
chore(cd): update base service version to gate:2022.04.04.21.06.25.master (#422)
chore(cd): update base service version to gate:2022.04.20.15.19.23.master (#423)
chore(cd): update base service version to gate:2022.04.20.18.17.06.master (#424)
chore(cd): update base service version to gate:2022.04.21.15.56.14.master (#425)
chore(cd): update base service version to gate:2022.04.21.17.35.08.master (#426)
chore(cd): update base service version to gate:2022.04.27.05.02.05.master (#432)
fix(build): pass version to nebula and remove devSnapshots publishing (#438)
chore(cd): update base service version to gate:2022.04.27.05.07.06.master (#433)
chore(build): upgrade armory settings (#441)
chore(build): updating armory-commons (#445)
chore(cd): update base service version to gate:2022.05.27.15.15.52.master (#446)
chore(cd): update base service version to gate:2022.06.06.17.05.14.master (#447)
chore(release): Bump armory header version (#448)
chore(release): Change the URL to point to the local opt/gate repository (#450)
chore(cd): update base service version to gate:2022.06.14.18.37.46.master (#453)
chore(release): Backport header fix to 2.27.x release (#454)
Revert “chore(release): Backport header fix to 2.27.x release (#454)” (#456)
fix(perf): upgrade alpine version to resolve perf in GCP (#457)
chore(cd): update base service version to gate:2022.07.12.12.33.00.master (#461)
fix(header): update plugins.json with newest header version (#482)
revert(header): update plugins.json with newest header version (#484)
chore(cd): update armory-commons version to 3.13.1 (#537)
chore(cd): update armory-commons version to 3.13.2 (#554)
chore(cd): update base service version to gate:2023.04.07.01.27.28.release-1.30.x (#553)
fix(tests): Fix JUnit tests (#558)
chore(cd): update armory-commons version to 3.13.3 (#559)
chore(cd): update armory-commons version to 3.13.5 (#563)

Armory Igor - 2.28.0…2.30.0

chore(cd): update armory-commons version to 3.11.4 (#342)
chore(cd): update armory-commons version to 3.11.3 (#341)
chore(cd): update base service version to igor:2022.04.27.05.30.38.release-1.28.x (#336)
chore(build): pass version to nebula and remove devSnapshot publishing (backport #337) (#340)
chore(cd): update armory-commons version to 3.11.2 (#339)
chore(cd): update base service version to igor:2022.04.01.15.36.29.master (#319)
chore(cd): update base service version to igor:2022.04.28.14.35.18.master (#338)
chore(build): pass version to nebula and remove devSnapshot publishing (#337)
chore(build): updating armory-commons (#343)
chore(cd): update base service version to igor:2022.05.27.15.14.21.master (#344)
chore(cd): update base service version to igor:2022.05.27.20.14.47.master (#345)
chore(cd): update base service version to igor:2022.06.06.17.04.26.master (#346)
chore(cd): update base service version to igor:2022.06.14.18.37.51.master (#347)
chore(dockerfile): upgrade to latest alpine image (#348)
chore(cd): update base service version to igor:2022.07.20.18.17.25.master (#351)
chore(cd): update base service version to igor:2022.07.27.23.35.29.master (#352)
chore(cd): update base service version to igor:2022.08.01.21.10.11.master (#353)
chore(cd): update base service version to igor:2022.08.03.02.29.42.master (#354)
chore(cd): update base service version to igor:2022.08.13.22.29.05.master (#357)
chore(cd): update base service version to igor:2022.08.15.19.01.51.master (#358)
chore(cd): update base service version to igor:2022.08.18.16.17.36.master (#362)
chore(cd): update base service version to igor:2022.08.25.19.31.07.master (#364)
chore(cd): update base service version to igor:2022.08.26.15.15.54.master (#365)
chore(cd): update base service version to igor:2022.09.12.18.32.49.master (#366)
chore(cd): update base service version to igor:2022.09.13.20.18.06.master (#367)
chore(cd): update base service version to igor:2022.09.14.15.59.58.master (#368)
chore(cd): update armory-commons version to 3.13.1 (#431)
chore(cd): update base service version to igor:2023.04.07.01.27.38.release-1.30.x (#448)
chore(cd): update armory-commons version to 3.13.2 (#449)
chore(cd): update armory-commons version to 3.13.3 (#452)
chore(cd): update armory-commons version to 3.13.5 (#455)

Armory Kayenta - 2.28.0…2.30.0

chore(cd): update armory-commons version to 3.11.4 (#343)
chore(cd): update armory-commons version to 3.11.3 (#342)
chore(cd): update armory-commons version to 3.11.2 (#340)
chore(cd): update base service version to kayenta:2022.04.27.05.42.08.release-1.28.x (#338)
chore(build): pass version to nebula and remove devSnapshot publishing (backport #339) (#341)
chore(cd): update base service version to kayenta:2022.03.23.21.03.31.master (#323)
chore(cd): update base service version to kayenta:2022.04.27.05.33.46.master (#336)
chore(build): pass version to nebula and remove devSnapshot publishing (#339)
chore(build): updating armory-commons (#344)
chore(dockerfile): upgrade to latest alpine image (#345)
chore(cd): update base service version to kayenta:2022.07.20.18.15.49.master (#348)
chore(cd): update base service version to kayenta:2022.07.20.22.34.41.master (#350)
chore(cd): update base service version to kayenta:2022.08.03.02.54.58.master (#353)
chore(cd): update base service version to kayenta:2022.08.13.22.24.28.master (#354)
feat(scc): Support spring cloud config system like other services for? (#371)
fix(kayenta-integration-tests): update dynatrace tenant to qso00828 (#376)
chore(cd): update base service version to kayenta:2022.12.08.17.37.22.master (#375)
chore(cd): update base service version to kayenta:2023.01.17.20.42.16.master (#385)
chore(cd): update base service version to kayenta:2023.01.23.17.15.20.master (#386)
chore(cd): update base service version to kayenta:2023.01.24.16.10.35.master (#387)
chore(cd): update armory-commons version to 3.13.2 (#424)
chore(cd): update base service version to kayenta:2023.04.13.23.42.23.release-1.30.x (#427)
chore(cd): update armory-commons version to 3.13.3 (#428)
chore(refactoring): refactored setting default system properties (#429)
fix: Update path of main class. (#432)
fix(config): add missing exclude spring config (#435) (#436)
fix: Remove whitespace when defining spring properties (#437) (#438)
chore(cd): update armory-commons version to 3.13.5 (#439)

Armory Orca - 2.28.0…2.30.0

chore(cd): update armory-commons version to 3.11.4 (#488)
chore(cd): update armory-commons version to 3.11.3 (#486)
feat(iam): aws mysql jdbc (#449) (#464)
chore(build): upgrade armory settings (#484) (#485)
chore(cd): update armory-commons version to 3.11.2 (#483)
fix(build): pass version to nebula and remove devsnapshot publishing (backport #481) (#482)
chore(cd): update base orca version to 2022.04.27.05.53.34.release-1.28.x (#479)
chore(cd): update base orca version to 2022.04.27.05.36.33.release-1.28.x (#476)
chore(cd): update base orca version to 2022.04.26.17.14.12.release-1.28.x (#472)
chore(cd): update armory-commons version to 3.11.1 (#471)
chore(cd): update base orca version to 2022.04.09.02.41.36.release-1.28.x (#462)
chore(cd): update base orca version to 2022.04.01.22.15.58.master (#459)
chore(cd): update armory-commons version to 3.13.1 (#613)
chore(cd): update base orca version to 2023.04.07.01.52.33.release-1.30.x (#629)
chore(cd): update armory-commons version to 3.13.2 (#630)
chore(build): Backport missing build changes (#634)
chore(cd): update armory-commons version to 3.13.3 (#635)
chore(cd): update armory-commons version to 3.13.4 (#637)
chore(cd): update armory-commons version to 3.13.5 (#642)
chore(cd): update base orca version to 2023.05.18.14.27.05.release-1.30.x (#644)

Armory Rosco - 2.28.0…2.30.0

chore(cd): update armory-commons version to 3.11.0 (#402)
fix(mergify):fix conflicts (#419)
chore(cd): update armory-commons version to 3.11.4 (#418)
fix(build): pass version to nebula and use baseServiceVersion in all ? (#415) (#417)
chore(cd): update armory-commons version to 3.11.3 (#416)
chore(cd): update armory-commons version to 3.11.2 (#413)
chore(build): remove platform build (#297) (#412)
chore(cd): update base service version to rosco:2022.04.27.03.24.16.release-1.28.x (#410)
chore(cd): update base service version to rosco:2022.04.26.21.07.59.release-1.28.x (#407)
chore(cd): update armory-commons version to 3.11.1 (#403)
chore(cd): update base service version to rosco:2022.04.01.15.34.25.master (#395)
chore(cd): update base service version to rosco:2022.04.04.21.04.50.master (#397)
chore(cd): update base service version to rosco:2022.04.20.02.37.26.master (#398)
chore(cd): update base service version to rosco:2022.04.20.02.56.12.master (#399)
chore(cd): update base service version to rosco:2022.04.20.18.17.20.master (#400)
chore(cd): update base service version to rosco:2022.04.21.15.56.38.master (#401)
chore(cd): update base service version to rosco:2022.04.26.20.48.56.master (#405)
chore(cd): update base service version to rosco:2022.04.27.02.44.16.master (#408)
chore(build): remove platform build (#297)
chore(cd): update base service version to rosco:2022.05.04.22.07.45.master (#414)
fix(build): pass version to nebula and use baseServiceVersion in all ? (#415)
chore(build): updating armory-commons (#420)
chore(cd): update base service version to rosco:2022.05.04.22.07.45.master (#421)
chore(cd): update base service version to rosco:2022.05.27.15.12.22.master (#422)
chore(cd): update base service version to rosco:2022.06.06.17.03.08.master (#423)
chore(cd): update base service version to rosco:2022.06.09.22.08.52.master (#424)
chore(cd): update base service version to rosco:2022.06.10.15.00.46.master (#425)
chore(cd): update base service version to rosco:2022.06.14.18.37.43.master (#426)
chore(cd): update base service version to rosco:2022.06.18.02.01.01.master (#427)
chore(cd): update base service version to rosco:2022.07.09.02.24.56.master (#429)
chore(dockerfile): upgrade to latest alpine image (#428)
feat(packer): Upgraded packer to version 1.8.1 (#432)
chore(cd): update base service version to rosco:2022.07.18.22.45.28.master (#433)
feat(dockerfile): add Kustomize 4 to Dockerfiles (#434)
chore(cd): update armory-commons version to 3.13.1 (#508)
chore(cd): update base service version to rosco:2023.04.05.11.40.04.release-1.30.x (#523)
chore(cd): update armory-commons version to 3.13.3 (#528)
chore(cd): update armory-commons version to 3.13.5 (#532)

Terraformer™ - 2.28.0…2.30.0

feat(azure): Add azure cli (#450) (#470)
feat(tls): Support for TLS Redis (#456) (#468)
chore(build): update mergify config (#451) (#465)
chore(logs): Add terraform logs (#464) (#467)
fix(test): Changed clouddriver version (#463) (#466)
fix(artifacts): fix npe when using binary tf plugins (#455) (#461)
feat(terraform): Adds show option for terraform stage (#447)
chore(build): update mergify config (#451)
fix(artifacts): fix npe when using binary tf plugins (#455)
fix(test): Changed clouddriver version (#463)
chore(logs): Add terraform logs (#464)
chore(gha): run the tf versions action when tf_install script changes (#397)
feat(tls): Support for TLS Redis (#456)
feat(removed): Remove old versions of TF that should no longer be used (#462)
feat(azure): Add azure cli (#450)
fix(log): calling remote logging asynchronously (#471)
Adding TF versions 1.1.x 1.2.x and missing patch versions (#472)
Adding TF versions up to 1.3.4 (#477)
Updating TF versions from 0.12.x-1.3.5 (#481)
fix(versions): Sets version constraints for kubectl & aws-iam-authent? (#487)
Fixes builds with golint being dead until were on a newer golang (#491)
feat(gcloud): Bump to latest gcloud sdk & adds the GKE Auth plugin (#490)

Spinnaker

Spinnaker Clouddriver - 1.30.2

fix(appEngine): lazy init for App Engine beans for credentials (backport #5749) (#5750)
fix(gitrepo): Support to authenticate with user and token (#5733) (#5736)
fix(core): ignore roles for anonymous user to access account (backport #5726) (#5727)
fix(cf): scale app before building droplet (backport #5692) (#5710)
fix(cf): update service binding name regex (backport #5663) (#5709)
chore(titus): limit protobuf to 3.17.3 (#5706) (#5714)
chore(ci): Mergify - merge Autobumps on release-* (#5697) (#5701)
fix(ci): fetch previous tag from git instead of API (#5696) (#5699)
chore(ci): Upload halconfigs to GCS on Tag push (#5689) (#5694)
fix(kubernetes): Pin Debian Package version of kubectl as well (#5685) (#5687)
chore(dependencies): Autobump fiatVersion (#5684)
chore(dependencies): don’t create an autobump PR for halyard on a clo? (backport #5677) (#5683)
chore(it): add CR/CRD integration tests (#5672)
chore(dependencies): Autobump korkVersion (#5679)
feat(kubernetes): support propagation policy in delete manifest stage (#5678)
fix(sql): Fix running tasks listing (#5680)
fix(kubernetes): Pin Debian Package version of kubectl as well (#5685)
chore: bump google cloud sdk to v374.0.0 (#5644)
fix(dependency): Issue of missing javax.validation:validation-api dependency while upgrading the spring cloud to Hoxton.SR12 in kork (#5688)
chore(ci): Upload halconfigs to GCS on Tag push (#5689)
chore(dependencies): Autobump korkVersion (#5690)
chore(dependencies): Autobump korkVersion (#5691)
fix(ci): fetch previous tag from git instead of API (#5696)
chore(ci): Mergify - merge Autobumps on release-* (#5697)
refactor(clusters): Add typing and convert to java syntax. (#5320)
fix(docker): Support sortTagsByDate for SQL cache (#5098)
chore(titus): limit protobuf to 3.17.3 (#5706)
fix(cf): update service binding name regex (#5663)
fix(cf): set build sizing (#5692)
feat(search): provide a way to turn off cats search provider and kubernetes search provider (#5595)
fix(core): remove duplicate LoggingInstrumentation, MetricInstrumentation and CatsOnDemandCacheUpdater beans (#5705)
chore(ci): Only run CodeQL on Spinnaker repos (#5715)
feat(cfn): add property notificationARNs (#5708)
fix(core): set error message for AtomicOperationConverterNotFoundException (#5717)
feat(kubernetes): enable getManifest() to return Kubernetes system resources (#5720)
chore(dependencies): Autobump korkVersion (#5721)
fix(web): copy the MDC to threads that service async endpoints (#5716)
feat(provider/azure): Wait for server group healthy before continuing (#5723)
fix(core): ignore roles for anonymous user to access account (#5726)
chore(dependencies): Autobump korkVersion (#5728)
fix(provider/azure): Allow internal load balancers to show up (#5730)
fix(provider/azure): Scale sets can become healthy after time (#5729)
fix(provider/azure): Remove unused serverGroups tags (#5724)
fix(build): Remove temporary workaround from 2016 (#5725)
refactor(groovy): migrate things to Java (#5703)
fix(gitrepo): Support to authenticate with user and token (#5733)
chore(dependencies): Autobump korkVersion (#5735)
feat(core): User secrets and account upsert (#5719)
feat(artifacts/s3): make the AmazonS3 client used for retrieving s3 artifacts configurable (#5734)
feat(aws/image): add the aws.defaults.image-states configuration property (a comma-separated string (#5732)
chore(dependencies): use org.apache.commons:commons-compress:1.21 to fix CVE-2021-35516 and CVE-2021-35517 (#5731)
feat(artifacts/s3): add request handler for the s3 client used to retrieve artifacts to enable http connection pool metrics (#5738)
config(web): explicit qualifier bean for AsyncTaskExecutor in WebConfig (#5741)
fix(azure): increase health interval (#5740)
fix(caching): K8s cache affected when not enough permissions in service account (#5742)
fix(appEngine): lazy init for appengine beans for credentials (#5749)
feat(Aws-Lambda): Added Endpoints to delete Concurrencies (#5743)
fix(provider/google): Added scope to the credentials (#5718)
feat(gce): to support kork-credentials abstractions (#5747)
fix(logging): Fix log message format (#5755)
chore(dependencies): Autobump korkVersion (#5756)
chore(dependencies): Autobump fiatVersion (#5757)
fix(clouddriver-kubernetes): Changed property to name from getName (#5754)
chore(dockerfile): upgrade to latest alpine image (#5758)
feat(provider/google): GCE Autoscaler Support for Clouddriver. (#5748)
chore(dependencies): Autobump korkVersion (#5766)
Protobuf for m1 (#5765)
Arm64 support (#5767)
chore: bump gcloud version to 398.0.0 (#5761)
fix(ECS): support upper case on the tag of image (#5770)
feat(aws): Improving AWS EC2 instance types API integration and caching, feat(aws): Adding archi type to images API and caching (#5609)
chore(dependencies): Autobump fiatVersion (#5772)
fix(cats/redis): explicitly remove an agent from the activeAgents map when it is unscheduled (#5774)
perf(web/cluster): make getForAccountAndNameAndType() more efficient (#5775)
feat(kubernetes): Add a check to verify if application name obtained from a kubernetes manifest exists in Front50 (#5777)
feat(kubernetes): add support for retrieving run job logs from a specific pod (#5778)
chore(aws/integration): make it easier to diagnose failures in CreateServerGroupSpec (#5780)
chore(dependencies): Autobump korkVersion (#5781)
test(GoogleSecretManager): add a test to make sure the right versions of libraries are built (#5773)
chore(dependencies): Autobump fiatVersion (#5782)
chore(dependencies): Autobump fiatVersion (#5783)
fix(core): Remove payload data from logs (#5784)
feat(azure): Upgrade azure sdk to the latest one (#5791)
chore(dependencies): Autobump korkVersion (#5786)
chore(dependencies): Autobump korkVersion (#5794)
chore(kubernetes): stop specifying the version of io.kubernetes:client-java (#5797)
feat(azure): Add cache agents to cache custom VM managed images (#5792)
chore(build): give local builds as much memory as we do in CI (#5796)
fix(google): Fix for the missing CredentialsRepository issue (#5793)
chore(dependencies): Autobump korkVersion (#5800)
fix(cats-sql/test): prevent null pointer exception during cleanup (#5798)
feat(azure): Fetch Azure managed images from the managed images namespace cache (#5795)
chore(configserver): use version 0.14.2 of com.github.wnameless.json:json-flattener (#5804)
fix(appengine): Fixes app engine credentials repo (#5807)
fix(provider/azure): Fix CreateAzureServerGroupWithAzureLoadBalancerAtomicOperation and DestroyAzureServerGroupAtomicOperation after migrating to latest Azure SDK (#5803)
chore(deps): remove version specification from org.yaml:snakeyaml (#5812)
fix(kubernetes): teach KubernetesManifest to support kubernetes resources where the spec is not a map (#5814)
chore(test): ignore tests that require docker when it’s not available (#5815)
feat(kubernetes): Introduce blue/green traffic management strategy (#5811)
chore(dependencies): Autobump spinnakerGradleVersion (#5819)
chore(dependencies): Autobump korkVersion (#5821)
chore(dependencies): Autobump korkVersion (#5822)
fix(artifacts/bitbuket): added ACCEPT Header when using token auth (#5813)
chore(dependencies): Autobump korkVersion (#5825)
feat(provider/google): Added cloudrun provider functionality in clouddriver. (#5751)
chore(kubernetes): remove duplicate dependency declaration of org.mockito:mockito-core (#5829)
refactor(web): Clean up redundant spring property in gradle file (#5834)
feat(kubernetes): add endpoints to allow k8s tasks to be retried by orca (#5833)
chore(dependencies): Autobump korkVersion (#5836)
chore(dependencies): Autobump korkVersion (#5837)
chore(dependencies): Autobump korkVersion (#5838)
chore(dependencies): Autobump korkVersion (#5839)
chore(dependencies): remove dependency on groovy-all where straightforward (#5840)
feat(k8s): Add Deployment Kind support for Blue/Green deployments (#5830)
Revert “feat(k8s): Add Deployment Kind support for Blue/Green deployments (#5830)” (#5843)
chore(dependencies): Autobump korkVersion (#5842)
chore(dependencies): Autobump spinnakerGradleVersion (#5844)
test(integration): Prevent interference between tests (#5835)
chore(dependencies): pin version of com.github.tomakehurst:wiremock (#5845)
feat(kubernetes): add visibility to KubectlJobExecutor by adding logs and extending the task object to include stdout and stderr info (#5846)
feat(gke): Enables gcloud auth plugin for 1.26+ GKE clusters (#5847)
chore(dependencies): Autobump korkVersion (#5853)
chore(kubernetes/test): actually run the junit tests (#5855)
fix(kubectl): add metrics to retries, make log messages more descriptive and support retries for all kubectl actions (#5854)
chore(dependencies): Autobump korkVersion (#5861)
chore(dependencies): Autobump korkVersion (#5862)
chore(dependencies): Autobump korkVersion (#5863)
chore(cats): make relationship log info instead of warn (#5668)
chore(dependencies): Autobump korkVersion (#5867)
chore(dependencies): Autobump korkVersion (#5869)
chore(dependencies): Autobump korkVersion (#5870)
chore(dependencies): Autobump korkVersion (#5871)
feat(core): copy the MDC into work done by PooledRequests (#5868)
chore(dependencies): Autobump korkVersion (#5872)
chore(dependencies): use version 3.21.12 of com.google.protobuf (#5873)
fix(google): make AbstractAtomicOperationsCredentialsConverter generic type (#5866)
fix(google): added null check for autoscaler custom metric scaling policies (#5849)
fix(kubernetes): Revert to using the dockerImage Artifact Replacer for cronjobs (#5876)
chore(dependencies): remove dependency on groovy-all with required groovy package (#5879)
chore(dependencies): Autobump korkVersion (#5883)
chore(dependencies): Autobump korkVersion (#5884)
fix(ecr): Two credentials with same accountId confuses EcrImageProvider with different regions (#5885)
fix(manifest-replicas): ReplicaSet Source-Capacity (#5874)
fix(aws): don’t log empty warning BasicAmazonDeployDescriptionValidator.validate (#5889)
fix(gce): fixed the error caused by account removal (#5882)
fix(tests): Introduce junit vintage engine for junit4 test cases to kotlin-test.gradle, cleanup of useJUnitPlatform() from sub-modules and removing spek.gradle in clouddriver (#5901)
chore(dependencies): Autobump korkVersion (#5902)
chore(dependencies): Autobump korkVersion (#5905)
fix(cats-redis): release Semaphore to avoid leaking (#5903)
fix(core): Renamed a query parameter for template tags (#5906)
chore(aws): Update AWS IAM Authenticator version
fix(helm): propagate throwable on helm error (#5893)
chore(dependencies): Autobump fiatVersion (#5912)
chore(dependencies): Autobump korkVersion (#5938)
chore(dependencies): don’t create an autobump PR for halyard on a clouddriver release branch (#5677) (#5939)
fix(metrics): revert metric names to pre-Java (#5936) (#5942)
chore(dependencies): Autobump fiatVersion (#5943)
fix(aws): ECS Service Tagging broken (backport #5954) (#5958)

Spinnaker Deck - 1.30.2

fix(ci): fetch previous tag from git instead of API (backport #9847) (#9850)
fix(aws): Fix Create Server Group button (backport #9865) (#9866)
chore(ci): Mergify - merge Autobumps on release-* (backport #9848) (#9852)
fix(core): Synchronize the verticalNavExpandedAtom using an atom effect (backport #9859) (#9860)
fix(cf): extract service name from context for execution details (backport #9843) (#9857)
fix(ci): Setup NodeJS the same in every GHA (#9834)
chore(dependencies): bump angular from 1.6.10 to 1.8.0 (#9836)
chore(publish): publish packages (#9837)
chore(ci): Upload halconfigs to GCS on Tag push (#9838)
chore(deps): bump async from 2.6.3 to 2.6.4 (#9840)
chore(deps): bump async from 2.6.3 to 2.6.4 in /test/functional (#9839)
Updating email validation to allow for longer domains per issue-6636 (#9841)
chore(publish): publish packages (#9842)
fix(ci): fetch previous tag from git instead of API (#9847)
chore(ci): Mergify - merge Autobumps on release-* (#9848)
fix(core): apps always display as unconfigured (#9853)
chore(publish): publish packages (#9854)
chore(cve): bump @spinnaker deps and fix CVEs (#9855)
fix(cf): extract service name from context for execution details (#9843)
chore(publish): publish packages (#9856)
feat(core): Synchronize the verticalNavExpandedAtom using an atom effect (#9859)
Fix(Oracle): Fixes Spinnaker configuration issue with Oracle object storage (#9858)
chore: Set permissions for GitHub actions (#9844)
chore(publish): publish packages (#9861)
style(core): pipelines adapt to sub pipeline with manual judgment color (#9863)
fix(aws): Fix Create Server Group button (#9865)
chore(publish): publish packages (#9864)
feat(rosco): add Kustomize 4 support (#9868)
chore(publish): publish packages (#9869)
perf(pipelinegraph): Improve the performance of the pipeline graph rendering (#9871)
feat(provider/google): enhanced autoscaler functionality. (#9867)
chore(gha): synchronize peer dependencies during bump packages step (#9872)
feat(dependencies): Update vulnerable dependencies (#9875)
chore(gha): add quotes around variables to treat as strings instead of possible commands (#9876)
Output bump packages bug (#9879)
Publish packages to NPM (#9880)
chore(build): Build docker images for multiple architectures (#9882)
Improvements to AMI and instance type validations, custom instance type selector (#9793)
Publish packages to NPM (#9883)
fix(notifications): Added space in Google Chat notification. (#9884)
Fix(core/pipelines): Fix syntax error on ui-select causing stage configuration to not load (#9886)
fix(search): Error thrown when search version 2 is enabled (#9888)
chore(dependencies): Updating Formik in @spinnaker/presentation (#9887)
fix(core): Do not set static document base URL (#9890)
Publish packages to NPM (#9885)
fix(aws): fix instance type selector by allowing instance types that can’t be validated. (#9893)
fix(links): update link to spinnaker release changelog (#9897)
Publish packages to NPM (#9894)
fix(aws): Fixing AWS AZ auto rebalancing section by setting the default zones (#9902)
fix(aws): Fixing bugs related to clone CX when instance types are incompatible with image/region (#9901)
feat(kubernetes): Introduce blue/green traffic management strategy (#9911)
chore(dependencies): Autobump spinnakerGradleVersion (#9916)
feat(Azure): Update UI to handle custom and managed images. (#9910)
feat(pipeline): added feature flag for pipeline when mj stage child (#9914)
fix(aws): Guard against missing launchConfig.instanceMonitoring (#9917)
Aws rollback timeout v2 (#9923)
fix(dependencies): Pin correct cheerio version (#9924)
feat(core/bake): support include crds flag in Helm3 (#9903)
feat(Blue/Green): Add warning label and enhance disable/enable manifest stage with Deployment kind. (#9928)
chore(dependencies): Autobump spinnakerGradleVersion (#9932)
fix(azure): Register Azure Bake Execution Details Controller (#9933)
chore(deps): bump qs from 6.5.2 to 6.5.3 in /test/functional (#9929)
feat(core/pipeline): Add missing flag skipDownstreamOutput in pipeline stage (#9930)
fix(helm): update tooltip to not include Chart.yaml (#9934)
fix(core): Missing config elements after Angular 1.8 update (#9936)
fix(deck): Apache user should own the settings-local.js file, not spinnaker user, to display the custom profile features on DeckUI (#9935)
Publish packages to NPM (#9904)
fix(timeout): Added feature flag for rollback timeout ui input. (#9937)
Publish packages to NPM (#9938)
fix(ecs): skip checking for upstream stages for ECS deploy (#9945)
Publish packages to NPM (#9946)
fix(google): Resolved typo errors in GCE Autoscaler feature (#9947)
Publish packages to NPM (#9949)
fix(6755): Resolved issue regarding warning reporting when cloning a server group in AWS (#9948)
Revert “feat(Blue/Green): Add warning label and enhance disable/enable manifest stage with Deployment kind.” (#9951)
chore(dev): specifying React code for Deck PRs (#9953)
feat(provider/cloudrun): Added cloudrun functionality to deck (#9931)
chore(feature-flag): mj parent pipeline enabled by default (#9954)
Publish packages to NPM (#9955)

Spinnaker Echo - 1.30.2

fix(ci): fetch previous tag from git instead of API (#1181) (#1184)
chore(ci): Upload halconfigs to GCS on Tag push (#1174) (#1179)
chore(dependencies): Autobump fiatVersion (#1172)
chore(dependencies): Autobump korkVersion (#1168)
chore(dependencies): Autobump korkVersion (#1171)
fix(dependency): Issue of missing javax.validation and hibernate-validator dependencies while upgrading the spring cloud to Hoxton.SR12 in kork (#1173)
chore(ci): Upload halconfigs to GCS on Tag push (#1174)
chore(dependencies): Autobump korkVersion (#1175)
chore(dependencies): Autobump korkVersion (#1176)
fix(ci): fetch previous tag from git instead of API (#1181)
chore(ci): Mergify - merge Autobumps on release-* (#1182)
feat(webhooks/github): Add more metadata to PR events (#1177)
feat(gitlabci): Added GitlabCI build type (#1148)
chore(dependencies): Autobump korkVersion (#1188)
feat(webhooks/github): Support for GitHub branch events (#1187)
chore(dependencies): Autobump korkVersion (#1189)
chore(dependencies): Autobump korkVersion (#1190)
chore(dependencies): Autobump korkVersion (#1191)
chore(dependencies): Autobump fiatVersion (#1192)
chore(dockerfile): upgrade to latest alpine image (#1193)
chore(build): Build docker images for multiple architectures (#1196)
chore(dependencies): Autobump korkVersion (#1197)
chore(dependencies): Autobump fiatVersion (#1200)
chore(dependencies): Autobump korkVersion (#1202)
chore(dependencies): Autobump fiatVersion (#1203)
chore(dependencies): Autobump fiatVersion (#1204)
chore(dependencies): Autobump korkVersion (#1205)
chore(dependencies): Autobump korkVersion (#1206)
chore(dependencies): Autobump korkVersion (#1208)
fix(pipelineTriggers): handle invalid constraint regexes (#1209)
fix(notifications): Encode url in email notification (#1207)
feat(manualJudgment): Change formatting of manual judgment emails (#1201)
chore(dependencies): Autobump korkVersion (#1210)
chore(dependencies): Autobump spinnakerGradleVersion (#1215)
chore(dependencies): Autobump korkVersion (#1217)
chore(dependencies): Autobump korkVersion (#1218)
chore(dependencies): Autobump korkVersion (#1220)
feat(webhooks): Handle Bitbucket Server PR events (#1219)
refactor(web): Clean up redundant spring property in gradle file (#1228)
chore(dependencies): Autobump korkVersion (#1229)
chore(dependencies): Autobump korkVersion (#1230)
chore(dependencies): Autobump korkVersion (#1231)
chore(dependencies): Autobump korkVersion (#1232)
chore(dependencies): remove dependency on groovy-all (#1234)
feat(event): Add circuit breaker for events sending. (#1233)
feat(pubsub): add support for links in pubsub triggers (#1235)
chore(dependencies): Autobump korkVersion (#1240)
chore(dependencies): Autobump spinnakerGradleVersion (#1242)
chore(dependencies): Autobump korkVersion (#1243)
fix: The circuit breaker feature for sending events to telemetry endpoint is hidden under a required feature flag property (#1241)
chore(dependencies): Autobump korkVersion (#1247)
chore(dependencies): Autobump korkVersion (#1248)
chore(dependencies): Autobump korkVersion (#1249)
fix(bitbucket): Add project key as identifier (#1250)
chore(dependencies): Autobump korkVersion (#1251)
chore(dependencies): Autobump korkVersion (#1252)
chore(dependencies): Autobump korkVersion (#1253)
chore(dependencies): Autobump korkVersion (#1254)
chore(dependencies): Autobump korkVersion (#1255)
fix(webhook/github): Add null check when getting the pull request action (#1256)
chore(dependencies): Autobump korkVersion (#1257)
chore(dependencies): Autobump korkVersion (#1258)
chore(dependencies): Autobump korkVersion (#1265)
fix(tests): Introduce junit5 vintage engine for running junit4 test cases over junit5 and cleanup of useJUnitPlatform() from sub-modules in echo (#1266)
chore(dependencies): Autobump korkVersion (#1267)
chore(dependencies): Autobump fiatVersion (#1268)
chore(dependencies): Autobump korkVersion (#1288)
chore(dependencies): Autobump fiatVersion (#1289)

Spinnaker Fiat - 1.30.2

chore(ci): Upload halconfigs to GCS on Tag push (#940) (#944)
chore(dependencies): don’t create an autobump PR for halyard on a fia? (#938)
feat(build): bump dependencies for the given branch (#934)
chore(dependencies): Autobump korkVersion (#937)
fix(dependency): Issue of missing javax.validation:validation-api dependency while upgrading the spring cloud to Hoxton.SR12 in kork (#939)
chore(ci): Upload halconfigs to GCS on Tag push (#940)
chore(dependencies): Autobump korkVersion (#941)
chore(dependencies): Autobump korkVersion (#942)
fix(ci): fetch previous tag from git instead of API (#948)
chore(ci): Mergify - merge Autobumps on release-* (#949)
fix(google): skip groups for service accounts (#953)
fix(ci): Only bumpdep Halyard for master branch (#947)
chore(dependencies): Autobump korkVersion (#957)
chore(dependencies): Autobump korkVersion (#958)
chore(dependencies): Autobump korkVersion (#959)
fix(roles): Ensure account manager role is cached (#960)
perf(fiat-roles): Cache long-running roles’ synchronization process (#962)
fix(permissions): ensure lower case for resource name in fiat_permission and fiat_resource tables (#963)
chore(dependencies): Autobump korkVersion (#965)
feat(api): Add support for more Spring Security APIs (#966)
fix: add migration to ensure consistency between resource_name in fiat_resource and fiat_permission tables (#964)
chore(dockerfile): upgrade to latest alpine image (#967)
chore(build): Build docker images for multiple architectures (#970)
chore(dependencies): Autobump korkVersion (#971)
perf(serviceAccounts): allows syncing service accounts without resolving user roles (#961)
feat(roles): add capability to control querying clouddriver for applications during roles sync (#972)
chore(dependencies): Autobump korkVersion (#973)
fix(gha): fix syntax error in code that determines what repos to bump (#974)
fix(gha): Event branch doesn’t match (#975)
chore(dependencies): Autobump korkVersion (#976)
chore(dependencies): Autobump korkVersion (#981)
chore(dependencies): Autobump korkVersion (#982)
chore(dependencies): Autobump korkVersion (#985)
chore(dependencies): Autobump spinnakerGradleVersion (#989)
chore(dependencies): Autobump korkVersion (#992)
chore(dependencies): Autobump korkVersion (#993)
chore(dependencies): Autobump korkVersion (#996)
refactor(web): Clean up redundant spring property in gradle file (#998)
chore(dependencies): Autobump korkVersion (#999)
chore(dependencies): Autobump korkVersion (#1000)
chore(dependencies): Autobump korkVersion (#1001)
chore(dependencies): Autobump korkVersion (#1002)
chore(dependencies): Autobump korkVersion (#1004)
chore(dependencies): Autobump spinnakerGradleVersion (#1005)
chore(dependencies): Autobump korkVersion (#1006)
refactor(sql): Optimize read queries for getUserPermission (#1003)
chore(web): clean up for spring property setup (#1008)
chore(dependencies): Autobump korkVersion (#1009)
chore(dependencies): Autobump korkVersion (#1010)
chore(dependencies): Autobump korkVersion (#1011)
fix: Should fix the deletion of permissions when resource name is uppercase (#1012)
fix(fiat-roles): Fiat fails to start if write mode is disabled (#1007)
chore(dependencies): Autobump korkVersion (#1016)
chore(dependencies): Autobump korkVersion (#1017)
chore(dependencies): Autobump korkVersion (#1018)
chore(dependencies): Autobump korkVersion (#1019)
chore(dependencies): Autobump korkVersion (#1020)
chore(dependencies): remove residual dependency on groovy-all in fiat (#1021)
chore(dependencies): Autobump korkVersion (#1022)
chore(dependencies): Autobump korkVersion (#1023)
fix(tests): Introduce junit5 vintage engine for running junit4 test cases over junit5 in fiat (#1025)
chore(dependencies): Autobump korkVersion (#1028)
fix(logs): Redacted secret data in logs. (#1029)
chore(dependencies): Autobump korkVersion (#1033)
chore(dependencies): Autobump korkVersion (#1050)

Spinnaker Front50 - 1.30.2

fix(ci): fetch previous tag from git instead of API (#1127) (#1130)
chore(ci): Upload halconfigs to GCS on Tag push (#1120) (#1125)
chore(dependencies): Autobump fiatVersion (#1118)
chore(dependencies): don’t create an autobump PR for halyard on a fro? (backport #1115) (#1117)
chore(dependencies): Autobump korkVersion (#1112)
chore(dependencies): Autobump korkVersion (#1116)
fix(dependency): Issue of missing javax.validation, hibernate-validator dependencies and version conflict of com.google.cloud:google-cloud-storage while upgrading the spring cloud to Hoxton.SR12 in kork. (#1119)
chore(ci): Upload halconfigs to GCS on Tag push (#1120)
chore(dependencies): Autobump korkVersion (#1121)
chore(dependencies): Autobump korkVersion (#1122)
fix(ci): fetch previous tag from git instead of API (#1127)
chore(ci): Mergify - merge Autobumps on release-* (#1128)
fix(pipeline): include updated timestamp (#1133)
chore(dependencies): Autobump korkVersion (#1134)
chore(dependencies): Autobump korkVersion (#1136)
fix(build): Remove extra repository (#1135)
chore(dependencies): Autobump korkVersion (#1137)
chore(dependencies): Autobump korkVersion (#1141)
chore(dependencies): Autobump fiatVersion (#1145)
fix: Revision history is not showing the timestamp of the revision (#1142)
chore(build): Build docker images for multiple architectures (#1148)
chore(dependencies): Autobump korkVersion (#1150)
chore(dockerfile): upgrade to latest alpine image (#1151)
chore(dependencies): Autobump fiatVersion (#1157)
chore(dependencies): Autobump korkVersion (#1160)
fix(updateTs): missing updateTs field in the get pipeline history’s response. (#1159)
chore(dependencies): Autobump fiatVersion (#1163)
chore(dependencies): Autobump fiatVersion (#1164)
chore(dependencies): Autobump korkVersion (#1166)
chore(dependencies): Autobump korkVersion (#1167)
chore(dependencies): Autobump korkVersion (#1168)
perf(serviceAccounts): Add attribute that allows creating service accounts without running full role syncs (#1139)
chore(dependencies): Autobump korkVersion (#1169)
fix(pipelines): prevent from creating duplicated pipelines (#1172)
feat(pipeline/kubernetes): Introduce validator for kubernetes blue/green traffic management strategy (#1176)
chore(dependencies): Autobump spinnakerGradleVersion (#1177)
chore(dependencies): Autobump korkVersion (#1179)
chore(dependencies): Autobump korkVersion (#1180)
chore(dependencies): Autobump korkVersion (#1181)
refactor(web): Clean up redundant spring property in gradle file (#1188)
chore(dependencies): Autobump korkVersion (#1189)
chore(dependencies): Autobump korkVersion (#1190)
chore(dependencies): Autobump korkVersion (#1191)
chore(dependencies): Autobump korkVersion (#1192)
chore(dependencies): remove dependency on groovy-all where straightforward (#1193)
chore(dependencies): Autobump korkVersion (#1194)
chore(dependencies): Autobump spinnakerGradleVersion (#1195)
chore(dependencies): Autobump korkVersion (#1198)
feat(pipeline/kubernetes): Migrate existing K8s deploy manifest traffic management from redblack to bluegreen (#1197)
chore(web): clean up for spring property setup (#1199)
chore(dependencies): Autobump korkVersion (#1200)
chore(dependencies): Autobump korkVersion (#1201)
chore(dependencies): Autobump korkVersion (#1202)
chore(dependencies): Autobump korkVersion (#1203)
chore(dependencies): Autobump korkVersion (#1204)
chore(dependencies): Autobump korkVersion (#1205)
chore(dependencies): Autobump korkVersion (#1206)
chore(dependencies): Autobump korkVersion (#1207)
chore(dependencies): remove residual dependency on groovy-all (#1208)
chore(dependencies): Autobump korkVersion (#1209)
chore(dependencies): Autobump korkVersion (#1210)
feat(migration): ability to disable deleting orphaned objects (#1211)
chore(tests): Cleanup of useJUnitPlatform() from sub-modules and introducing junit-vintage-engine in front50 (#1218)
chore(dependencies): Autobump korkVersion (#1219)
chore(dependencies): Autobump korkVersion (#1221)
fix(sql): Populating lastModified field for pipelines when loading objects. (#1220)
chore(dependencies): Autobump fiatVersion (#1225)
chore(dependencies): Autobump korkVersion (#1246)
chore(dependencies): don’t create an autobump PR for halyard on a front50 release branch (#1115) (#1247)
chore(dependencies): Autobump fiatVersion (#1248)
fix(validator): Fix NPE when traffic management is not defined in a deployment manifest (#1253) (#1254)
fix(migrations): do not migrate redblack pipelines without stages (#1259) (#1260)

Spinnaker Gate - 1.30.2

fix(ci): fetch previous tag from git instead of API (#1551) (#1554)
chore(ci): Upload halconfigs to GCS on Tag push (#1544) (#1549)
chore(dependencies): Autobump fiatVersion (#1543)
chore(dependencies): Autobump korkVersion (#1539)
chore(dependencies): Autobump korkVersion (#1542)
chore(ci): Upload halconfigs to GCS on Tag push (#1544)
chore(dependencies): Autobump korkVersion (#1545)
chore(dependencies): Autobump korkVersion (#1547)
feat(tasks): Allow max polling of task status to be set (#1546)
fix(ci): fetch previous tag from git instead of API (#1551)
chore(ci): Mergify - merge Autobumps on release-* (#1552)
chore(dependencies): Autobump korkVersion (#1557)
chore(dependencies): Autobump korkVersion (#1558)
chore(dependencies): Autobump korkVersion (#1559)
fix(restart-pipeline) : CheckPrecondition doesn’t evaluate expression correctly when upstream stages get restarted (#1560)
chore(build): Gradle 7 compatibility (#1561)
chore(dependencies): Autobump korkVersion (#1562)
chore(dependencies): Autobump fiatVersion (#1563)
chore(dockerfile): upgrade to latest alpine image (#1564)
chore(build): Build docker images for multiple architectures (#1567)
chore(dependencies): Autobump korkVersion (#1568)
chore(dependencies): Autobump fiatVersion (#1571)
chore(dependencies): Autobump korkVersion (#1572)
chore(dependencies): Autobump fiatVersion (#1573)
chore(dependencies): Autobump fiatVersion (#1574)
chore(dependencies): Autobump korkVersion (#1575)
chore(dependencies): Autobump korkVersion (#1577)
chore(dependencies): Autobump korkVersion (#1578)
chore(dependencies): Autobump korkVersion (#1580)
chore(dependencies): Autobump spinnakerGradleVersion (#1585)
chore(dependencies): Autobump korkVersion (#1587)
chore(dependencies): Autobump korkVersion (#1588)
chore(dependencies): Autobump korkVersion (#1590)
refactor(web): Clean up redundant spring property in gradle file (#1597)
chore(dependencies): Autobump korkVersion (#1598)
chore(dependencies): Autobump korkVersion (#1599)
chore(dependencies): Autobump korkVersion (#1600)
chore(dependencies): Autobump korkVersion (#1601)
chore(dependencies): remove dependency on groovy-all (#1602)
chore(dependencies): Autobump korkVersion (#1603)
chore(dependencies): Autobump spinnakerGradleVersion (#1604)
chore(dependencies): Autobump korkVersion (#1605)
chore(web): clean up for spring property setup (#1606)
chore(dependencies): Autobump korkVersion (#1607)
chore(dependencies): Autobump korkVersion (#1608)
chore(dependencies): Autobump korkVersion (#1609)
feat(web): Add X-SPINNAKER-* optional data to HTTP response header (#1610)
fix(web): Fixes ArtifactController and ArtifactService to close the InputStream object used in the fetch api and add unit test for controller (#1611)
refactor(web): Remove unnecessary code from ResponseHeaderInterceptorTest (#1613)
feat(web): Enable extracting Spinnaker related headers from request into authenticated request MDC, by setting the extractSpinnakerHeaders flag to true when creating the AuthenticatedRequestFilter in GateConfig. This allows the propagation of request headers with X-SPINNAKER prefix downstream through the AuthenticatedRequest MDC for consumption e.g. response interceptor (#1612)
chore(dependencies): Autobump korkVersion (#1614)
chore(dependencies): Autobump korkVersion (#1615)
chore(dependencies): Autobump korkVersion (#1616)
chore(dependencies): Autobump korkVersion (#1617)
chore(dependencies): Autobump korkVersion (#1618)
chore(dependencies): Autobump korkVersion (#1619)
chore(dependencies): Autobump korkVersion (#1620)
fix(tests): Introduce junit5 vintage engine for running junit4 test cases over junit5 in gate (#1623)
chore(dependencies): Autobump korkVersion (#1628)
chore(dependencies): Autobump korkVersion (#1629)
chore(dependencies): Autobump fiatVersion (#1630)
chore(dependencies): Autobump korkVersion (#1649)
chore(dependencies): Autobump fiatVersion (#1650)

Spinnaker Igor - 1.30.2

fix(ci): fetch previous tag from git instead of API (#1017) (#1020)
chore(ci): Upload halconfigs to GCS on Tag push (#1011) (#1015)
chore(dependencies): Autobump fiatVersion (#1009)
chore(dependencies): Autobump korkVersion (#1005)
chore(dependencies): Autobump korkVersion (#1008)
fix(dependency): Issue of missing javax.validation:validation-api dependency while upgrading the spring cloud to Hoxton.SR12 in kork (#1010)
chore(ci): Upload halconfigs to GCS on Tag push (#1011)
chore(dependencies): Autobump korkVersion (#1012)
chore(dependencies): Autobump korkVersion (#1013)
fix(ci): fetch previous tag from git instead of API (#1017)
chore(ci): Mergify - merge Autobumps on release-* (#1018)
Implemented Gitlab CI polling and build property support (#986)
chore(dependencies): Autobump korkVersion (#1024)
chore(web): remove deprecated endpoints.health.sensitive configuration property (#1023)
chore(dependencies): Autobump korkVersion (#1025)
chore(dependencies): Autobump korkVersion (#1026)
chore(build): Gradle 7 compatibility (#1027)
chore(dependencies): Autobump korkVersion (#1028)
chore(dependencies): Autobump fiatVersion (#1029)
chore(dockerfile): upgrade to latest alpine image (#1030)
chore(build): Build docker images for multiple architectures (#1033)
chore(dependencies): Autobump korkVersion (#1034)
fix(artifacts): ArtifactExtractor is unable to deserialize jsr310 dates (#1035)
chore(dependencies): Autobump fiatVersion (#1039)
feat(jenkins): Stop Jenkins job when job name as slashes in the job name (#1038)
chore(dependencies): Autobump korkVersion (#1040)
chore(dependencies): Autobump fiatVersion (#1041)
chore(dependencies): Autobump fiatVersion (#1042)
chore(dependencies): Autobump korkVersion (#1043)
chore(dependencies): Autobump korkVersion (#1044)
chore(dependencies): Autobump korkVersion (#1045)
chore(dependencies): Autobump korkVersion (#1046)
fix(monitor): rename parameter to let spring know what bean inject (#1053)
chore(dependencies): Autobump spinnakerGradleVersion (#1055)
chore(dependencies): Autobump korkVersion (#1057)
chore(dependencies): Autobump korkVersion (#1058)
chore(dependencies): Autobump korkVersion (#1059)
refactor(web): Clean up redundant spring property in gradle file (#1065)
chore(dependencies): Autobump korkVersion (#1066)
chore(dependencies): Autobump korkVersion (#1067)
chore(dependencies): Autobump korkVersion (#1068)
chore(dependencies): Autobump korkVersion (#1069)
chore(dependencies): remove dependency on groovy-all where straightforward (#1070)
chore(dependencies): Autobump korkVersion (#1071)
chore(dependencies): Autobump spinnakerGradleVersion (#1072)
fix(gitlabci): Fixed JSON parsing exceptions for unknown GitlabCI pipeline statuses (#1073)
chore(dependencies): Autobump korkVersion (#1074)
feat(travis): Add redis TTL for queue keys (#1076)
fix(travis): Enable legacy log fetching (#1075)
chore(dependencies): Autobump korkVersion (#1078)
chore(dependencies): Autobump korkVersion (#1079)
fix(travis): Redis TTL is given in seconds, not minutes (#1077)
chore(dependencies): Autobump korkVersion (#1080)
chore(dependencies): Autobump korkVersion (#1081)
chore(dependencies): Autobump korkVersion (#1082)
chore(dependencies): Autobump korkVersion (#1083)
chore(dependencies): Autobump korkVersion (#1084)
chore(dependencies): Autobump korkVersion (#1085)
chore(dependencies): remove dependency on groovy-all with required groovy package (#1086)
chore(dependencies): Autobump korkVersion (#1087)
chore(dependencies): Autobump korkVersion (#1088)
fix(travis): Don’t panic if log fetching fails (#1089)
chore(dependencies): Autobump korkVersion (#1097)
chore(dependencies): Autobump korkVersion (#1098)
chore(dependencies): Autobump fiatVersion (#1099)
chore(dependencies): Autobump korkVersion (#1120)
chore(dependencies): Autobump fiatVersion (#1121)

Spinnaker Kayenta - 1.30.2

fix(ci): fetch previous tag from git instead of API (#888) (#891)
chore(ci): Upload halconfigs to GCS on Tag push (#884) (#886)
chore(dependencies): Autobump orcaVersion (#883)
chore(dependencies): Autobump spinnakerGradleVersion (#880)
chore(ci): Upload halconfigs to GCS on Tag push (#884)
fix(ci): fetch previous tag from git instead of API (#888)
chore(ci): Mergify - merge Autobumps on release-* (#889)
chore(build): Gradle 7 compatibility (#895)
chore(dependencies): add explicit dependency on javax.validation:validation-api (#897)
chore(dependencies): Autobump orcaVersion (#896)
chore(dockerfile): upgrade to latest alpine image (#900)
chore(build): Build docker images for multiple architectures (#903)
chore(dependencies): Autobump orcaVersion (#906)
fix(integration-tests): change testCompileOnly dependencies to testImplementation (#907)
fix(dependency): To enable controlled conflict resolution of direct and transitive dependencies version using kork-bom for upgrading the spring-boot 2.3.x. (#908)
fix(test): Issue with kayenta-integration-tests while upgrading spring-boot to 2.3.12 (#909)
chore(dependencies): Autobump orcaVersion (#910)
feat(influxdb): enhancements and bug fixes (#899)
fix(security): Bump commons-text for CVE-2022-42889 (#911)
chore(dependencies): Bump orcaVersion (#916)
chore(dependencies): Autobump spinnakerGradleVersion (#917)
refactor(web): Clean up redundant spring property in gradle file (#925)
chore(dependencies): Autobump spinnakerGradleVersion (#927)
chore(web): clean up for spring property setup (#928)
chore(dependency): unpinning the version of io.rest-assured (#929)
chore(cleanup): Doing refactoring of Kayenta to cleanup codebase (#926)
chore(dependencies): remove dependency on groovy-all in kayenta (#930)
chore(dependencies): Autobump orcaVersion (#931)
chore(dependencies): Autobump orcaVersion (#932)
feat: SPLAT-569: Add SQL data source for account credentials and account configurations persistence. (#938)
chore(dependencies): Autobump orcaVersion (#941)
chore(dependencies): Autobump orcaVersion (#956)
fix(signalfx): Fixed metric type missing due to duplicated field from parent class (#957) (#958)

Spinnaker Orca - 1.30.2

fix(ci): fetch previous tag from git instead of API (#4263) (#4266)
chore(ci): Upload halconfigs to GCS on Tag push (#4256) (#4261)
chore(dependencies): Autobump fiatVersion (#4253)
feat(build): bump dependencies for the given branch (#4247)
chore(dependencies): Autobump korkVersion (#4252)
Fix for size (#4242)
fix(dependency): Issue of missing javax.validation and hibernate-validator dependencies while upgrading the spring cloud to Hoxton.SR12 in kork (#4254)
chore(ci): Upload halconfigs to GCS on Tag push (#4256)
chore(dependencies): Autobump korkVersion (#4257)
chore(dependencies): Autobump korkVersion (#4258)
feat(stageExecution): supporting extra custom tags for stage execution metrics (#4255)
fix(ci): fetch previous tag from git instead of API (#4263)
chore(ci): Mergify - merge Autobumps on release-* (#4264)
fix(cfn): Fix detection of empty CloudFormation changesets (#4270)
chore(dependencies): Autobump korkVersion (#4272)
fix(tasks): Fix MonitorPipelineTask regression (#4271)
chore(dependencies): Autobump korkVersion (#4273)
chore(dependencies): Autobump korkVersion (#4275)
feat(orca): add Kustomize 4 support (#4280)
fix(restart-pipeline) : CheckPrecondition doesn’t evaluate expression correctly when upstream stages get restarted (#4278)
chore(tests): redact some data in test (#4281)
feat(webhook): Allow webhook retries for selected status codes (#4276)
chore(dependencies): Autobump korkVersion (#4282)
chore(dependencies): Autobump fiatVersion (#4283)
chore(dockerfile): upgrade to latest alpine image (#4284)
refactor(groovy): migrating Clouddriver services to Java (#4269)
chore(build): Build docker images for multiple architectures (#4288)
fix(clouddriver): fix property binding for Clouddriver (#4290)
chore(dependencies): Autobump korkVersion (#4291)
fix(preconfiguredJobs): Resource requests on custom stage | Error: got “map”, expected “string” (#4295)
feat(igor): Stop Jenkins job when job name has slashes in the job name (#4294)
chore(dependencies): Autobump fiatVersion (#4296)
fix(sql): Wrong indentation for rollback in database changelog (#4297)
fix(stageExecution): In MJ stages find the correct authenticated user? (#4289)
feat(orchestration): provide a way to allow only certain configured ad-hoc operations to be performed (#4195)
chore(dependencies): Autobump korkVersion (#4298)
chore(dependencies): Autobump fiatVersion (#4299)
chore(dependencies): Autobump fiatVersion (#4300)
chore(dependencies): Autobump korkVersion (#4302)
chore(dependencies): Autobump korkVersion (#4304)
chore(dependencies): Autobump korkVersion (#4308)
fix(stageExecution): In evaluable variable stage restart scenario variables are not cleaned properly (#16) (#4307)
feat(cloudrun): Adding cloudrun provider in orca. (#4279)
chore(kubernetes): stop specifying the version of io.kubernetes:client-java (#4310)
feat(cloudrun): Adding cloudrun provider in orca. (#4311)
chore(dependencies): Autobump korkVersion (#4313)
fix(config): restore prior visibility of methods on CloudDriverConfigurationProperties class (#4317)
fix(artifacts): Expected Artifacts should be trigger specific (#4322)
feat(bakery): add includeCRDs in Helm Bake request (#4324)
fix(config): add back public visibility for ClouddriverRetrofitBuilder class (#4331)
feat(kubernetes events in orca): Exposes kubernetes events in orca for enhanced logging (#4301)
fix(orca): display task exception messages (#4259)
feat(bakery): Clean up cached data created by Rosco. (#4323)
feat(kubernetes): Introduce blue/green traffic management strategy (#4332)
chore(dependencies): Autobump spinnakerGradleVersion (#4337)
fix(tasks): Fix MonitorKayentaCanaryTask on results data map (#4312)
chore(dependencies): Autobump korkVersion (#4342)
chore(dependencies): Autobump korkVersion (#4343)
feat(Azure): Update createBakeTask for managed and custom images. (#4336)
chore(dependencies): Autobump korkVersion (#4352)
feat(AWS): Get the rollback timeout value from stage data. (#4353)
feat(k8s): Add support of Deployment kind for Blue/Green deployments. (#4355)
refactor(web): Clean up redundant spring property in gradle file (#4359)
chore(dependencies): Autobump korkVersion (#4360)
chore(dependencies): Autobump korkVersion (#4361)
chore(dependencies): Autobump korkVersion (#4362)
chore(dependencies): Autobump korkVersion (#4363)
chore(dependencies): remove dependency on groovy-all where straightforward (#4364)
chore(dependencies): Autobump korkVersion (#4365)
feat(bakery): add tasks.monitor-bake.timeout-millis configuration property for MonitorBakeTask timeout (#4367)
chore(front50): Make Monitor Pipeline Task timeout overridable (#4347)
Fix orca bakery (#4370)
chore(dependencies): Autobump spinnakerGradleVersion (#4371)
fix(stageExecution): Extend MJ auth propagate logic for exhaustive cases (#4368)
feat(tasks): Capture task output data from clouddriver (#4374)
fix(dependency): Issue with keiko-redis-spring module while upgrading the spring boot 2.5.x (#4375)
chore(dependencies): Autobump korkVersion (#4376)
chore(web): clean up for spring property setup (#4377)
chore(dependencies): Autobump korkVersion (#4378)
chore(dependencies): Autobump korkVersion (#4380)
chore(dependencies): Autobump korkVersion (#4381)
feat(config): allow configuration of writeable clouddriver endpoints by account and/or cloudProvider (#4287)
fix(timeout): Added feature flag for rollback timeout ui input. (#4383)
chore(dependencies): Autobump korkVersion (#4390)
chore(dependencies): Autobump korkVersion (#4391)
chore(dependencies): Autobump korkVersion (#4392)
chore(dependencies): Autobump korkVersion (#4393)
chore(dependencies): Autobump korkVersion (#4394)
chore(dependencies): Autobump korkVersion (#4398)
chore(dependencies): Autobump korkVersion (#4399)
fix(waiting-executions) : Waiting executions doesn’t follow FIFO (#4356)
fix(artifacts): Be more lenient when filtering expected artifacts (#4397)
fix(artifacts): Stop copying expectedArtifactIds to child pipelines (#4404)
Revert “feat(k8s): Add support of Deployment kind for Blue/Green deployments.” (#4407)
chore(dependencies): Autobump korkVersion (#4411)
feat(igor): Default the feature flag which sends the job name as query parameter to on (#4412)
chore(dependencies): Autobump korkVersion (#4413)
Fix/blue green deploy (#4414)
chore(dependencies): Autobump fiatVersion (#4417)
chore(dependencies): Autobump korkVersion (#4444)
chore(dependencies): Autobump korkVersion (#4444) (#4446)
fix(deployment): fixed missing namespace while fetching manifest details from clouddriver (#4453) (#4457)

Spinnaker Rosco - 1.30.2

chore(ci): Mergify - merge Autobumps on release-* (#878) (#882)
fix(halyard): Use Halyard’s spinnaker.yml defined Redis (#874) (#876)
chore(dependencies): Autobump korkVersion (#866)
chore(dependencies): Autobump korkVersion (#868)
chore(ci): Upload halconfigs to GCS on Tag push (#869)
chore(ci): Halyard expects tar.gz but doesn’t gunzip (#870)
chore(dependencies): Autobump korkVersion (#871)
chore(dependencies): Autobump korkVersion (#872)
fix(halyard): Use Halyard’s spinnaker.yml defined Redis (#874)
fix(ci): fetch previous tag from git instead of API (#877)
chore(ci): Mergify - merge Autobumps on release-* (#878)
fix(bake): propagate X-SPINNAKER-* headers to clouddriver (#883)
chore(dependencies): Autobump korkVersion (#884)
chore(dependencies): Autobump korkVersion (#885)
Arm64 support (#886)
chore(builds): fix github actions builds (#887)
chore(dependencies): Autobump korkVersion (#889)
chore(dependencies): use org.apache.commons:commons-compress:1.21 to fix multiple vulnerabilities (#888)
feat(rosco): add Kustomize 4 support (#891)
feature(rosco): Update packer to 1.8.1 (#890)
chore(build): Gradle 7 compatibility (#892)
chore(dependencies): Autobump korkVersion (#893)
chore(dockerfile): upgrade to latest alpine image (#894)
chore(security): upgrade codeql to v2 (#897)
chore(dependencies): Autobump korkVersion (#898)
fix(install): Fixed bugs in postInstall script that causes installation to fail on Ubuntu 20.04 and 22.04 LTS (#899)
chore(dependencies): Autobump korkVersion (#903)
chore(dependencies): Autobump korkVersion (#904)
chore(dependencies): Autobump korkVersion (#905)
chore(dependencies): Autobump korkVersion (#906)
chore(dependencies): Autobump korkVersion (#907)
chore(gha): replace deprecated set-output and save-state commands (#909)
feat(azure): baking from another existing image (#910)
feat(azure): Improve uniqueness of Azure Bake Key (#911)
feat(helm): support for including crds in Helm3 (#913)
fix(azure): removing empty params for image name (#914)
chore(deps): remove version specification from org.yaml:snakeyaml (#915)
feat(bakery): Clean up cached data created by Rosco. (#912)
chore(dependencies): Autobump spinnakerGradleVersion (#917)
chore(dependencies): Autobump korkVersion (#918)
chore(dependencies): Autobump korkVersion (#919)
fix(Azure): Update centos default image version. (#916)
chore(dependencies): Autobump korkVersion (#923)
refactor(web): Clean up redundant spring property in gradle file (#928)
Merge pull request from GHSA-wqq8-664f-54hh
chore(dependencies): Autobump korkVersion (#930)
chore(dependencies): Autobump korkVersion (#931)
chore(dependencies): Autobump korkVersion (#932)
chore(dependencies): Autobump korkVersion (#933)
chore(dependencies): remove dependency on groovy-all where straightforward (#934)
chore(dependencies): Autobump korkVersion (#935)
chore(dependencies): Autobump spinnakerGradleVersion (#936)
chore(dependencies): Autobump korkVersion (#939)
chore(web): clean up for spring property setup (#941)
chore(dependencies): Autobump korkVersion (#943)
chore(dependencies): Autobump korkVersion (#944)
chore(dependencies): Autobump korkVersion (#945)
chore(dependencies): Autobump korkVersion (#948)
chore(dependencies): Autobump korkVersion (#949)
chore(dependencies): Autobump korkVersion (#950)
chore(dependencies): Autobump korkVersion (#951)
chore(dependencies): Autobump korkVersion (#952)
chore(dependencies): remove residual dependency on groovy-all in rosco-manifest (#954)
chore(dependencies): Autobump korkVersion (#955)
chore(dependencies): Autobump korkVersion (#956)
fix(tests): Introduce junit5 vintage engine for running junit4 test cases over junit5 in rosco (#958)
chore(dependencies): Autobump korkVersion (#961)
chore(dependencies): Autobump korkVersion (#962)
fix(manifests/test): add org.junit.jupiter:junit-jupiter-engine as a test runtime dependency (#963)
chore(dependencies): Autobump korkVersion (#978)

Continuous-Deployment: v2.28.6 Armory Continuous Deployment Release (Spinnaker™ v1.28.6)

Fri, 28 Apr 2023 00:00:00 +0000

2023/04/28 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.28.6, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Any services running under Java 11.0.11+ and using TLSv1.1 will encounter a communication failure. For example, you will see a communication failure between an Armory CD service running under Java 11.0.1 and MySQL 5.7 if the MySQL driver is using TLSv1.1.

The version of Java depends on the version used by the Docker container’s OS. Most Armory CD services are using Alpine 3.11 or 3.12, which does not use Java 11.0.11. However, Alpine 3.11 is end-of-life in November of 2021, and 3.12 is end-of-life in May of 2022. There is no guarantee that Java 11.0.11+ won’t be added to those container images by some other manner. You should modify your TLSv1.1 environment now so you don’t encounter communication failures.

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

When you navigate to the Infrastructure tab in the UI for an application that has the Kubernetes provider configured, actions that change the Kubernetes infrastructure (such as Create or Delete), including Clusters, Load Balancers, and Firewalls, are no longer available.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

This setting does not completely prevent users from modifying Kubernetes infrastructure through Armory CD. To do so, you must use the Policy Engine and write policies using the spinnaker.http.authz package.

If you use the Policy Engine to control which user roles can see the UI actions and be able to use them, you must set this property to true. Setting the value to false hides the buttons for all users regardless of whether you grant specific users access to the buttons through the Policy Engine.

This property affects Kubernetes infrastructure only. The behavior is slightly different depending on if the application has only the Kubernetes provider configured or Kubernetes and other providers, such as AWS.

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Git Artifact Constraint Trigger

When setting an artifact constraint to limit when a pipeline executes on a git web hook, it’s likely the trigger will break with an error message The following required artifacts could not be bound: ‘[ArtifactKey(type=docker/image, …’ See https://github.com/spinnaker/spinnaker/issues/6757

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

MySQL Permission Repository error in 2.28.1-2.28.4

Armory is investigating an issue with FIAT when using MySQL as the backend permission repository. When it is enabled, unexpected authorization errors appear in logs across Clouddriver/Orca/Front50 for users and Service Accounts. Admins appear unaffected.

The issue does not exist for 2.28.0 and lower and has since been resolved as of 2.28.5. Environments using the default Redis backend do not encounter these errors. For more information about the changes that resolve this fix, please visit the following PR

Workaround: Use Redis backend, 2.28.0, 2.28.5+

Affected versions: Armory CD 2.28.1-2.28.4

Application Attributes section displays “This Application has not been configured”

Affected versions: Armory CD 2.28.0

Google App Engine account authentication

Spinnaker 1.28 introduced a new API to allow adding accounts to Spinnaker. This change required all existing providers to register themselves with the credentials repo system. Several cloud providers were missed as part of the migration, including Google and AppEngine providers. It’s possible other non-supported providers may also be broken. The result of this is that users cannot see any Google or App Engine accounts listed in the UI, and non-admin users get an Access Denied error when trying to run pipelines as no permissions are granted. Admins can still deploy to these accounts since they bypass any permissions restrictions.

Workaround:

2.28.X or later: Replace the Clouddriver image in 2.28 with the Armory Clouddriver 2.27 image

1.28.X or later: Replace the Clouddriver image in 1.28 with the OSS Clouddriver 1.27 image

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Blue/Green(Red/Black) in the non-default namespace for Kubernetes fails

Version 2.28.6 introduced a bug which affects the Blue/Green(Red/Black) deployment strategy in Kubernetes.

In the afterStage during a deployment that uses the Blue/Green (Red/Black) rollout strategy, Spinnaker tries to select the rollout strategy and switch the traffic to the newly deployed rollout strategy.

However, when Orca sends the API request to Clouddriver for the rollout strategy details, Orca doesn’t include the namespace, which results in failure of the task with Manifest not found.

Early access

Dynamic Rollback Timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck.

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user. You must add this block to the orca.yml file if you want to enable the dynamic rollback timeout feature.

{
 "rollback:"
 "timeout:"
 "enabled: true"
}

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines as Code multi-branch enhancement

Now you can configure Pipelines as Code to pull Dinghy files from multiple branches on the same repo. Cut out the tedious task of managing multiple repos; have a single repo for Spinnaker application pipelines. See Multiple branches for how to enable and configure this feature.

Enhanced BitBucket Server pull request handling

Terraform template fix

Armory fixed an issue with SpEL expression failures appearing while using Terraformer to serialize data from a Terraform Plan execution. With this feature flag fix enabled, you will be able to use the Terraform template file provider. Please open a support ticket if you need this fix.

Automatically Cancel Jenkins Jobs

Fixed Issues

Clouddriver

Fixed an issue where customers are unable to use mixed instances and other advanced launch template features. (https://github.com/spinnaker/spinnaker/issues/6755)

Deck

Fixed an issue where the UI crashes when running pipeline(s) with many stages.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.6 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 95037f6d709c2dd03318b78c42c426106ee16a01
version: 2.28.6
deck:
commit: e24db15a97545fd5dda3bdb88a70f640bc5a1104
version: 2.28.6
dinghy:
commit: 912007004f7720b418cd133301c7fb20207e1f2f
version: 2.28.6
echo:
commit: a602d9d5def0815cb52bdf6d695ca69cbf0abe3b
version: 2.28.6
fiat:
commit: 45039aa7952cc409329faa30b8443667566459c1
version: 2.28.6
front50:
commit: 3292cf2715a9e52bb4690601d4fd877407505ced
version: 2.28.6
gate:
commit: c8058f4362f3f4ad108fa146d628a162445c7579
version: 2.28.6
igor:
commit: 60964526194a1273a03a7ade1f8939751e337735
version: 2.28.6
kayenta:
commit: 22fe5d47baacce77917c9026cefdedf91c64a956
version: 2.28.6
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 06352546281e21597eb59d3e993e842b9259f142
version: 2.28.6
rosco:
commit: 27d4a2b4a1d5f099b68471303d4fd14af156d46d
version: 2.28.6
terraformer:
commit: ea9b0255b7d446bcbf0f0d4e03fc8699b7508431
version: 2.28.6
timestamp: "2023-04-21 21:46:22"
version: 2.28.6

Armory

Armory Igor - 2.28.5…2.28.6

chore(cd): update base service version to igor:2023.03.02.19.40.25.release-1.28.x (#419)
chore(cd): update base service version to igor:2023.03.02.21.16.28.release-1.28.x (#420)

Armory Front50 - 2.28.5…2.28.6

chore(cd): update base service version to front50:2023.03.27.19.08.11.release-1.28.x (#509)
chore(cd): update armory-commons version to 3.11.5 (#534)

Armory Gate - 2.28.5…2.28.6

chore(cd): update base service version to gate:2023.03.02.19.38.56.release-1.28.x (#523)
chore(cd): update base service version to gate:2023.03.02.21.17.09.release-1.28.x (#524)
chore(cd): update base service version to gate:2023.03.27.19.10.16.release-1.28.x (#530)
chore(cd): update armory-commons version to 3.11.5 (#556)

Armory Orca - 2.28.5…2.28.6

chore(cd): update base orca version to 2023.03.02.19.46.59.release-1.28.x (#597)
chore(cd): update base orca version to 2023.03.02.21.24.49.release-1.28.x (#598)
chore(cd): update base orca version to 2023.03.28.15.32.53.release-1.28.x (#608)
chore(cd): update armory-commons version to 3.11.5 (#632)

Armory Deck - 2.28.5…2.28.6

chore(alpine): Upgrade alpine version (backport #1302) (#1303)
chore(build): only run security scans on PR merge (backport #1319) (#1327)
chore(cd): update base deck version to 2023.0.0-20230410180145.release-1.28.x (#1330)
chore(cd): update base deck version to 2023.0.0-20230410180145.release-1.28.x (#1332)
chore(cd): update base deck version to 2023.0.0-20230420193214.release-1.28.x (#1333)

Terraformer™ - 2.28.5…2.28.6

chore(alpine): Update alpine version (backport #497) (#499)

Armory Rosco - 2.28.5…2.28.6

chore(cd): update base service version to rosco:2023.03.02.19.37.08.release-1.28.x (#500)
chore(cd): update armory-commons version to 3.11.5 (#526)
chore(cd): update armory-commons version to 3.11.6 (#529)

Armory Clouddriver - 2.28.5…2.28.6

chore(cd): update base service version to clouddriver:2023.03.02.19.57.01.release-1.28.x (#812)
chore(cd): update base service version to clouddriver:2023.03.03.02.32.42.release-1.28.x (#813)
chore(cd): update base service version to clouddriver:2023.03.21.20.21.00.release-1.28.x (#821)
chore(cd): update base service version to clouddriver:2023.03.23.14.57.28.release-1.28.x (#826)
chore(cd): update base service version to clouddriver:2023.03.27.19.24.21.release-1.28.x (#829)
chore(cd): update armory-commons version to 3.11.5 (#862)
Bumped aws-cli to 1.22 for FIPS compliance (#854) (#863)
chore(cd): update armory-commons version to 3.11.6 (#868)

Armory Kayenta - 2.28.5…2.28.6

chore(cd): update base service version to kayenta:2023.03.03.04.50.48.release-1.28.x (#393)
chore(cd): update base service version to kayenta:2023.03.28.19.09.35.release-1.28.x (#398)
chore(cd): update armory-commons version to 3.11.5 (#423)
chore(cd): update armory-commons version to 3.11.6 (#430)

Armory Echo - 2.28.5…2.28.6

chore(cd): update base service version to echo:2023.03.02.19.38.24.release-1.28.x (#542)
chore(cd): update base service version to echo:2023.03.02.21.17.15.release-1.28.x (#543)
chore(cd): update base service version to echo:2023.03.27.19.10.41.release-1.28.x (#550)
chore(cd): update armory-commons version to 3.11.5 (#576)
chore(cd): update armory-commons version to 3.11.6 (#579)

Dinghy™ - 2.28.5…2.28.6

chore(dependencies): bumped oss dinghy version to 20230201103309-a73a68c80965 (#480)
chore(alpine): Upgrade alpine version (backport #481) (#482)

Armory Fiat - 2.28.5…2.28.6

chore(cd): update base service version to fiat:2023.03.02.19.37.20.release-1.28.x (#441)
chore(cd): update base service version to fiat:2023.03.16.17.55.44.release-1.28.x (#446)

Spinnaker

Spinnaker Igor - 1.28.6

chore(dependencies): Autobump korkVersion (#1093)
chore(dependencies): Autobump fiatVersion (#1094)

Spinnaker Front50 - 1.28.6

chore(dependencies): Autobump korkVersion (#1214)
chore(dependencies): Autobump fiatVersion (#1215)
fix(sql): Populating lastModified field for pipelines when loading objects. (#1220) (#1223)
chore(dependencies): Autobump fiatVersion (#1227)

Spinnaker Gate - 1.28.6

chore(dependencies): Autobump korkVersion (#1624)
chore(dependencies): Autobump fiatVersion (#1625)
chore(dependencies): Autobump fiatVersion (#1632)

Spinnaker Orca - 1.28.6

chore(dependencies): Autobump korkVersion (#4405)
chore(dependencies): Autobump fiatVersion (#4406)
chore(dependencies): Autobump fiatVersion (#4425)
Fix/blue green deploy (backport #4414) (#4419)

Spinnaker Deck - 1.28.6

fix: UI crashes when running pipeline(s) with many stages. (backport #9960) (#9973)
fix(aws): Fixing bugs related to clone CX when instance types are incompatible with image/region (backport #9901) (#9975)

Spinnaker Rosco - 1.28.6

chore(dependencies): Autobump korkVersion (#959)

Spinnaker Clouddriver - 1.28.6

chore(dependencies): Autobump korkVersion (#5897)
chore(dependencies): Autobump fiatVersion (#5898)
fix(core): Renamed a query parameter for template tags (#5906) (#5908)
chore(aws): Update AWS IAM Authenticator version (#5910)
chore(dependencies): Autobump fiatVersion (#5916)

Spinnaker Kayenta - 1.28.6

chore(dependencies): Autobump orcaVersion (#936)
chore(dependencies): Autobump orcaVersion (#943)

Spinnaker Echo - 1.28.6

chore(dependencies): Autobump korkVersion (#1261)
chore(dependencies): Autobump fiatVersion (#1262)
chore(dependencies): Autobump fiatVersion (#1270)

Spinnaker Fiat - 1.28.6

chore(dependencies): Autobump korkVersion (#1026)
fix(logs): Redacted secret data in logs. (#1029) (#1030)

Continuous-Deployment: v2.27.8 Armory Continuous Deployment Release (Spinnaker™ v1.27.0)

Tue, 18 Apr 2023 00:00:00 +0000

2023/04/18 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.27.8, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

Dinghy fails to start with SQL enabled

Known bug with the java version

enabledTLSProtocols=TLSv1.2

needs to be added as an argument on newer JVMs.

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Early Access Features

Dynamic Rollback Timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck.

On the Orca side, the feature flag overrides the default value rollback timeout - 5min - with a UI input from the user.

{
 "yaml,"
 "orca.yml,"
 "rollback:"
 "timeout:"
 "enabled: true"
}

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines as Code multi-branch enhancement

Now you can configure Pipelines as Code to pull Dinghy files from multiple branches in the same repo. Cut out the tedious task of managing multiple repos; have a single repo for Spinnaker application pipelines. See Multiple branches for how to enable and configure this feature.

Automatically Cancel Jenkins Jobs

Fixes

Clouddriver: Two credentials with same accountId confuses EcrImageProvider with different regions
Clouddriver: Renamed a query parameter for template tags
Alpine updates for Deck, Dinghy, and Terraformer

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.27.0 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: a3347ca5e207273abe60ca48e98bf494e6d8d359
version: 2.27.8
deck:
commit: 57f5d89f15f6f9ddc5c3f4554e4b0a3bb6f03e2b
version: 2.27.8
dinghy:
commit: d9146416b57d6c7008cfe6323ba3b0e6527181d0
version: 2.27.8
echo:
commit: b220bcaa01be72ca2c4489203bc5ceb53d83e8af
version: 2.27.8
fiat:
commit: e23c8b8a65463100c7075b1aacc140a0e0dc5216
version: 2.27.8
front50:
commit: 5e1fe36c4b8df29cc9cb4d7af581a44b0ca44e59
version: 2.27.8
gate:
commit: 9cd1a1174ee0bd19577ffdbd6aa11ad432a67082
version: 2.27.8
igor:
commit: ebfdd8b8068fe1ff1ba3e7c25cd2b0c0fa803bd9
version: 2.27.8
kayenta:
commit: 822b3339a4dbbccb9a135c102d8ba1ff199d49ec
version: 2.27.8
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 2aa5a723767a5972a3b31278a1dcf5af32e66b99
version: 2.27.8
rosco:
commit: 8b94ccff09fe762d896df9052e4199af6dd9b666
version: 2.27.8
terraformer:
commit: 736ece67b4a52a612262cbe844d1edd3ad176d19
version: 2.27.8
timestamp: "2023-03-22 15:19:48"
version: 2.27.8

Armory

Armory Fiat - 2.27.7…2.27.8

chore(cd): update base service version to fiat:2023.02.28.17.42.01.release-1.27.x (#439)
chore(cd): update base service version to fiat:2023.03.16.17.57.42.release-1.27.x (#447)

Armory Igor - 2.27.7…2.27.8

chore(cd): update base service version to igor:2023.02.28.17.45.14.release-1.27.x (#417)
chore(cd): update base service version to igor:2023.02.28.19.16.26.release-1.27.x (#418)

Armory Gate - 2.27.7…2.27.8

chore(cd): update base service version to gate:2023.02.28.17.43.36.release-1.27.x (#520)
chore(cd): update base service version to gate:2023.02.28.19.18.24.release-1.27.x (#521)

Armory Orca - 2.27.7…2.27.8

chore(cd): update base orca version to 2023.02.28.17.51.52.release-1.27.x (#594)
chore(cd): update base orca version to 2023.02.28.19.23.37.release-1.27.x (#595)

Armory Kayenta - 2.27.7…2.27.8

chore(cd): update base service version to kayenta:2023.02.28.21.15.17.release-1.27.x (#392)

Terraformer™ - 2.27.7…2.27.8

chore(alpine): Update alpine version (backport #497) (#498)

Armory Rosco - 2.27.7…2.27.8

chore(cd): update base service version to rosco:2023.02.28.17.41.47.release-1.27.x (#498)

Armory Deck - 2.27.7…2.27.8

chore(alpine): Upgrade alpine version (backport #1302) (#1304)

Armory Clouddriver - 2.27.7…2.27.8

chore(cd): update base service version to clouddriver:2023.02.22.23.00.31.release-1.27.x (#805)
chore(cd): update base service version to clouddriver:2023.02.28.18.06.11.release-1.27.x (#809)
chore(cd): update base service version to clouddriver:2023.02.28.19.32.28.release-1.27.x (#811)
chore(cd): update base service version to clouddriver:2023.03.21.20.22.35.release-1.27.x (#822)

Armory Echo - 2.27.7…2.27.8

chore(cd): update base service version to echo:2023.02.28.17.42.44.release-1.27.x (#540)
chore(cd): update base service version to echo:2023.02.28.19.16.55.release-1.27.x (#541)

Dinghy™ - 2.27.7…2.27.8

chore(dependencies): bumped oss dinghy version to 20230201103309-a73a68c80965 (#479)
chore(alpine): Upgrade alpine version (backport #481) (#483)

Armory Front50 - 2.27.7…2.27.8

Spinnaker

Spinnaker Fiat - 1.27.0

chore(dependencies): Autobump korkVersion (#1024)
fix(logs): Redacted secret data in logs. (#1029) (#1032)

Spinnaker Igor - 1.27.0

chore(dependencies): Autobump korkVersion (#1091)
chore(dependencies): Autobump fiatVersion (#1092)

Spinnaker Gate - 1.27.0

chore(dependencies): Autobump korkVersion (#1621)
chore(dependencies): Autobump fiatVersion (#1622)

Spinnaker Orca - 1.27.0

chore(dependencies): Autobump korkVersion (#4401)
chore(dependencies): Autobump fiatVersion (#4402)

Spinnaker Kayenta - 1.27.0

chore(dependencies): Autobump orcaVersion (#934)

Spinnaker Rosco - 1.27.0

chore(dependencies): Autobump korkVersion (#957)

Spinnaker Deck - 1.27.0

Spinnaker Clouddriver - 1.27.0

fix(ecr): Two credentials with same accountId confuses EcrImageProvider with different regions (#5885) (#5886)
chore(dependencies): Autobump korkVersion (#5894)
chore(dependencies): Autobump fiatVersion (#5895)
fix(core): Renamed a query parameter for template tags (#5906) (#5907)

Spinnaker Echo - 1.27.0

chore(dependencies): Autobump korkVersion (#1259)
chore(dependencies): Autobump fiatVersion (#1260)

Spinnaker Front50 - 1.27.0

Continuous-Deployment: v2.28.5 Armory Continuous Deployment Release (Spinnaker™ v1.28.5)

Tue, 07 Mar 2023 00:00:00 +0000

2023/03/07 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.28.5, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Git Artifact Constraint Trigger

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

MySQL Permission Repository error in 2.28.1-2.28.4

Workaround: Use Redis backend, 2.28.0, 2.28.5+

Affected versions: Armory CD 2.28.1-2.28.4

Application Attributes section displays “This Application has not been configured”

Affected versions: Armory CD 2.28.0

Google App Engine account authentication

Workaround:

2.28.X or later: Replace the Clouddriver image in 2.28 with the Armory Clouddriver 2.27 image

1.28.X or later: Replace the Clouddriver image in 1.28 with the OSS Clouddriver 1.27 image

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Early access

New in 2.28.5 -> Dynamic Rollback Timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck.

On the Orca side, the feature flag overrides the default value rollback timeout - 5 min - with a UI input from the user.

{
 "yaml,"
 "orca.yml,"
 "rollback:"
 "timeout:"
 "enabled: true"
}

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines-as-Code multi-branch enhancement

Now you can configure Pipelines-as-Code to pull Dinghy files from multiple branches on the same repo. Cut out the tedious task of managing multiple repos; have a single repo for Spinnaker application pipelines. See Multiple branches for how to enable and configure this feature.

Enhanced BitBucket Server pull request handling

Terraform template fix

Armory fixed an issue with SpEL expression failures appearing while using Terraformer to serialize data from a Terraform Plan execution. With this feature flag fix enabled, you will be able to use the Terraform template file provider. Please open a support ticket if you need this fix.

Automatically Cancel Jenkins Jobs

Fixed issues

Clouddriver

Revert to using the dockerImage Artifact Replacer for cronjobs
Two credentials with same accountId confuses EcrImageProvider with different regions

Permissions

Fix the deletion of permissions when resource name is uppercase

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.5 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 49c6d33aebf5c6edcd85904680afac4698e9e208
version: 2.28.5
deck:
commit: bd57caffcdc86c9fb7560e958ba89141372d5d3d
version: 2.28.5
dinghy:
commit: c4ed5b19dbcfefe8dea14cdff7df9a8ab540eba3
version: 2.28.5
echo:
commit: 53bebfd6900b3de124dde043a00d164aa2e50773
version: 2.28.5
fiat:
commit: e5eb6837f87b029248e3068119e05acbb85cf22c
version: 2.28.5
front50:
commit: fab8841982330e7537629c9f24f41205cd5863fd
version: 2.28.5
gate:
commit: 65bdd30238312bbca2dce613825eda7ae88f1dfa
version: 2.28.5
igor:
commit: 61ce26babfcd0bdf62872c24e707ca5b5371a381
version: 2.28.5
kayenta:
commit: 0333b9ed6153acfc090edcfa38e3514439e2863c
version: 2.28.5
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 37f945ea4ca839267ddd95e436912ef8f82d559e
version: 2.28.5
rosco:
commit: 945f21dec252da7dd2e00c8d23a1687aa3b9841a
version: 2.28.5
terraformer:
commit: 3764e523e17dfdd4cf309dc2bd7c13d9b804f309
version: 2.28.5
timestamp: "2023-02-23 01:24:13"
version: 2.28.5

Armory

Terraformer™ - 2.28.4…2.28.5

Armory Orca - 2.28.4…2.28.5

chore(cd): update base orca version to 2023.02.03.15.05.56.release-1.28.x (#583)

Armory Igor - 2.28.4…2.28.5

Dinghy™ - 2.28.4…2.28.5

Armory Deck - 2.28.4…2.28.5

chore(cd): update base deck version to 2023.0.0-20230203161351.release-1.28.x (#1294)

Armory Echo - 2.28.4…2.28.5

Armory Front50 - 2.28.4…2.28.5

Armory Fiat - 2.28.4…2.28.5

chore(cd): update base service version to fiat:2023.02.07.18.42.05.release-1.28.x (#430)

Armory Rosco - 2.28.4…2.28.5

Armory Clouddriver - 2.28.4…2.28.5

chore(cd): update base service version to clouddriver:2023.02.15.21.39.25.release-1.28.x (#799)
chore(cd): update base service version to clouddriver:2023.02.22.23.00.00.release-1.28.x (#804)

Armory Gate - 2.28.4…2.28.5

Armory Kayenta - 2.28.4…2.28.5

Spinnaker

Spinnaker Orca - 1.28.5

fix(timeout): Added feature flag for rollback timeout ui input. (backport #4383) (#4385)

Spinnaker Igor - 1.28.5

Spinnaker Deck - 1.28.5

fix(timeout): Added feature flag for rollback timeout ui input. (backport #9937) (#9940)

Spinnaker Echo - 1.28.5

Spinnaker Front50 - 1.28.5

Spinnaker Fiat - 1.28.5

fix: Should fix the deletion of permissions when resource name is uppercase (backport #1012) (#1013)

Spinnaker Rosco - 1.28.5

Spinnaker Clouddriver - 1.28.5

fix(kubernetes): Revert to using the dockerImage Artifact Replacer for cronjobs (#5876) (#5877)
fix(ecr): Two credentials with same accountId confuses EcrImageProvider with different regions (#5885) (#5887)

Spinnaker Gate - 1.28.5

Spinnaker Kayenta - 1.28.5

Continuous-Deployment: v2.27.7 Armory Continuous Deployment Release (Spinnaker™ v1.27.3)

Thu, 16 Feb 2023 00:00:00 +0000

2023/02/16 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.27.7, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Early Access features

Dynamic Rollback Timeout

To make the dynamic timeout available, you need to enable the feature flag in Orca and Deck.

On the Orca side, the feature flag overrides the default value rollback timeout - 5min - with a UI input from the user.

{
 "yaml,"
 "orca.yml,"
 "rollback:"
 "timeout:"
 "enabled: true"
}

On the Deck side, the feature flag enhances the Rollback Cluster stage UI with timeout input.

window.spinnakerSettings.feature.dynamicRollbackTimeout = true;

The default is used if there is no value set in the UI.

Pipelines-as-Code multi-branch enhancement

Now you can configure Pipelines-as-Code to pull Dinghy files from multiple branches in the same repo. Cut out the tedious task of managing multiple repos; have a single repo for Spinnaker application pipelines. See Multiple branches for how to enable and configure this feature.

Automatically Cancel Jenkins Jobs

Fixed

Updated google cloud SDK to support GKE >1.26

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.27.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: dc29b777268954cce13b1b36b152d4e2a493caa9
version: 2.27.7
deck:
commit: be6776c69c18743de1df214acaa500250569a146
version: 2.27.7
dinghy:
commit: ca161395d61ae5e93d1f9ecfbb503b68c2b54bc5
version: 2.27.7
echo:
commit: 3204f90e951562245c62430d863617c34b3a0826
version: 2.27.7
fiat:
commit: b3ca6748d2377454949420613e7912748ea00b52
version: 2.27.7
front50:
commit: 5e1fe36c4b8df29cc9cb4d7af581a44b0ca44e59
version: 2.27.7
gate:
commit: adf9732bc7b3c8df48b21b86ef9783efcadec78b
version: 2.27.7
igor:
commit: 9e2d7946da19c803eb0bd12e888c5119528a364c
version: 2.27.7
kayenta:
commit: 5a1efcefddfe78f37550f5bee723570e3737ce04
version: 2.27.7
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: b239fa305820b1102d38fe4d0beeaca847c0f4f2
version: 2.27.7
rosco:
commit: f4164fdcfa275b62e0c0fefbe26b5cbd845c543d
version: 2.27.7
terraformer:
commit: f845ba2fc760c46b98794a10c32cc2b713c7c9e0
version: 2.27.7
timestamp: "2023-02-08 07:01:33"
version: 2.27.7

Armory

Armory Orca - 2.27.6…2.27.7

chore(cd): update base orca version to 2023.02.03.15.10.20.release-1.27.x (#585)

Armory Rosco - 2.27.6…2.27.7

Armory Deck - 2.27.6…2.27.7

chore(cd): update base deck version to 2023.0.0-20230203161357.release-1.27.x (#1295)

Armory Echo - 2.27.6…2.27.7

Armory Clouddriver - 2.27.6…2.27.7

chore(cd): update base service version to clouddriver:2023.01.27.17.41.53.release-1.27.x (#784)

Armory Fiat - 2.27.6…2.27.7

Armory Front50 - 2.27.6…2.27.7

Dinghy™ - 2.27.6…2.27.7

Armory Gate - 2.27.6…2.27.7

Armory Igor - 2.27.6…2.27.7

Armory Kayenta - 2.27.6…2.27.7

Terraformer™ - 2.27.6…2.27.7

Spinnaker

Spinnaker Orca - 1.27.3

fix(timeout): Added feature flag for rollback timeout ui input. (backport #4383) (#4384)

Spinnaker Rosco - 1.27.3

Spinnaker Deck - 1.27.3

fix(timeout): Added feature flag for rollback timeout ui input. (backport #9937) (#9939)

Spinnaker Echo - 1.27.3

Spinnaker Clouddriver - 1.27.3

feat(gke): Enables gcloud auth plugin for 1.26+ GKE clusters (backport #5847) (#5852)

Spinnaker Fiat - 1.27.3

Spinnaker Front50 - 1.27.3

Spinnaker Gate - 1.27.3

Spinnaker Igor - 1.27.3

Spinnaker Kayenta - 1.27.3

Continuous-Deployment: v2.28.4 Armory Continuous Deployment Release (Spinnaker™ v1.28.4)

Tue, 07 Feb 2023 00:00:00 +0000

2023/02/07 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.28.4, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Git Artifact Constraint Trigger

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

MySQL Permission Repository error in 2.28.1-2.28.4

Workaround: Use Redis backend, 2.28.0, 2.28.5+

Affected versions: Armory CD 2.28.1-2.28.4

Application Attributes section displays “This Application has not been configured”

Affected versions: Armory CD 2.28.0

Google App Engine account authentication

Workaround:

2.28.X or later: Replace the Clouddriver image in 2.28 with the Armory Clouddriver 2.27 image

1.28.X or later: Replace the Clouddriver image in 1.28 with the OSS Clouddriver 1.27 image

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Early access

Pipelines-as-Code multi-branch enhancement

Enhanced BitBucket Server pull request handling

Terraform template fix

Armory fixed an issue with SpEL expression failures appearing while using Terraformer to serialize data from a Terraform Plan execution. With this feature flag fix enabled, you will be able to use the Terraform template file provider. Please open a support ticket if you need this fix.

Automatically Cancel Jenkins Jobs

Fixed issues

Addressed an issue which could result in access denied errors for Clouddriver accounts when AuthZ enabled and has empty roles

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: d52c864053d77a05eef806926591427bc866b529
version: 2.28.4
deck:
commit: dd17c153eaf117ab7990c11182a6bdc887d020f9
version: 2.28.4
dinghy:
commit: c4ed5b19dbcfefe8dea14cdff7df9a8ab540eba3
version: 2.28.4
echo:
commit: 53bebfd6900b3de124dde043a00d164aa2e50773
version: 2.28.4
fiat:
commit: 48c8759b0878fd1b86b91dae9ee288afcf03dd39
version: 2.28.4
front50:
commit: fab8841982330e7537629c9f24f41205cd5863fd
version: 2.28.4
gate:
commit: 65bdd30238312bbca2dce613825eda7ae88f1dfa
version: 2.28.4
igor:
commit: 61ce26babfcd0bdf62872c24e707ca5b5371a381
version: 2.28.4
kayenta:
commit: 0333b9ed6153acfc090edcfa38e3514439e2863c
version: 2.28.4
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 76fe72a46566bb404eb4db4c842ecb0775c546bf
version: 2.28.4
rosco:
commit: 945f21dec252da7dd2e00c8d23a1687aa3b9841a
version: 2.28.4
terraformer:
commit: 3764e523e17dfdd4cf309dc2bd7c13d9b804f309
version: 2.28.4
timestamp: "2023-01-31 10:52:55"
version: 2.28.4

Armory

Armory Fiat - 2.28.3…2.28.4

Armory Front50 - 2.28.3…2.28.4

Terraformer™ - 2.28.3…2.28.4

Armory Gate - 2.28.3…2.28.4

Armory Clouddriver - 2.28.3…2.28.4

chore(cd): update base service version to clouddriver:2023.01.25.18.10.13.release-1.28.x (#782)
chore(cd): update base service version to clouddriver:2023.01.30.18.47.09.release-1.28.x (#787)

Armory Kayenta - 2.28.3…2.28.4

Armory Igor - 2.28.3…2.28.4

Armory Rosco - 2.28.3…2.28.4

Armory Echo - 2.28.3…2.28.4

Armory Orca - 2.28.3…2.28.4

Armory Deck - 2.28.3…2.28.4

Dinghy™ - 2.28.3…2.28.4

Spinnaker

Spinnaker Fiat - 1.28.4

Spinnaker Front50 - 1.28.4

Spinnaker Gate - 1.28.4

Spinnaker Clouddriver - 1.28.4

fix(permissions): Added evaluator case when fiat is enabled (#5856)
feat(gke): Enables gcloud auth plugin for 1.26+ GKE clusters (backport #5847) (#5851)

Spinnaker Kayenta - 1.28.4

Spinnaker Igor - 1.28.4

Spinnaker Rosco - 1.28.4

Spinnaker Echo - 1.28.4

Spinnaker Orca - 1.28.4

Spinnaker Deck - 1.28.4

Continuous-Deployment: v2.27.6 Armory Continuous Deployment Release (Spinnaker™ v1.27.3)

Mon, 30 Jan 2023 00:00:00 +0000

2023/01/30 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.27.6, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Known issues

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Early Access features

Pipelines-as-Code multi-branch enhancement

Feature flag in Orca to use the new Igor stop endpoint

When defining a Jenkins job inside folders, the name contains slashes. Because of that, instead of matching the request to the IGOR STOP endpoint (/masters/{name}/jobs/{jobName}/stop/{queuedBuild}/{buildNumber}), Spring is matching the request to the BUILD one (/masters/{name}/jobs/**) The stop request is failing because it is trying to start a job that does not exist. A feature flag was added to call the existing endpoint (which accepts the job name as path variable) or the new one (which accepts the job name as a query parameter).

Fixes

Updated google cloud SDK to support GKE >1.26
Bumped commons-text to address CVE-2022-42889
Add migration to ensure consistency between resource_name in fiat_resource and fiat_permission tables

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.27.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 60eafebf9875071709e3d8ec53d2729a197574f1
version: 2.27.6
deck:
commit: 0802cbb92aa32eb6b387b5a6e54db14843fc6f31
version: 2.27.6
dinghy:
commit: ca161395d61ae5e93d1f9ecfbb503b68c2b54bc5
version: 2.27.6
echo:
commit: 3204f90e951562245c62430d863617c34b3a0826
version: 2.27.6
fiat:
commit: b3ca6748d2377454949420613e7912748ea00b52
version: 2.27.6
front50:
commit: 5e1fe36c4b8df29cc9cb4d7af581a44b0ca44e59
version: 2.27.6
gate:
commit: adf9732bc7b3c8df48b21b86ef9783efcadec78b
version: 2.27.6
igor:
commit: 9e2d7946da19c803eb0bd12e888c5119528a364c
version: 2.27.6
kayenta:
commit: 5a1efcefddfe78f37550f5bee723570e3737ce04
version: 2.27.6
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: fa3449f0202512534382d2d2a0431f25f4f408c5
version: 2.27.6
rosco:
commit: f4164fdcfa275b62e0c0fefbe26b5cbd845c543d
version: 2.27.6
terraformer:
commit: f845ba2fc760c46b98794a10c32cc2b713c7c9e0
version: 2.27.6
timestamp: "2023-01-20 20:04:33"
version: 2.27.6

Armory

Armory Kayenta - 2.27.5…2.27.6

fix(kayenta-integration-tests): update dynatrace tenant to qso00828 (backport #376) (#378)
chore(cd): update base service version to kayenta:2022.12.01.22.29.56.release-1.27.x (#373)

Armory Orca - 2.27.5…2.27.6

Terraformer™ - 2.27.5…2.27.6

fix(versions): Sets version constraints for kubectl & aws-iam-authent… (backport #487) (#488)
Fixes builds with golint being dead until were on a newer golang (#491) (#494)
feat(gcloud): Bump to latest gcloud sdk & adds the GKE Auth plugin (#490) (#492)

Armory Rosco - 2.27.5…2.27.6

Armory Deck - 2.27.5…2.27.6

style(logo): Changed Armory logo (#1264) (#1266)

Armory Clouddriver - 2.27.5…2.27.6

feat(google): Updated google cloud SDK to support GKE >1.26 (#769) (#771)
chore(cd): update base service version to clouddriver:2023.01.20.18.19.32.release-1.27.x (#781)

Armory Fiat - 2.27.5…2.27.6

chore(cd): update base service version to fiat:2022.11.18.19.29.05.release-1.27.x (#408)

Armory Gate - 2.27.5…2.27.6

Armory Echo - 2.27.5…2.27.6

chore(cd): update base service version to echo:2022.12.14.15.47.16.release-1.27.x (#515)
chore(cd): update base service version to echo:2023.01.20.14.47.33.release-1.27.x (#525)

Armory Front50 - 2.27.5…2.27.6

chore(cd): update base service version to front50:2022.12.01.21.15.09.release-1.27.x (#473)

Armory Igor - 2.27.5…2.27.6

Dinghy™ - 2.27.5…2.27.6

Spinnaker

Spinnaker Kayenta - 1.27.3

fix(security): Bump commons-text for CVE-2022-42889 (#911) (#913)
chore(dependencies): Autobump orcaVersion (#918)
chore(dependencies): Autobump orcaVersion (#919)
chore(dependencies): Autobump spinnakerGradleVersion (#917) (#920)

Spinnaker Orca - 1.27.3

Spinnaker Rosco - 1.27.3

Spinnaker Deck - 1.27.3

Spinnaker Clouddriver - 1.27.3

chore(dependencies): pin version of com.github.tomakehurst:wiremock (#5845) (#5857)

Spinnaker Fiat - 1.27.3

fix(permissions): ensure lower case for resource name in fiat_permission and fiat_resource tables (backport #963) (#979)
chore(build): set timeout for apt publishing to 5 minutes (#987)
chore(build): set timeout for apt publishing to 10 minutes and add –stacktrace (#988)
chore(dependencies): Autobump spinnakerGradleVersion (#989) (#990)
Cleanup publish debugging (#991)

Spinnaker Gate - 1.27.3

Spinnaker Echo - 1.27.3

feat(event): Add circuit breaker for events sending. (#1233) (#1238)
fix: The circuit breaker feature for sending events to telemetry endpoint is hidden under a required feature flag property (#1241) (#1244)

Spinnaker Front50 - 1.27.3

chore(dependencies): Autobump fiatVersion (#1178)
fix(pipelines): prevent from creating duplicated pipelines (#1172) (#1173)
chore(dependencies): Autobump spinnakerGradleVersion (#1177) (#1182)
chore(gha): bump versions of github actions (#1185)

Spinnaker Igor - 1.27.3

Continuous-Deployment: v2.28.3 Armory Continuous Deployment Release (Spinnaker™ v1.28.4)

Thu, 26 Jan 2023 00:00:00 +0000

2023/01/26 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.28.3, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Git Artifact Constraint Trigger

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

When Auth Z is enabled, Access Denied on deployments using accounts that have empty permissions

Users report that when attempting to use FIAT-defined User Accounts/Service Accounts/Service Principals that have empty permissions or roles, they receive an Exception: Access denied to account *** message. For example, Exception: Access denied to account aws. This is contrary to expected behavior in Spinnaker/Armory Continuous Deployment.

Workaround:

Users can add roles to the accounts in FIAT that are affected, even “dummy” roles.

See the How to Audit for Empty Roles in FIAT using Redis/MySQL KB article for how to locate affected user accounts, service accounts, or service principals.

Customers can also now upgrade to Armory CD 2.28.4, which resolves this known issue

Affected versions: Armory CD 2.28.0-2.28.3

MySQL Permission Repository error in 2.28.1-2.28.4

Workaround: Use Redis backend, 2.28.0, 2.28.5+

Affected versions: Armory CD 2.28.1-2.28.4

Application Attributes section displays “This Application has not been configured”

Affected versions: Armory CD 2.28.0

Google App Engine account authentication

Workaround:

2.28.X or later: Replace the Clouddriver image in 2.28 with the Armory Clouddriver 2.27 image

1.28.X or later: Replace the Clouddriver image in 1.28 with the OSS Clouddriver 1.27 image

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Early access

Pipelines-as-Code multi-branch enhancement

Enhanced BitBucket Server pull request handling

Terraform template fix

Armory fixed an issue with SpEL expression failures appearing while using Terraformer to serialize data from a Terraform Plan execution. With this feature flag fix enabled, you will be able to use the Terraform template file provider. Please open a support ticket if you need this fix.

Automatically Cancel Jenkins Jobs

Fixed Issues

Updated google cloud SDK to support GKE >1.26
Bumped commons-text to address CVE-2022-42889

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 66e1a26166ed649ebfb0ad6b0ac830924d2d6df2
version: 2.28.3
deck:
commit: dd17c153eaf117ab7990c11182a6bdc887d020f9
version: 2.28.3
dinghy:
commit: c4ed5b19dbcfefe8dea14cdff7df9a8ab540eba3
version: 2.28.3
echo:
commit: 53bebfd6900b3de124dde043a00d164aa2e50773
version: 2.28.3
fiat:
commit: 48c8759b0878fd1b86b91dae9ee288afcf03dd39
version: 2.28.3
front50:
commit: fab8841982330e7537629c9f24f41205cd5863fd
version: 2.28.3
gate:
commit: 65bdd30238312bbca2dce613825eda7ae88f1dfa
version: 2.28.3
igor:
commit: 61ce26babfcd0bdf62872c24e707ca5b5371a381
version: 2.28.3
kayenta:
commit: 0333b9ed6153acfc090edcfa38e3514439e2863c
version: 2.28.3
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 76fe72a46566bb404eb4db4c842ecb0775c546bf
version: 2.28.3
rosco:
commit: 945f21dec252da7dd2e00c8d23a1687aa3b9841a
version: 2.28.3
terraformer:
commit: 3764e523e17dfdd4cf309dc2bd7c13d9b804f309
version: 2.28.3
timestamp: "2023-01-20 19:07:29"
version: 2.28.3

Armory

Armory Kayenta - 2.28.2…2.28.3

fix(kayenta-integration-tests): update dynatrace tenant to qso00828 (backport #376) (#377)
chore(cd): update base service version to kayenta:2022.12.05.19.06.46.release-1.28.x (#374)

Armory Gate - 2.28.2…2.28.3

Armory Rosco - 2.28.2…2.28.3

Armory Igor - 2.28.2…2.28.3

Armory Orca - 2.28.2…2.28.3

Terraformer™ - 2.28.2…2.28.3

Fixes builds with golint being dead until were on a newer golang (#491) (#495)
feat(gcloud): Bump to latest gcloud sdk & adds the GKE Auth plugin (#490) (#493)

Armory Deck - 2.28.2…2.28.3

Armory Clouddriver - 2.28.2…2.28.3

feat(google): Updated google cloud SDK to support GKE >1.26 (#769) (#772)
chore(cd): update base service version to clouddriver:2023.01.20.18.13.55.release-1.28.x (#779)

Dinghy™ - 2.28.2…2.28.3

Armory Echo - 2.28.2…2.28.3

chore(cd): update base service version to echo:2022.12.14.15.47.22.release-1.28.x (#516)
chore(cd): update base service version to echo:2023.01.20.14.47.47.release-1.28.x (#527)

Armory Fiat - 2.28.2…2.28.3

Armory Front50 - 2.28.2…2.28.3

Spinnaker

Spinnaker Kayenta - 1.28.4

fix(security): Bump commons-text for CVE-2022-42889 (#911) (#914)
chore(dependencies): Autobump spinnakerGradleVersion (#917) (#921)
chore(dependencies): Autobump orcaVersion (#923)

Spinnaker Gate - 1.28.4

Spinnaker Rosco - 1.28.4

Spinnaker Igor - 1.28.4

Spinnaker Orca - 1.28.4

Spinnaker Deck - 1.28.4

Spinnaker Clouddriver - 1.28.4

chore(dependencies): pin version of com.github.tomakehurst:wiremock (#5845) (#5858)

Spinnaker Echo - 1.28.4

feat(event): Add circuit breaker for events sending. (#1233) (#1237)
fix: The circuit breaker feature for sending events to telemetry endpoint is hidden under a required feature flag property (#1241) (#1245)

Spinnaker Fiat - 1.28.4

Spinnaker Front50 - 1.28.4

Continuous-Deployment: v2.27.5 Armory Continuous Deployment Release (Spinnaker™ v1.27.3)

Thu, 12 Jan 2023 00:00:00 +0000

2023/01/12 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.27.5, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Early Access features

Pipelines-as-Code multi-branch enhancement

Feature flag in Orca to use the new Igor stop endpoint

Fixes

General

Revision History Display - Addressed an issue where the revision history was not showing the timestamp of the revision.
Duplicate Pipelines - Addressed an issue where Spinnaker users were ending up with duplicate pipelines when using pipelines as code.
Jenkins Backlinks - Fixed an issue where Igor was failing when Jenkins backlinks were enabled.
KubernetesManifest - Teach KubernetesManifest to support kubernetes resources where the spec is not a map.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.27.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: f310d91adf02ab892147e02fd549fd09af05a332
version: 2.27.5
deck:
commit: 1d2408e6d94fa62200bd0b776fdc021c5ff9f83d
version: 2.27.5
dinghy:
commit: ca161395d61ae5e93d1f9ecfbb503b68c2b54bc5
version: 2.27.5
echo:
commit: ed3c35253d27af121a5a6874de9b006d3b5d3bcf
version: 2.27.5
fiat:
commit: 9d615d351b220ea846e3c31890ecea7757fe40f4
version: 2.27.5
front50:
commit: 8be88a5e2efdf5ac85b6ea38c264d762e8ccf523
version: 2.27.5
gate:
commit: adf9732bc7b3c8df48b21b86ef9783efcadec78b
version: 2.27.5
igor:
commit: 9e2d7946da19c803eb0bd12e888c5119528a364c
version: 2.27.5
kayenta:
commit: 08b8f4656b4f6285ae5b0a5577ab10f6c50ba8ec
version: 2.27.5
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: fa3449f0202512534382d2d2a0431f25f4f408c5
version: 2.27.5
rosco:
commit: f4164fdcfa275b62e0c0fefbe26b5cbd845c543d
version: 2.27.5
terraformer:
commit: 0703f04671e56a94ac99e436a30c237b274e9407
version: 2.27.5
timestamp: "2022-12-08 23:35:17"
version: 2.27.5

Armory

Armory Front50 - 2.27.4…2.27.5

chore(cd): update base service version to front50:2022.08.17.22.13.34.release-1.27.x (#448)
chore(cd): update base service version to front50:2022.09.12.22.11.40.release-1.27.x (#454)

Armory Kayenta - 2.27.4…2.27.5

Terraformer™ - 2.27.4…2.27.5

Updating up to 1.3.5 tf version (#480)
fix(log): calling remote logging asynchronously (#471) (#486)

Armory Clouddriver - 2.27.4…2.27.5

chore(cd): update base service version to clouddriver:2022.09.27.19.40.03.release-1.27.x (#724)
chore(cd): update base service version to clouddriver:2022.11.17.17.20.07.release-1.27.x (#741)
chore(cd): update base service version to clouddriver:2022.11.18.20.27.41.release-1.27.x (#744)
chore(cd): update base service version to clouddriver:2022.11.29.22.19.50.release-1.27.x (#751)

Armory Echo - 2.27.4…2.27.5

chore(cd): update base service version to echo:2022.11.18.20.17.06.release-1.27.x (#499)
chore(cd): update base service version to echo:2022.11.29.21.47.09.release-1.27.x (#503)

Armory Gate - 2.27.4…2.27.5

chore(cd): update base service version to gate:2022.11.18.20.16.26.release-1.27.x (#487)
chore(cd): update base service version to gate:2022.11.29.21.50.55.release-1.27.x (#491)
chore(cd): update base service version to gate:2022.12.01.19.38.20.release-1.27.x (#493)

Dinghy™ - 2.27.4…2.27.5

Armory Igor - 2.27.4…2.27.5

chore(cd): update base service version to igor:2022.11.02.03.23.43.release-1.27.x (#374)
chore(cd): update base service version to igor:2022.11.18.20.16.38.release-1.27.x (#379)
fix: NoSuchMethodError exception in JenkinsClient. (#377) (#386)
chore(cd): update base service version to igor:2022.11.29.21.52.13.release-1.27.x (#389)

Armory Deck - 2.27.4…2.27.5

chore(cd): update base deck version to 2022.0.0-20221021162941.release-1.27.x (#1263)
chore(cd): update base deck version to 2022.0.0-20221129214343.release-1.27.x (#1278)

Armory Orca - 2.27.4…2.27.5

chore(cd): update base orca version to 2022.11.02.03.24.06.release-1.27.x (#534)
chore(cd): update base orca version to 2022.11.08.07.29.37.release-1.27.x (#537)
chore(cd): update base orca version to 2022.11.08.22.28.13.release-1.27.x (#540)
chore(cd): update base orca version to 2022.11.18.19.16.45.release-1.27.x (#549)
chore(cd): update base orca version to 2022.11.18.20.23.15.release-1.27.x (#550)
chore(cd): update base orca version to 2022.11.21.16.32.20.release-1.27.x (#553)
chore(cd): update base orca version to 2022.11.23.15.54.32.release-1.27.x (#556)

Armory Rosco - 2.27.4…2.27.5

chore(cd): update base service version to rosco:2022.11.23.15.48.46.release-1.27.x (#467)
chore(cd): update base service version to rosco:2022.11.29.21.53.45.release-1.27.x (#471)
chore(cd): update base service version to rosco:2022.12.08.21.13.25.release-1.27.x (#475)

Armory Fiat - 2.27.4…2.27.5

Spinnaker

Spinnaker Front50 - 1.27.3

chore(dependencies): Autobump fiatVersion (#1154)
fix(updateTs): missing updateTs field in the get pipeline history’s response. (backport #1159) (#1161)

Spinnaker Kayenta - 1.27.3

Spinnaker Clouddriver - 1.27.3

fix(core): Remove payload data from logs (#5784) (#5788)
fix(kubernetes): teach KubernetesManifest to support kubernetes resources where the spec is not a map (#5814) (#5816)
chore(dependencies): Autobump fiatVersion (#5820)
chore(dependencies): Autobump spinnakerGradleVersion (#5819) (#5826)

Spinnaker Echo - 1.27.3

chore(dependencies): Autobump fiatVersion (#1216)
chore(dependencies): Autobump spinnakerGradleVersion (#1215) (#1221)

Spinnaker Gate - 1.27.3

chore(dependencies): Autobump fiatVersion (#1586)
chore(dependencies): Autobump spinnakerGradleVersion (#1585) (#1591)
chore(gha): bump versions of github actions (#1594)

Spinnaker Igor - 1.27.3

feat(jenkins): Stop Jenkins job when job name has slashes in the job name (backport #1038) (#1051)
chore(dependencies): Autobump fiatVersion (#1056)
chore(dependencies): Autobump spinnakerGradleVersion (#1055) (#1060)

Spinnaker Deck - 1.27.3

fix(links): update link to spinnaker release changelog (#9897) (#9898)
chore(dependencies): Autobump spinnakerGradleVersion (#9916) (#9925)

Spinnaker Orca - 1.27.3

feat(igor): Stop Jenkins job when job name has slashes in the job name (backport #4294) (#4320)
fix(stageExecution): In evaluable variable stage restart scenario variables are not cleaned properly (#16) (backport #4307) (#4325)
fix(stage): Resource requests on custom stage | Error: got “map”, expected “string…” (backport #4295) (#4329)
fix(tasks): Fix MonitorKayentaCanaryTask on results data map (#4312) (#4338)
chore(dependencies): Autobump fiatVersion (#4341)
chore(dependencies): Autobump spinnakerGradleVersion (#4337) (#4344)
feat(bakery): Clean up cached data created by Rosco. (#4323) (#4349)

Spinnaker Rosco - 1.27.3

feat(bakery): Clean up cached data created by Rosco. (#912) (#920)
chore(dependencies): Autobump spinnakerGradleVersion (#917) (#924)
Merge pull request from GHSA-wqq8-664f-54hh

Spinnaker Fiat - 1.27.3

Continuous-Deployment: v2.28.2 Armory Continuous Deployment Release (Spinnaker™ v1.28.4)

Mon, 09 Jan 2023 00:00:00 +0000

2023/01/09 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Armory Operator version

To install, upgrade, or configure Armory 2.28.2, use Armory Operator 1.70 or later.

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

MySQL Permission Repository error in 2.28.1-2.28.4

Workaround: Use Redis backend, 2.28.0, 2.28.5+

Affected versions: Armory CD 2.28.1-2.28.4

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Git Artifact Constraint Trigger

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

When Auth Z is enabled, Access Denied on deployments using accounts that have empty permissions

Workaround:

Users can add roles to the accounts in FIAT that are affected, even “dummy” roles.

See the How to Audit for Empty Roles in FIAT using Redis/MySQL KB article for how to locate affected user accounts, service accounts, or service principals.

Customers can also now upgrade to Armory CD 2.28.4, which resolves this known issue

Affected versions: Armory CD 2.28.0-2.28.3

Application Attributes section displays “This Application has not been configured”

Affected versions: Armory CD 2.28.0

Google App Engine account authentication

Workaround:

2.28.X or later: Replace the Clouddriver image in 2.28 with the Armory Clouddriver 2.27 image

1.28.X or later: Replace the Clouddriver image in 1.28 with the OSS Clouddriver 1.27 image

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Early access

Pipelines-as-Code multi-branch enhancement

Enhanced BitBucket Server pull request handling

Terraform template fix

Armory fixed an issue with SpEL expression failures appearing while using Terraformer to serialize data from a Terraform Plan execution. With this feature flag fix enabled, you will be able to use the Terraform template file provider. Please open a support ticket if you need this fix.

Highlighted updates

General fixes

Duplicate Pipelines: Addressed an issue where Spinnaker users were ending up with duplicate pipelines when using pipelines as code.
Jenkins Backlinks: Fixed an issue where Igor was failing when Jenkins backlinks were enabled.
Manual Judgment: Improved the logic around restart scenarios when executing a manual judgment.

Spinnaker community contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.4 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 960c72d1e7e7b9e857d94af9731c3441426ee073
version: 2.28.2
deck:
commit: dd17c153eaf117ab7990c11182a6bdc887d020f9
version: 2.28.2
dinghy:
commit: c4ed5b19dbcfefe8dea14cdff7df9a8ab540eba3
version: 2.28.2
echo:
commit: 6d4e4ae054b7a13050a1d271b3c771a790e27fc6
version: 2.28.2
fiat:
commit: 48c8759b0878fd1b86b91dae9ee288afcf03dd39
version: 2.28.2
front50:
commit: fab8841982330e7537629c9f24f41205cd5863fd
version: 2.28.2
gate:
commit: 65bdd30238312bbca2dce613825eda7ae88f1dfa
version: 2.28.2
igor:
commit: 61ce26babfcd0bdf62872c24e707ca5b5371a381
version: 2.28.2
kayenta:
commit: 6004bfd90ad2e4fa9b02dddc26253210b8aa3a3c
version: 2.28.2
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 76fe72a46566bb404eb4db4c842ecb0775c546bf
version: 2.28.2
rosco:
commit: 945f21dec252da7dd2e00c8d23a1687aa3b9841a
version: 2.28.2
terraformer:
commit: 0d18998cb4790dd4857d79e318d873450bd5975d
version: 2.28.2
timestamp: "2022-12-15 10:58:49"
version: 2.28.2

Armory

Armory Clouddriver - 2.28.1…2.28.2

chore(cd): update base service version to clouddriver:2022.11.17.17.21.13.release-1.28.x (#742)
chore(cd): update base service version to clouddriver:2022.11.25.21.33.33.release-1.28.x (#750)
chore(cd): update base service version to clouddriver:2022.11.29.21.59.34.release-1.28.x (#752)

Armory Fiat - 2.28.1…2.28.2

chore(cd): update base service version to fiat:2022.11.21.16.27.25.release-1.28.x (#411)

Armory Deck - 2.28.1…2.28.2

chore(cd): update base deck version to 2022.0.0-20221129214415.release-1.28.x (#1279)
chore(cd): update base deck version to 2022.0.0-20221206152435.release-1.28.x (#1282)
style(logo): Changed Armory logo (#1264) (#1265)

Armory Echo - 2.28.1…2.28.2

chore(cd): update base service version to echo:2022.11.29.21.47.23.release-1.28.x (#504)
chore(cd): update base service version to echo:2022.12.06.19.49.37.release-1.28.x (#507)

Dinghy™ - 2.28.1…2.28.2

Updated oss dinghy version to v0.0.0-20221021170743-d8697fabf1e8 (#475)

Armory Gate - 2.28.1…2.28.2

chore(cd): update base service version to gate:2022.10.19.18.23.12.release-1.28.x (#480)
chore(cd): update base service version to gate:2022.10.19.20.00.40.release-1.28.x (#481)
fix(header): update plugins.json with newest header version (backport #482) (#483)
revert(header): update plugins.json with newest header version (#484) (#485)
chore(cd): update base service version to gate:2022.11.29.21.51.30.release-1.28.x (#492)

Armory Igor - 2.28.1…2.28.2

fix: NoSuchMethodError exception in JenkinsClient. (#377) (#387)
chore(cd): update base service version to igor:2022.11.29.21.52.31.release-1.28.x (#390)

Terraformer™ - 2.28.1…2.28.2

Updating TF versions up to 1.3.4 (#478)
fix(log): calling remote logging asynchronously (#471) (#485)
fix(versions): Sets version constraints for kubectl & aws-iam-authent… (#487) (#489)

Armory Kayenta - 2.28.1…2.28.2

Armory Front50 - 2.28.1…2.28.2

chore(cd): update base service version to front50:2022.11.29.21.48.45.release-1.28.x (#472)

Armory Orca - 2.28.1…2.28.2

chore(cd): update base orca version to 2022.11.18.19.16.39.release-1.28.x (#548)
chore(cd): update base orca version to 2022.11.21.16.33.46.release-1.28.x (#552)
chore(cd): update base orca version to 2022.11.23.15.55.22.release-1.28.x (#557)

Armory Rosco - 2.28.1…2.28.2

chore(cd): update base service version to rosco:2022.11.23.15.48.41.release-1.28.x (#468)
chore(cd): update base service version to rosco:2022.11.29.21.53.24.release-1.28.x (#470)
chore(cd): update base service version to rosco:2022.12.08.21.17.26.release-1.28.x (#474)

Spinnaker

Spinnaker Clouddriver - 1.28.4

fix(kubernetes): teach KubernetesManifest to support kubernetes resources where the spec is not a map (#5814) (#5817)
fix(artifacts/bitbuket): added ACCEPT Header when using token auth (#5813) (#5823)
chore(dependencies): Autobump spinnakerGradleVersion (#5819) (#5827)

Spinnaker Fiat - 1.28.4

fix(permissions): ensure lower case for resource name in fiat_permission and fiat_resource tables (backport #963) (#980)
fix(roles): Ensure account manager role is cached (backport #960) (#984)
fix: add migration to ensure consistency between resource_name in fiat_resource and fiat_permission tables (backport #964) (#978)
chore(dependencies): Autobump korkVersion (#986)
chore(dependencies): Autobump spinnakerGradleVersion (#989) (#994)

Spinnaker Deck - 1.28.4

chore(dependencies): Autobump spinnakerGradleVersion (#9916) (#9926)
feat(pipeline): added feature flag for pipeline when mj stage child (backport #9914) (#9920)

Spinnaker Echo - 1.28.4

chore(dependencies): Autobump spinnakerGradleVersion (#1215) (#1222)
feat(webhooks): Handle Bitbucket Server PR events (#1224)

Spinnaker Gate - 1.28.4

chore(dependencies): Autobump korkVersion (#1581)
chore(dependencies): Autobump fiatVersion (#1582)
chore(dependencies): Autobump spinnakerGradleVersion (#1585) (#1592)

Spinnaker Igor - 1.28.4

chore(dependencies): Autobump spinnakerGradleVersion (#1055) (#1061)

Spinnaker Kayenta - 1.28.4

Spinnaker Front50 - 1.28.4

chore(dependencies): Autobump korkVersion (#1170)
chore(dependencies): Autobump fiatVersion (#1171)
fix(pipelines): prevent from creating duplicated pipelines (#1172) (#1174)
chore(dependencies): Autobump spinnakerGradleVersion (#1177) (#1183)

Spinnaker Orca - 1.28.4

fix(tasks): Fix MonitorKayentaCanaryTask on results data map (#4312) (#4339)
chore(dependencies): Autobump spinnakerGradleVersion (#4337) (#4345)
feat(bakery): Clean up cached data created by Rosco. (#4323) (#4350)

Spinnaker Rosco - 1.28.4

feat(bakery): Clean up cached data created by Rosco. (#912) (#921)
chore(dependencies): Autobump spinnakerGradleVersion (#917) (#925)
Merge pull request from GHSA-wqq8-664f-54hh

Continuous-Deployment: v2.28.1 Armory Continuous Deployment Release (Spinnaker™ v1.28.1)

Wed, 23 Nov 2022 00:00:00 +0000

2022/11/17 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.28.1, use one of the following tools:

Armory Operator 1.6.0 or later

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Git Artifact Constraint Trigger

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Known issues

When Auth Z is enabled, Access Denied on deployments using accounts that have empty permissions

Workaround:

Users can add roles to the accounts in FIAT that are affected, even “dummy” roles.

See the How to Audit for Empty Roles in FIAT using Redis/MySQL KB article for how to locate affected user accounts, service accounts, or service principals.

Customers can also now upgrade to Armory CD 2.28.4, which resolves this known issue

Affected versions: Armory CD 2.28.0-2.28.3

MySQL Permission Repository error in 2.28.1-2.28.4

Workaround: Use Redis backend, 2.28.0, 2.28.5+

Affected versions: Armory CD 2.28.1-2.28.4

Application Attributes section displays “This Application has not been configured”

Affected versions: Armory CD 2.28.0

Google App Engine account authentication

Workaround:

2.28.X or later: Replace the Clouddriver image in 2.28 with the Armory Clouddriver 2.27 image

1.28.X or later: Replace the Clouddriver image in 1.28 with the OSS Clouddriver 1.27 image

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Highlighted updates

Terraform 0.12 Now Supported - Restored support for Terraform 0.12 in version 2.28.1.
Update for Kubernetes v2 provider accounts that use the aws-iam-authenticator - Fixed failures for the Kubernetes V2 provider accounts that still use client.authentication.k8s.io/v1alpha1. This bug was introduced in 2.28.0.
Dinghy Vault Passwords - Fixed an issue where Dinghy fails to start when Vault password contain an exclamation point.
Revision History Display - Addressed an issue where the revision history was not showing the timestamp of the revision.
Automated Triggers Permissions - Fixed an issue where permissions defined under “Automated Triggers” become empty after a triggered pipeline update.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.28.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 9216f0fae587d3af14ed41fb9f21e9195b30c269
version: 2.28.1
deck:
commit: bd4fb67ec81c5e201b31b4e3e7829dff93476580
version: 2.28.1
dinghy:
commit: fc867f05b41e5e2756c42990b576341973e96276
version: 2.28.1
echo:
commit: 010bdc55d57c1000ef93f826204e6ccf54f6f6e7
version: 2.28.1
fiat:
commit: fce52482097b606389328d25d220be5eaaddab21
version: 2.28.1
front50:
commit: 1e5d3a5dfce38d26f809dee107d8145c00caa27e
version: 2.28.1
gate:
commit: 2b2b668ac5d4cbf126190baf450116de6aa0aa4a
version: 2.28.1
igor:
commit: e7e01c998423941507a7322e6891ea6e95a16792
version: 2.28.1
kayenta:
commit: 6004bfd90ad2e4fa9b02dddc26253210b8aa3a3c
version: 2.28.1
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 583b59cfcea93cce9b221509d0d4ec03a9487939
version: 2.28.1
rosco:
commit: 88567fc0c710c63b2093fc95e674052314978250
version: 2.28.1
terraformer:
commit: bb576e57561db2d957c25e00992e24f53a223bd5
version: 2.28.1
timestamp: "2022-11-10 18:20:57"
version: 2.28.1

Armory

Armory Fiat - 2.28.0…2.28.1

chore(cd): update base service version to fiat:2022.08.03.03.06.22.release-1.28.x (#385)

Armory Front50 - 2.28.0…2.28.1

chore(cd): update base service version to front50:2022.08.02.17.26.34.release-1.28.x (#439)
chore(cd): update base service version to front50:2022.08.17.00.43.53.release-1.28.x (#446)
chore(cd): update base service version to front50:2022.08.19.03.09.32.release-1.28.x (#449)
chore(cd): update base service version to front50:2022.09.12.22.11.46.release-1.28.x (#453)

Armory Gate - 2.28.0…2.28.1

chore(cd): update base service version to gate:2022.08.03.03.06.50.release-1.28.x (#466)
chore(cd): update base service version to gate:2022.08.19.03.10.44.release-1.28.x (#472)

Armory Igor - 2.28.0…2.28.1

chore(cd): update base service version to igor:2022.08.03.03.06.44.release-1.28.x (#355)
chore(cd): update base service version to igor:2022.08.19.03.10.49.release-1.28.x (#363)
chore(cd): update base service version to igor:2022.10.19.18.22.51.release-1.28.x (#372)
chore(cd): update base service version to igor:2022.10.19.19.58.28.release-1.28.x (#373)
chore(cd): update base service version to igor:2022.11.02.03.23.29.release-1.28.x (#375)

Armory Kayenta - 2.28.0…2.28.1

chore(cd): update base service version to kayenta:2022.08.03.03.06.40.release-1.28.x (#352)
chore(cd): update base service version to kayenta:2022.08.19.04.13.29.release-1.28.x (#358)

Armory Orca - 2.28.0…2.28.1

chore(cd): update base orca version to 2022.08.03.03.09.59.release-1.28.x (#506)
chore(cd): update base orca version to 2022.08.19.03.19.08.release-1.28.x (#514)
Revert “feat(iam): aws mysql jdbc (#449) (#464)” (#516)
chore(cd): update base orca version to 2022.10.19.20.11.38.release-1.28.x (#531)
chore(cd): update base orca version to 2022.10.19.20.47.46.release-1.28.x (#532)
chore(cd): update base orca version to 2022.11.02.03.24.15.release-1.28.x (#535)
chore(cd): update base orca version to 2022.11.08.07.29.46.release-1.28.x (#536)
chore(cd): update base orca version to 2022.11.08.17.42.51.release-1.28.x (#539)

Armory Rosco - 2.28.0…2.28.1

chore(cd): update base service version to rosco:2022.08.03.03.02.12.release-1.28.x (#440)
chore(cd): update base service version to rosco:2022.08.23.02.26.09.release-1.28.x (#446)
chore(cd): update base service version to rosco:2022.08.23.15.48.11.release-1.28.x (#447)
chore(cd): update base service version to rosco:2022.10.19.18.21.29.release-1.28.x (#452)

Terraformer™ - 2.28.0…2.28.1

chore(tf_versions): Adding TF versions 1.1.x 1.2.x and missing patch versions (backport #472) (#473)
fix(versions): Rollback removal of .12 versions from 2.28 release (#476)

Armory Deck - 2.28.0…2.28.1

chore(cd): update base deck version to 2022.0.0-20221006145341.release-1.28.x (#1259)
chore(cd): update base deck version to 2022.0.0-20221021162854.release-1.28.x (#1262)
chore(cd): update base deck version to 2022.0.0-20221108072118.release-1.28.x (#1269)
chore(cd): update base deck version to 2022.0.0-20221108195439.release-1.28.x (#1271)

Armory Clouddriver - 2.28.0…2.28.1

chore(aws-iam): Updating aws-iam-authenticator to 0.5.9 due to CVE-2022-2385 (backport #692) (#696)
chore(cd): update base service version to clouddriver:2022.08.03.03.18.32.release-1.28.x (#701)
chore(cd): update base service version to clouddriver:2022.08.19.03.29.51.release-1.28.x (#709)
chore(cd): update base service version to clouddriver:2022.09.27.19.40.20.release-1.28.x (#723)
chore(cd): update base service version to clouddriver:2022.10.19.18.30.22.release-1.28.x (#728)
chore(cd): update base service version to clouddriver:2022.10.19.20.15.01.release-1.28.x (#729)
chore(cd): update base service version to clouddriver:2022.11.01.18.09.15.release-1.28.x (#733)
chore(cd): update base service version to clouddriver:2022.11.02.20.03.48.release-1.28.x (#738)

Dinghy™ - 2.28.0…2.28.1

Armory Echo - 2.28.0…2.28.1

chore(cd): update base service version to echo:2022.08.03.03.06.27.release-1.28.x (#481)
chore(cd): update base service version to echo:2022.08.19.03.10.53.release-1.28.x (#488)
chore(cd): update base service version to echo:2022.10.19.18.23.43.release-1.28.x (#496)
chore(cd): update base service version to echo:2022.10.19.19.59.13.release-1.28.x (#497)

Spinnaker

Spinnaker Fiat - 1.28.1

chore(dockerfile): upgrade to latest alpine image (#967) (#969)

Spinnaker Front50 - 1.28.1

fix: Revision history is not showing the timestamp of the revision (backport #1142) (#1147)
chore(dockerfile): upgrade to latest alpine image (backport #1151) (#1153)
chore(dependencies): Autobump fiatVersion (#1155)
fix(updateTs): missing updateTs field in the get pipeline history’s response. (backport #1159) (#1162)

Spinnaker Gate - 1.28.1

chore(dockerfile): upgrade to latest alpine image (#1564) (#1566)
chore(dependencies): Autobump fiatVersion (#1570)

Spinnaker Igor - 1.28.1

chore(dockerfile): upgrade to latest alpine image (#1030) (#1032)
chore(dependencies): Autobump fiatVersion (#1037)
chore(dependencies): Autobump korkVersion (#1047)
chore(dependencies): Autobump fiatVersion (#1048)
feat(jenkins): Stop Jenkins job when job name has slashes in the job name (backport #1038) (#1052)

Spinnaker Kayenta - 1.28.1

chore(dockerfile): upgrade to latest alpine image (#900) (#902)
chore(dependencies): Autobump orcaVersion (#905)

Spinnaker Orca - 1.28.1

chore(dockerfile): upgrade to latest alpine image (#4284) (#4286)
chore(dependencies): Autobump fiatVersion (#4293)
chore(dependencies): Autobump fiatVersion (#4315)
chore(dependencies): Autobump korkVersion (#4314)
feat(igor): Stop Jenkins job when job name has slashes in the job name (backport #4294) (#4321)
fix(stageExecution): In evaluable variable stage restart scenario variables are not cleaned properly (#16) (backport #4307) (#4326)
fix(stage): Resource requests on custom stage | Error: got “map”, expected “string…” (backport #4295) (#4328)

Spinnaker Rosco - 1.28.1

chore(dockerfile): upgrade to latest alpine image (backport #894) (#896)
fix(install): Fixed bugs in postInstall script that causes installation to fail on Ubuntu 20.04 and 22.04 LTS (#899) (#901)
chore(ci): Upload halconfigs to GCS on Tag push (#873) (#902)
chore(dependencies): Autobump korkVersion (#908)

Spinnaker Deck - 1.28.1

fix(core): Do not set static document base URL (#9890) (#9891)
fix(search): Error thrown when search version 2 is enabled (#9888) (#9889)
fix(links): update link to spinnaker release changelog (#9897) (#9899)
perf(pipelinegraph): Improve the performance of the pipeline graph rendering (backport #9871) (#9906)
Fix(core/pipelines): Fix syntax error on ui-select causing stage configuration to not load (backport #9886) (#9908)

Spinnaker Clouddriver - 1.28.1

chore(dockerfile): upgrade to latest alpine image (#5758) (#5760)
chore(dependencies): Autobump fiatVersion (#5771)
fix(core): Remove payload data from logs (#5784) (#5789)
chore(dependencies): Autobump korkVersion (#5801)
chore(dependencies): Autobump fiatVersion (#5802)
chore(configserver): use version 0.14.2 of com.github.wnameless.json:json-flattener (#5804) (#5805)
fix(appengine): Fixes app engine credentials repo (#5807) (#5808)

Spinnaker Echo - 1.28.1

chore(dockerfile): upgrade to latest alpine image (#1193) (#1195)
chore(dependencies): Autobump fiatVersion (#1199)
chore(dependencies): Autobump korkVersion (#1211)
chore(dependencies): Autobump fiatVersion (#1212)

Continuous-Deployment: v2.27.4 Armory Continuous Deployment Release (Spinnaker™ v1.27.1)

Fri, 02 Sep 2022 00:00:00 +0000

2022/09/02 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.27.4, use one of the following tools:

Armory Operator 1.6.0 or later

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Known issues

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Highlighted updates

Echo

Fixed an issue to address the fact that Manual Slack notifications were not working.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.27.1 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: a6a2b412958bd3d5555dc74190df86ab2c4fb5a5
version: 2.27.4
deck:
commit: 1b08ce5370fd95b9c4647734c36df71d729a386a
version: 2.27.4
dinghy:
commit: ee2e7f8b9778741dae1a5571cb47ac6c76c51d81
version: 2.27.4
echo:
commit: 749433b28e8c8724b00c7f853736296c06b7eaa9
version: 2.27.4
fiat:
commit: 9d615d351b220ea846e3c31890ecea7757fe40f4
version: 2.27.4
front50:
commit: a05405308878a6278522793b0d55f0f8a06cb6a5
version: 2.27.4
gate:
commit: 0aa1dac24a046fa8ff37b7cdd6edb704a16b215c
version: 2.27.4
igor:
commit: cb18ff7fe94fca85ab546b4304cb9fa9ce380b69
version: 2.27.4
kayenta:
commit: 08b8f4656b4f6285ae5b0a5577ab10f6c50ba8ec
version: 2.27.4
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: fc9593f3c4da98fa8c7f6753598a75f4ea19a49c
version: 2.27.4
rosco:
commit: eec2780305426ba8c38bcf599176a00b138b96cf
version: 2.27.4
terraformer:
commit: 53c9f50a991a3f102e14a103340c3eea5c9ef982
version: 2.27.4
timestamp: "2022-08-31 20:17:03"
version: 2.27.4

Armory

Armory Front50 - 2.27.3…2.27.4

chore(cd): update armory-commons version to 3.10.3 (#361)
chore(cd): update base service version to front50:2022.03.21.23.23.18.release-1.27.x (#383)
chore(cd): update armory-commons version to 3.10.6 (#382)
chore(action): auto approve astrolabe pr (#370) (#388)
chore(cd): update base service version to front50:2022.04.01.23.12.01.release-1.27.x (#395)
chore(cd): update base service version to front50:2022.04.01.23.40.50.release-1.27.x (#396)
chore(cd): update base service version to front50:2022.04.02.22.05.00.release-1.27.x (#397)
feat(iam): use aws-mysql-jdbc (#392)
chore(cd): update base service version to front50:2022.04.26.16.43.34.release-1.27.x (#412)
chore(cd): update base service version to front50:2022.04.26.21.25.40.release-1.27.x (#413)
chore(cd): update base service version to front50:2022.04.27.05.02.01.release-1.27.x (#416)
chore(cd): update base service version to front50:2022.04.27.05.12.28.release-1.27.x (#417)
chore(dockerfile): upgrade to latest alpine image (backport #434) (#435)
chore(cd): update base service version to front50:2022.08.02.17.26.31.release-1.27.x (#438)
chore(cd): update armory-commons version to 3.10.7 (#440)
chore(cd): update base service version to front50:2022.08.17.00.43.57.release-1.27.x (#447)

Terraformer™ - 2.27.3…2.27.4

Armory Clouddriver - 2.27.3…2.27.4

chore(action): auto approve prs with extensionDependencyUpdate label (#558) (#566)
chore(cd): update armory-commons version to 3.10.4 (#570)
fix(idmsv2): Bump aws-iam-authenticator (backport #563) (#575)
fix(aws-iam-authenticator): Rollback authenticator (#578)
chore(cd): update armory-commons version to 3.10.5 (#583)
chore(cd): update armory-commons version to 3.10.6 (#585)
feat(iam): use aws-mysql-jdbc (#586)
chore(cd): update base service version to clouddriver:2022.03.21.18.41.11.release-1.27.x (#587)
chore(cd): update base service version to clouddriver:2022.03.21.23.37.45.release-1.27.x (#589)
chore(cd): update base service version to clouddriver:2022.04.01.23.17.01.release-1.27.x (#595)
chore(cd): update base service version to clouddriver:2022.04.01.23.52.01.release-1.27.x (#596)
chore(cd): update base service version to clouddriver:2022.04.02.21.55.39.release-1.27.x (#597)
chore(cd): update base service version to clouddriver:2022.04.02.22.21.08.release-1.27.x (#598)
chore(cd): update base service version to clouddriver:2022.04.12.02.55.01.release-1.27.x (#607)
chore(kubectl): Updating kubectl version to 1.20.6 (backport #608) (#610)
fix(jvm): Update base image to 3.14 (#615)
fix(aws-iam-authenticator): Fixes to use a version that figures out API contract (#619)
chore(cd): update base service version to clouddriver:2022.04.26.15.11.43.release-1.27.x (#626)
chore(cd): update base service version to clouddriver:2022.04.26.21.09.12.release-1.27.x (#628)
chore(cd): update base service version to clouddriver:2022.04.27.03.49.36.release-1.27.x (#632)
chore(cd): update base service version to clouddriver:2022.04.27.05.17.29.release-1.27.x (#635)
chore(gradle): removing spinnaker gradle fix version (backport #647) (#659)
chore(cd): update base service version to clouddriver:2022.05.17.15.06.27.release-1.27.x (#650)
chore(cd): update base service version to clouddriver:2022.07.07.18.30.50.release-1.27.x (#686)
chore(dockerfile): upgrade to latest alpine image (#689) (#690)
chore(aws-iam): Updating aws-iam-authenticator to 0.5.9 due to CVE-2022-2385 (backport #692) (#695)
chore(cd): update base service version to clouddriver:2022.08.03.03.18.27.release-1.27.x (#700)
chore(cd): update armory-commons version to 3.10.7 (#704)
chore(cd): update base service version to clouddriver:2022.08.17.22.35.25.release-1.27.x (#708)

Armory Echo - 2.27.3…2.27.4

chore(action): auto approve prs from astrolabe (#423) (#426)
chore(cd): update armory-commons version to 3.10.4 (#431)
chore(cd): update armory-commons version to 3.10.5 (#436)
chore(cd): update armory-commons version to 3.10.6 (#438)
chore(cd): update base service version to echo:2022.03.21.15.46.42.release-1.27.x (#439)
chore(cd): update base service version to echo:2022.03.21.23.22.58.release-1.27.x (#440)
chore(cd): update base service version to echo:2022.04.01.23.11.12.release-1.27.x (#444)
chore(cd): update base service version to echo:2022.04.01.23.39.52.release-1.27.x (#445)
chore(cd): update base service version to echo:2022.04.26.16.16.02.release-1.27.x (#454)
chore(cd): update base service version to echo:2022.04.27.04.40.11.release-1.27.x (#461)
chore(cd): update base service version to echo:2022.08.03.03.06.31.release-1.27.x (#479)
chore(cd): update armory-commons version to 3.10.7 (#483)
chore(cd): update base service version to echo:2022.08.17.22.13.30.release-1.27.x (#487)

Dinghy™ - 2.27.3…2.27.4

Armory Gate - 2.27.3…2.27.4

chore(action): auto approve astrolabe pr (#398) (#400)
chore(cd): update armory-commons version to 3.10.4 (#405)
chore(cd): update armory-commons version to 3.10.5 (#410)
chore(cd): update armory-commons version to 3.10.6 (#412)
chore(cd): update base service version to gate:2022.03.21.23.23.37.release-1.27.x (#413)
chore(cd): update base service version to gate:2022.04.01.23.16.01.release-1.27.x (#418)
chore(cd): update base service version to gate:2022.04.01.23.57.37.release-1.27.x (#419)
chore(cd): update base service version to gate:2022.04.26.16.46.41.release-1.27.x (#430)
chore(cd): update base service version to gate:2022.04.26.21.21.22.release-1.27.x (#431)
chore(cd): update base service version to gate:2022.04.27.05.09.59.release-1.27.x (#434)
chore(cd): update base service version to gate:2022.04.27.05.20.10.release-1.27.x (#437)
chore(release): Backport header fix to 2.27.x release (backport #454) (#455)
fix(perf): upgrade alpine version to resolve perf in GCP (backport #457) (#458)
fix(header): set header version for this release (#460)
chore(cd): update base service version to gate:2022.08.03.03.06.55.release-1.27.x (#465)
chore(cd): update armory-commons version to 3.10.7 (#467)
chore(cd): update base service version to gate:2022.08.17.22.14.22.release-1.27.x (#471)

Armory Igor - 2.27.3…2.27.4

chore(action): auto approve astrolabe pr (#299) (#302)
chore(cd): update armory-commons version to 3.10.4 (#307)
chore(cd): update armory-commons version to 3.10.5 (#312)
chore(cd): update armory-commons version to 3.10.6 (#314)
chore(cd): update base service version to igor:2022.03.21.18.42.32.release-1.27.x (#315)
chore(cd): update base service version to igor:2022.03.21.23.23.58.release-1.27.x (#316)
chore(cd): update base service version to igor:2022.04.01.23.35.50.release-1.27.x (#320)
chore(cd): update base service version to igor:2022.04.02.02.50.48.release-1.27.x (#321)
chore(cd): update base service version to igor:2022.04.26.16.43.20.release-1.27.x (#331)
chore(cd): update base service version to igor:2022.04.26.21.21.16.release-1.27.x (#332)
chore(cd): update base service version to igor:2022.04.27.05.23.46.release-1.27.x (#333)
chore(cd): update base service version to igor:2022.04.27.05.30.34.release-1.27.x (#335)
chore(dockerfile): upgrade to latest alpine image (#348) (#349)
chore(cd): update base service version to igor:2022.08.03.03.04.08.release-1.27.x (#356)
chore(cd): update armory-commons version to 3.10.7 (#359)
chore(cd): update base service version to igor:2022.08.17.22.13.26.release-1.27.x (#361)

Armory Deck - 2.27.3…2.27.4

Armory Fiat - 2.27.3…2.27.4

chore(action): auto approve astrolabe prs (#318) (#321)
chore(cd): update armory-commons version to 3.10.4 (#327)
chore(cd): update armory-commons version to 3.10.5 (#331)
chore(cd): update armory-commons version to 3.10.6 (#332)
chore(cd): update base service version to fiat:2022.03.21.18.41.53.release-1.27.x (#333)
chore(cd): update base service version to fiat:2022.03.21.23.23.09.release-1.27.x (#334)
chore(cd): update base service version to fiat:2022.04.01.22.16.31.release-1.27.x (#342)
chore(cd): update base service version to fiat:2022.04.01.22.43.59.release-1.27.x (#343)
chore(cd): update base service version to fiat:2022.04.26.16.43.25.release-1.27.x (#353)
chore(cd): update base service version to fiat:2022.04.27.04.03.44.release-1.27.x (#357)
chore(cd): update base service version to fiat:2022.05.19.23.32.15.release-1.27.x (#367)
fix(build): pass version to nebula and remove devSnapshot publishing (backport #355) (#372)
chore(build): upgrade armory settings (backport #360) (#369)
chore(dockerfile): upgrade to latest alpine image (#378) (#379)
chore(cd): update base service version to fiat:2022.08.03.03.06.59.release-1.27.x (#386)
chore(cd): update armory-commons version to 3.10.7 (#387)

Armory Kayenta - 2.27.3…2.27.4

chore(cd): update base service version to kayenta:2022.04.27.05.41.49.release-1.27.x (#337)
chore(cd): update armory-commons version to 3.10.6 (#321)
chore(dockerfile): upgrade to latest alpine image (#345) (#346)
chore(cd): update base service version to kayenta:2022.08.03.03.06.36.release-1.27.x (#351)
chore(cd): update armory-commons version to 3.10.7 (#355)
chore(cd): update base service version to kayenta:2022.08.18.00.00.27.release-1.27.x (#357)

Armory Rosco - 2.27.3…2.27.4

chore(cd): update armory-commons version to 3.10.3 (#359)
chore(action): auto approve extensionDependency pr (#369) (#377)
chore(cd): update armory-commons version to 3.10.4 (#381)
chore(cd): update armory-commons version to 3.10.5 (#385)
chore(build): update mergify config (#343) (#388)
chore(cd): update armory-commons version to 3.10.6 (#390)
chore(cd): update base service version to rosco:2022.03.21.18.43.05.release-1.27.x (#391)
chore(cd): update base service version to rosco:2022.03.21.23.22.48.release-1.27.x (#392)
chore(cd): update base service version to rosco:2022.04.01.23.28.07.release-1.27.x (#396)
chore(cd): update base service version to rosco:2022.04.26.18.16.54.release-1.27.x (#404)
chore(cd): update base service version to rosco:2022.04.26.21.08.03.release-1.27.x (#406)
chore(cd): update base service version to rosco:2022.04.27.03.19.40.release-1.27.x (#411)
chore(build): remove platform build (#305)
chore(dockerfile): upgrade to latest alpine image (#428) (#430)
chore(cd): update armory-commons version to 3.10.7 (#439)
chore(cd): update base service version to rosco:2022.08.03.03.02.10.release-1.27.x (#441)
chore(cd): update base service version to rosco:2022.08.23.02.25.55.release-1.27.x (#445)

Armory Orca - 2.27.3…2.27.4

chore(action): auto approve astrolabe pr (#431) (#435)
chore(cd): update armory-commons version to 3.10.4 (#440)
chore(cd): update armory-commons version to 3.10.5 (#446)
chore(cd): update armory-commons version to 3.10.6 (#448)
chore(cd): update base orca version to 2022.03.21.15.48.11.release-1.27.x (#450)
chore(cd): update base orca version to 2022.03.21.18.42.54.release-1.27.x (#451)
chore(cd): update base orca version to 2022.04.01.23.40.45.release-1.27.x (#456)
chore(cd): update base orca version to 2022.04.01.23.57.41.release-1.27.x (#457)
chore(cd): update base orca version to 2022.04.02.02.36.54.release-1.27.x (#458)
feat(iam): aws mysql jdbc (#449)
chore(cd): update base orca version to 2022.04.26.17.16.24.release-1.27.x (#473)
chore(cd): update base orca version to 2022.04.26.21.22.29.release-1.27.x (#474)
chore(cd): update base orca version to 2022.04.27.05.38.47.release-1.27.x (#477)
chore(cd): update base orca version to 2022.04.27.05.53.30.release-1.27.x (#480)
chore(dockerfile): upgrade to latest alpine image (#495) (#496)
chore(cd): update base orca version to 2022.08.03.03.10.04.release-1.27.x (#505)
chore(cd): update armory-commons version to 3.10.7 (#508)
chore(cd): update base orca version to 2022.08.17.22.25.10.release-1.27.x (#513)
Revert(deps): “feat(iam): aws mysql jdbc” (#515)

Spinnaker

Spinnaker Front50 - 1.27.1

Spinnaker Clouddriver - 1.27.1

chore(ci): GHA - container image and apt package build & push (#5667)
chore(dependencies): Autobump korkVersion (#5630)
chore(dependencies): bump spinnakerGradleVersion (#936) (#5674)
chore(dependencies): Autobump fiatVersion (#5675)
fix(build): don’t bump the version of clouddriver in front50 (#5477) (#5676)
chore(dependencies): don’t create an autobump PR for halyard on a clouddriver release branch (#5677)
fix(kubernetes): Pin Debian Package version of kubectl as well (#5685) (#5686)
chore(ci): Upload halconfigs to GCS on Tag push (#5689) (#5693)
chore(dependencies): Autobump fiatVersion (#5695)
fix(ci): fetch previous tag from git instead of API (#5696) (#5698)
chore(ci): Mergify - merge Autobumps on release-* (#5697) (#5700)
chore(titus): limit protobuf to 3.17.3 (#5706) (#5712)
fix(caching): K8s cache affected when not enough permissions in service account (backport #5742) (#5745)
chore(dockerfile): upgrade to latest alpine image (#5758) (#5759)
chore(dependencies): Autobump fiatVersion (#5768)

Spinnaker Echo - 1.27.1

Spinnaker Gate - 1.27.1

Spinnaker Igor - 1.27.1

Spinnaker Deck - 1.27.1

Spinnaker Fiat - 1.27.1

chore(ci): GHA - container image and apt package build & push (#930)
chore(dependencies): Autobump korkVersion (#904)
feat(build): bump dependencies for the given branch (#934) (#935)
chore(dependencies): bump spinnakerGradleVersion (#936)
chore(ci): Upload halconfigs to GCS on Tag push (#940) (#943)
chore(dependencies): don’t create an autobump PR for halyard on a fiat release branch (#946)
fix(ci): fetch previous tag from git instead of API (#948) (#950)
chore(build): specify an artifact for bumpdeps to look for (backport #916) (#956)
chore(dockerfile): upgrade to latest alpine image (#967) (#968)

Spinnaker Kayenta - 1.27.1

chore(ci): GHA - container image and apt package build & push (#879)
chore(dependencies): bump spinnakerGradleVersion (#881)
chore(dependencies): Autobump orcaVersion (#882)
chore(ci): Upload halconfigs to GCS on Tag push (#884) (#885)
chore(dependencies): Autobump orcaVersion (#887)
fix(ci): fetch previous tag from git instead of API (#888) (#890)
chore(ci): Mergify - merge Autobumps on release-* (#889) (#892)
chore(dockerfile): upgrade to latest alpine image (#900) (#901)
chore(dependencies): Autobump orcaVersion (#904)

Spinnaker Rosco - 1.27.1

Spinnaker Orca - 1.27.1

fix(plugins-test): try harder for the version of versionNotSupportedPlugin to actually not be supported (#4236) (#4241)
chore(ci): GHA - container image and apt package build & push (#4240)
fix(discovery test): fixes admin controller test intermittent failures (#4202) (#4249)
feat(build): bump dependencies for the given branch (#4247) (#4248)
chore(dependencies): bump spinnakerGradleVersion (#4251)
chore(dependencies): Autobump fiatVersion (#4250)
chore(ci): Upload halconfigs to GCS on Tag push (#4256) (#4260)
chore(dependencies): Autobump fiatVersion (#4262)
fix(ci): fetch previous tag from git instead of API (#4263) (#4265)
chore(ci): Mergify - merge Autobumps on release-* (#4264) (#4267)
chore(dockerfile): upgrade to latest alpine image (#4284) (#4285)
chore(dependencies): Autobump fiatVersion (#4292)

Continuous-Deployment: v2.28.0 Armory Continuous Deployment Release (Spinnaker™ v1.28.0)

Wed, 20 Jul 2022 00:00:00 +0000

2022/07/20 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Operator version

To install, upgrade, or configure Armory 2.28.0, use one of the following tools:

Armory Operator 1.6.0 or later

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Orca requires RDBMS configured with UTF-8 encoding

This release includes a change from MySQL JDBC drivers to AWS drivers. We have seen this cause issues when the database is NOT in a utf8mb4 format.

Update Kubernetes v2 provider accounts that use the `aws-iam-authenticator`

Impact

With 2.28 of Spinnaker, we’ve updated the aws-iam-authenticator binary to a 0.5.5 release. Due to the fact that the default value of the apiVersion for the aws-iam-authenticator has changed strictly to client.authentication.k8s.io/v1beta1, you may experience failures for the Kubernetes V2 provider accounts that still use client.authentication.k8s.io/v1alpha1. To mitigate the authentication failures, update your relevant kubeconfigs to use client.authentication.k8s.io/v1beta1.

Introduced in: Armory CD 2.28.0

Update kubectl to 1.20

Impact

Introduced in: Armory CD 2.28.0

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Supported Terraform Versions

Armory removed support for older, non-supported versions of Terraform (older than 0.13).

Plugin Compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory CD 2.28.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Scale Agent for Spinnaker and Kubernetes Clouddriver Plugin	0.11.0
App Name	0.2.0
AWS Lambda	1.0.10
Evaluate Artifacts	0.1.1
External Accounts	0.3.0
Observability Plugin	1.3.1
Policy Engine	0.3.0

Known issues

When Auth Z is enabled, Access Denied on deployments using accounts that have empty permissions

Workaround:

Users can add roles to the accounts in FIAT that are affected, even “dummy” roles.

See the How to Audit for Empty Roles in FIAT using Redis/MySQL KB article for how to locate affected user accounts, service accounts, or service principals.

Customers can also now upgrade to Armory CD 2.28.4, which resolves this known issue

Affected versions: Armory CD 2.28.0-2.28.3

Application Attributes section displays “This Application has not been configured”

Affected versions: Armory CD 2.28.0

Google App Engine account authentication

Workaround:

2.28.X or later: Replace the Clouddriver image in 2.28 with the Armory Clouddriver 2.27 image

1.28.X or later: Replace the Clouddriver image in 1.28 with the OSS Clouddriver 1.27 image

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: Armory CD 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: Armory CD 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Highlighted updates

General Fixes

Added the ability to limit a specific pipeline from executing more than a certain number of instances in parallel by using a setting similar to the already available limitConcurrent setting.
Added support for cancelling Google Cloud Build Account.
To allow better customizations of CloseableHttpClient, adding HttpClientProperties as an additional property in UserConfiguredUrlRestrictions that we can use in HttpClientUtils. This will allow us to enable/disable retry options and configure other HttpClient options. For example, you will now be able to configure httpClientProperties.
When allowDeleteActive: true, then in the ShrinkCluster stage, disableCluster step is performed before shrinking the cluster.
The Google Cloud Platform RETRY_ERROR_CODES list is modified to include 429 , 503 error codes.
Updated account permission check to check for WRITE instead of EXECUTE because account permissions do not currently have EXECUTE defined as a potential permission type.
Refactor of launch template roll out config into its own class for reuse and readability.
Use new Github teams API as old one has been deprecated.
Prevent oauth2 redirect loops.
Transition restarted stages to NOT_STARTED so there is visual indication on Deck, and don’t allow multiple queuing of the same restarted stage
Bring back template validation messages in Deck.
Bump the JVM version used by all appropriate services to ensure all services are using the same JVM version.

Maximum Concurrent Pipeline Executions

Added support for max concurrent pipeline executions. If concurrent pipeline execution is enabled, pipelines will queue when the max concurrent pipeline executions is reached. Any queued pipelines will be allowed to run once the number of running pipeline executions drops below the max. If the max is set to 0, then pipelines will not queue.

Show Added to Terraform Integration Stage

There is a new Terraform action available as part of the Terraform Integration stage. This action is the equivalent of running the Terraform show command with Terraform. The JSON output from your planfile can be used in subsequent stages.

To use the stage, select Terraform for the stage type and Show as the action in the Stage Configuration UI. Note that the Show stage depends on your Plan stage. For more information, see Show Stage section in the Terraform Integration docs.

Terraform remote backends provided by Terraform Cloud and Terraform Enterprise

Terraform now supports remote backends provided by Terraform Cloud and Terraform Enterprise - see Remote Backends section in the Terraform Integration docs.

Clouddriver

Improvements to Docker Registry Account Management, including integration of Docker Registry Clouddriver accounts to take advantage of the new self-service on-boarding account management API.
Updated account management API to refactor some things in preparation for user secrets support along. Updated the type discriminator handling for account definitions.
Access to Bitbucket through token files without having to restart Clouddriver.
Added an experimental API for storing and loading account credentials definitions from an external durable store such as a SQL database. Secrets can be referenced through the existing Kork SecretEngine API which will be fetched on demand. Initial support is for Kubernetes accounts given the lack of existing Kubernetes cluster federation standards compared to other cloud providers, though this API is made generic to allow for other cloud provider APIs to participate in this system.
To extend the memory feature, a boolean flag is introduced in the validateInstanceType.
Added a Fiat configuration option for the Account Management API in Clouddriver for listing which roles are allowed to manage accounts in the API.

Performance

Fix in Lambda to remove parallel streams to improve performance.
Refactor(artifacts/s3) - share the AmazonS3 client in S3ArtifactCredentials across downloads instead of constructing a new one for each download. There is likely a performance win from this, but the primary motivation was to make it easier to test.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: adbe01b56d31389c9cad1274b894c740835c3834
version: 2.28.0
deck:
commit: 108847b83576abf24d437a0c89015a65f337ec54
version: 2.28.0
dinghy:
commit: 403640bc88ad42cc55105bff773408d5f845e49c
version: 2.28.0
echo:
commit: 488477dd85edfc6206337bb31f76892e641d1803
version: 2.28.0
fiat:
commit: 5728f3484b01459e9b246117cdfbb54f9d00768c
version: 2.28.0
front50:
commit: 1bc61a77916acf5bf7b13041005e730bdac8cd8e
version: 2.28.0
gate:
commit: 938dccc232f849bae4446376579a39755267904b
version: 2.28.0
igor:
commit: c10937f0110f81bd2f17dfea79bfbf01f53598a5
version: 2.28.0
kayenta:
commit: 7bfe2c300432c865f10f07985d81decb58b1ee48
version: 2.28.0
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 30ca83945081107105b9186461730988fabd11d5
version: 2.28.0
rosco:
commit: 36a55d07da5f25fc385e67922e35f387f13a6fb1
version: 2.28.0
terraformer:
commit: c3c07a7c4f09752409183f906fb9fa5458e7d602
version: 2.28.0
timestamp: "2022-07-19 18:54:16"
version: 2.28.0

Armory

Terraformer™ - 2.27.3…2.28.0

Armory Clouddriver - 2.27.3…2.28.0

Armory Rosco - 2.27.3…2.28.0

Armory Deck - 2.27.3…2.28.0

Armory Front50 - 2.27.3…2.28.0

Dinghy™ - 2.27.3…2.28.0

Armory Kayenta - 2.27.3…2.28.0

Armory Echo - 2.27.3…2.28.0

Armory Orca - 2.27.3…2.28.0

Armory Gate - 2.27.3…2.28.0

Armory Igor - 2.27.3…2.28.0

Armory Fiat - 2.27.3…2.28.0

Continuous-Deployment: v2.27.3 Armory Continuous Deployment Release (Spinnaker™ v1.27.0)

Fri, 11 Mar 2022 00:00:00 +0000

2022/03/11 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Operator version

To install, upgrade, or configure Armory 2.27.3, use one of the following tools:

Armory Operator 1.6.0 or later

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Known issues

The Deck minimize navbar button doesn’t work without refreshing the screen.

Affected versions: 2.27.x and later

Workaround:

Manually refresh your browser window.

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Highlighted updates

Cloud Foundry

Fixed an issue where Fiat crashed due to invalid Cloud Foundry accounts.
Performance optimization to reduce unnecessary api calls to Cloud Foundry during caching cycles.

Show Added to Terraform Integration Stage

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

artifactSources:
dockerRegistry: docker.io/armory
dependencies:
redis:
commit: null
version: 2:2.8.4-2
services:
clouddriver:
commit: 5eb6c8598e22a90ca6eb8c5d7dcb5daddeade04f
version: 2.27.3
deck:
commit: ea911f8927180bb5223f3c6149005568111ad294
version: 2.27.3
dinghy:
commit: ee2e7f8b9778741dae1a5571cb47ac6c76c51d81
version: 2.27.3
echo:
commit: aa794fa58437bbaae6b3f7c32f4844e5da937c92
version: 2.27.3
fiat:
commit: e285a77d97d73304e3a1f75fd67c736eac804a37
version: 2.27.3
front50:
commit: e60edec818a2c0633c9e809b1cca66a03e640d9a
version: 2.27.3
gate:
commit: f4f1b1c0511d7d20e948541eceb020112acc9f52
version: 2.27.3
igor:
commit: 97986b3554e3501507989335e73618a832357f71
version: 2.27.3
kayenta:
commit: 800b14c9162cc0f486f4e7f510f87ec8db9b5e98
version: 2.27.3
monitoring-daemon:
commit: null
version: 2.26.0
monitoring-third-party:
commit: null
version: 2.26.0
orca:
commit: 4fe016e9539cfae5cf79b39888227afc11a5741b
version: 2.27.3
rosco:
commit: 44f38498ade0864c5c8373f43560a984c2c91432
version: 2.27.3
terraformer:
commit: 89dd4af83b669d6a12de41611ea0bdf57857dd73
version: 2.27.3
timestamp: "2022-03-02 19:10:56"
version: 2.27.3

Armory

Armory Igor - 2.27.2…2.27.3

chore(build): Autobump armory-commons: 3.10.0 (#280)
chore(build): update mergify config (backport #283) (#284)
chore(cd): update base service version to igor:2022.01.19.07.32.50.release-1.27.x (#282)
chore(cd): update armory-commons version to 3.10.1 (#287)
chore(cd): update armory-commons version to 3.10.2 (#291)

Armory Gate - 2.27.2…2.27.3

chore(build): Autobump armory-commons: 3.10.0 (#363)
chore(cd): update base service version to gate:2022.01.19.07.39.09.release-1.27.x (#378)
chore(cd): update base service version to gate:2022.01.19.07.39.09.release-1.27.x (#370)
chore(cd): update base service version to gate:2022.01.19.07.39.09.release-1.27.x (#366)
chore(build): update mergify config (backport #373) (#374)
chore(cd): update base service version to gate:2022.02.03.20.15.21.release-1.27.x (#382)
chore(cd): update armory-commons version to 3.10.1 (#385)
chore(cd): update armory-commons version to 3.10.2 (#389)

Armory Orca - 2.27.2…2.27.3

[create-pull-request] automated change (#403)
chore(build): update mergify config (backport #408) (#409)
chore(cd): update base orca version to 2022.01.19.07.10.29.release-1.27.x (#405)
chore(cd): update base orca version to 2022.01.19.07.10.29.release-1.27.x (#407)
chore(gradle): upgrade gradle wrapper to 7.3.3 (#412)
chore(cd): update armory-commons version to 3.10.1 (#415)
chore(cd): update base orca version to 2022.02.11.18.48.53.release-1.27.x (#417)
chore(cd): update base orca version to 2022.02.14.23.53.57.release-1.27.x (#419)
chore(cd): update base orca version to 2022.02.15.22.24.23.release-1.27.x (#421)
chore(cd): update armory-commons version to 3.10.2 (#420)

Armory Kayenta - 2.27.2…2.27.3

chore(build): update mergify config (backport #297) (#298)
chore(cd): update armory-commons version to 3.10.1 (#301)
chore(cd): update base service version to kayenta:2022.02.16.00.31.30.release-1.27.x (#302)
chore(cd): update armory-commons version to 3.10.2 (#304)

Armory Rosco - 2.27.2…2.27.3

[create-pull-request] automated change (#338)
chore(cd): update armory-commons version to 3.10.1 (#348)
chore(cd): update base service version to rosco:2022.01.19.07.33.06.release-1.27.x (#346)
fix(tests): remove tests intended for Spinnaker Cloud (#314) (#351)
fix(build): remove redhat publishing (#301)
fix(test): increase timeout for AMI bake int test (#350) (#356)
chore(cd): update armory-commons version to 3.10.2 (#358)

Terraformer™ - 2.27.2…2.27.3

feat(terraform): Adds show option for terraform stage (#447) (#448)

Armory Deck - 2.27.2…2.27.3

feat(terraform): Adds show option for terraform stage (backport #1149) (#1150)
chore(cd): update base deck version to 2021.0.0-20211217214939.release-1.27.x (#1158)
chore(cd): update base deck version to 2022.0.0-20220119092715.release-1.27.x (#1163)
chore(cd): update base deck version to 2022.0.0-20220119092715.release-1.27.x (#1166)
chore(build): update mergify config (#1167)

Armory Clouddriver - 2.27.2…2.27.3

chore(cd): update base service version to clouddriver:2021.12.17.10.45.12.release-1.27.x (#513)
chore(cd): update base service version to clouddriver:2021.12.22.18.20.08.release-1.27.x (#518)
chore(build): Autobump armory-commons: 3.10.0 (#517)
chore(cd): update base service version to clouddriver:2022.01.19.07.03.15.release-1.27.x (#524)
chore(cd): update base service version to clouddriver:2022.01.19.07.33.22.release-1.27.x (#528)
chore(cd): update armory-commons version to 3.10.1 (#537)
chore(cd): update armory-commons version to 3.10.2 (#541)
chore(cd): update base service version to clouddriver:2022.02.22.16.52.45.release-1.27.x (#544)
chore(cd): update base service version to clouddriver:2022.02.24.19.52.46.release-1.27.x (#549)

Armory Echo - 2.27.2…2.27.3

chore(build): Autobump armory-commons: 3.10.0 (#400)
chore(cd): update base service version to echo:2022.01.19.07.51.20.release-1.27.x (#410)
chore(cd): update base service version to echo:2022.01.19.07.51.20.release-1.27.x (#403)
chore(cd): update base service version to echo:2022.01.19.07.51.20.release-1.27.x (#404)
chore(build): update mergify config (backport #406) (#407)
chore(cd): update armory-commons version to 3.10.1 (#411)
chore(cd): update armory-commons version to 3.10.2 (#413)

Dinghy™ - 2.27.2…2.27.3

chore(build): update mergify config (#457) (#458)

Armory Front50 - 2.27.2…2.27.3

chore(build): Autobump armory-commons: 3.10.0 (#346)
chore(cd): update base service version to front50:2022.01.19.08.45.30.release-1.27.x (#355)
chore(cd): update base service version to front50:2022.01.19.08.45.30.release-1.27.x (#349)
chore(build): update mergify config (backport #351) (#352)
chore(cd): update armory-commons version to 3.10.1 (#356)
chore(cd): update armory-commons version to 3.10.2 (#359)

Armory Fiat - 2.27.2…2.27.3

chore(build): Autobump armory-commons: 3.10.0 (#286)
chore(build): update mergify config (backport #293) (#294)
chore(cd): update base service version to fiat:2022.01.19.08.14.32.release-1.27.x (#289)
chore(cd): update base service version to fiat:2022.01.19.08.14.32.release-1.27.x (#292)
chore(cd): update armory-commons version to 3.10.1 (#298)
chore(cd): update armory-commons version to 3.10.2 (#301)
chore(cd): update base service version to fiat:2022.03.02.18.55.09.release-1.27.x (#308)

Continuous-Deployment: v2.26.5 Armory Continuous Deployment Release (Spinnaker™ v1.26.6)

Mon, 21 Feb 2022 00:00:00 +0000

2022/01/21 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.26.5, use one of the following tools:

Armory-extended Halyard 1.12 or later
- 2.26.x is the last minor release that you can use Halyard to install or manage. Future releases require the Armory Operator. For more information, see Halyard Deprecation.
Armory Operator 1.2.6 or later

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Secrets do not work with Spring Cloud Config

If you enable Spring Cloud Config all the properties (e.g. Docker) using Secrets are not resolved when Spring Cloud tries to refresh.

Affected versions:

2.26.x and later

Known Affected providers in Clouddriver:

Kubernetes
Cloudfoundry
Docker

Workaround:

Do not use secrets for properties that are annotated with @RefreshScope.

Highlighted updates

Terraform Show stage

There is a new Terraform Show stage available as part of the Terraform Integration. This stage is the equivalent of running the terraform show command with Terraform. The JSON output from your planfile can be used in subsequent stages.

To use the stage, select Terraform for the stage type and Show as the action in the stage configuration UI. Note that the Show stage depends on your Plan stage. For more information, see the Show Stage section in the Terraform Integration docs.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.26.6 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

version: 2.26.5
timestamp: "2022-01-19 21:15:17"
services:
clouddriver:
commit: 2957f1021447910d60f0f6e9e290988c9b5a11e0
version: 2.26.25
deck:
commit: 0180fcf0a08b0121c5d9af9d3c589487368ad7f4
version: 2.26.12
dinghy:
commit: d1406fad85771d7f44a266d3302d6195c00d7ec2
version: 2.26.13
echo:
commit: ce4f4ed265be8cb746784c6fd4bed7bf5156107e
version: 2.26.13
fiat:
commit: e46182a670fc9bac7c02f809df7ffe65c89ba148
version: 2.26.14
front50:
commit: 7e14c30538a9b97468aba0360408abf4a06bc0dd
version: 2.26.15
gate:
commit: 41c92b2d613e47521c60d2c9036504ff405fbb91
version: 2.26.13
igor:
commit: 889135384533cd723c0a6377a37a7365cf92a8b2
version: 2.26.13
kayenta:
commit: 2403ad86e76898a65939ebdf879bf287fa8b1429
version: 2.26.14
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
orca:
commit: 624af61e6bf75bc92e67a6bef6439f8ae29ec79a
version: 2.26.19
rosco:
commit: cbb42562fad6583e6efcb24a7378cb6fd84668f0
version: 2.26.19
terraformer:
commit: 0cded7056eeecbb85a70a1b94fe1ce83613295bf
version: 2.26.15
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Kayenta - 2.26.13…2.26.14

Dinghy™ - 2.26.12…2.26.13

Armory Deck - 2.26.11…2.26.12

feat(terraform): Adds show option for terraform stage (backport #1149) (#1151)

Terraformer™ - 2.26.14…2.26.15

feat(terraform): Adds show option for terraform stage (#447) (#449)

Armory Igor - 2.26.12…2.26.13

Armory Clouddriver - 2.26.24…2.26.25

chore(cd): update base service version to clouddriver:2021.12.30.00.36.21.release-1.26.x (#514)
chore(cd): update base service version to clouddriver:2022.01.19.07.05.30.release-1.26.x (#525)

Armory Orca - 2.26.18…2.26.19

Armory Echo - 2.26.12…2.26.13

Armory Gate - 2.26.12…2.26.13

Armory Fiat - 2.26.13…2.26.14

Armory Front50 - 2.26.14…2.26.15

Armory Rosco - 2.26.18…2.26.19

Continuous-Deployment: v2.25.1 Armory Continuous Deployment Release (Spinnaker™ v1.25.3)

Wed, 15 Dec 2021 00:00:00 +0000

2021/12/15 Release Notes

Note: If you’re experiencing production issues after upgrading Armory Continuous Deployment, rollback to a previous working version and please report issues to http://go.armory.io/support.

For information about what Armory supports for this version, see the [ Armory Continuous Deployment v2.25 compatibility matrix.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.25.1, use one of the following tools:

Armory-extended Halyard 1.12 or later
Armory Operator 1.2.6 or later For information about upgrading, Operator, see Upgrade the Operator.

Security

Armory scans the codebase as we develop and release software. For information about CVE scans for this release, see the Support Portal. Note that you must be logged in to the portal to see the information.

This release includes a security fix. For more information, see the Critical Notification that Armory’s Support Team sent out on 14 December 2021, contact your Armory account rep, or see this (login required) Support article: https://support.armory.io/support?id=kb_article_view&sysparm_article=KB0010520.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Suffix no longer added to jobs created by Kubernetes Run Job stage

Spinnaker no longer automatically appends a unique suffix to the name of jobs created by the Kubernetes Run Job stage. Prior to this release, if you specified metadata.name: my-job, Spinnaker updates the name to my-job-[random-string] before deploying the job to Kubernetes. As of this release, the job’s name will be passed through to Kubernetes exactly as supplied.

To continue having a random suffix added to the job name, set the metadata.generateName field instead of metadata.name, which causes the Kubernetes API to append a random suffix to the name.

This change is particularly important for users who are using the preconfigured job stage for Kubernetes or are sharing job stages among different pipelines. In these cases, jobs often running concurrently, and it is important that each job have a unique name. In order to retain the previous behavior, manually update your Kubernetes job manifests to use the generateName field.

Previously, this behavior was opt-in.

Impact

As of Armory 2.22, this behavior is the default. Users can still opt out of the new behavior by setting kubernetes.jobs.append-suffix: true in clouddriver-local.yml. This causes Spinnaker to continue to append a suffix to the name of jobs as in prior releases.

The ability to opt out of the new behavior will be removed in Armory 2.23 (OSS 1.23). The above setting will have no effect, and Spinnaker will no longer append a suffix to job names. We recommended that 2.22 users note which jobs are using the old behavior and prepare to remove the setting before upgrading to Armory 2.23 in the future.

Introduced in: Armory 2.22

Zombie Executions

Starting in Spinnaker 2.23.0, ManifestForceCacheRefreshTask was removed, as Kubernetes manifest related stages now do live lookups. While upgrading to Spinnaker 2.23.0 or later, if there is a running pipeline that contains a Kubernetes manifest related stage, it becomes a zombie execution. This causes Orca, Spinnaker’s orchestration service, to fail to complete any Kubernetes manifest related stage in that pipeline.

Workarounds:

To resolve the issue, cancel any zombie executions. For information about how to cancel them, see the Orca Zombie Execution runbook.

Affected versions: 2.23.0 and later

ManifestForceCacheRefreshTask removed from Orca

When you upgrade to 2.23.0 or later, you might encounter the following error:

2021-01-29 23:57:19.691 ERROR 1 --- [ scheduler-2] c.netflix.spinnaker.q.redis.RedisQueue : Failed to read message 8f072714f1df6dbf3af93a4f4fe4cae2, requeuing...
com.fasterxml.jackson.databind.JsonMappingException: No task found for 'com.netflix.spinnaker.orca.clouddriver.tasks.manifest.ManifestForceCacheRefreshTask' (through reference chain: com.netflix.spinnaker.orca.q.RunTask["taskType"])

The ManifestForceCacheRefreshTask task is no longer a required task when deploying a manifest. In earlier releases, forcing the cache to refresh was part of the deployment process for manifests. Because of this change, if a task was running or retried before the upgrade, the error shows up in logs as an exception.

Workaround

Before starting, make sure that you have access to the Redis instance that Orca uses.

To resolve this issue, delete the message from the queue:

Verify that there are pipeline execution failure messages that contain ManifestForceCacheRefreshTask:

Redis

hgetall orca.task.queue.messages

The command returns information similar to the following:

1) "93ac65e03399a4cfd3678e1355936ab2"
2) "{\"kind\":\"runTask\",\"executionType\":\"PIPELINE\",\"executionId\":\"01EVFCCDG3Q2209E0Z1QTNC0FS\", \"application\":\"armoryhellodeploy\",\"stageId\":\"01EVFCCDG3TJ7AFPYEJT1N8RDJ\",\"taskId\":\"5\",\"taskType\":\"com.netflix.spinnaker. orca.clouddriver.tasks.manifest.ManifestForceCacheRefreshTask\",\"attributes\":[{\"kind\":\"attempts\",\"attempts\":1}], \"ackTimeoutMs\":600000}"

Delete the message(s):

Redis
```
hdel orca.task.queue.messages
```
The command returns information similar to the following:
```
93ac65e03399a4cfd3678e1355936ab2
(integer) 1
```

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

Lambda UI issue

There is a UI bug related to the caching agent that prevents Lambda functions from being displayed in the UI when there are no other clusters associated with the Application. In other words, in order for the function to show up in “Functions” tab, there needs to be a cluster (such as an AWS ASG/EC2 instance) deployed for that application.

Affected versions: 2.23.0 (1.23.0) - 2.26.2 Fixed version: 2.26.3

`pipelineID` for Pipelines-as-Code

There is a known issue where the pipelineID function does not work the first time, which causes pipelines to not be updated. Subsequent changes to the dinghyfile update the pipelines correctly.

Affected versions: 2.21.1 - 2.26.0 Fixed version: 2.26.1

Git repo artifact provider cannot checkout SHAs

Only branches are currently supported. For more information, see 6363.

Server groups

There is a known issue where you cannot edit AWS server groups with the Edit button in the UI. The edit window closes immediately after you open it. Workaround: To make changes to your server groups, edit the stage JSON directly by clicking on the Edit stage as JSON button.

Highlighted updates

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.25.3 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

version: 2.25.1
timestamp: "2021-12-15 17:23:28"
services:
clouddriver:
commit: a764fa3dd360655e8ebd9b81e2217fce554f434c
version: 2.25.6
deck:
commit: 3be7d16e0ba22113b38a7e8a1862f9769a119d10
version: 2.25.6
dinghy:
commit: 7feba3a7b859b9595758c7c9e09782e651d9f0f8
version: 2.25.5
echo:
commit: d4254bb69d38e8bf9216c045c4380933ff4582e1
version: 2.25.4
fiat:
commit: fe60b6210c6ce00167aa42143a4dffebcf03fb9f
version: 2.25.5
front50:
commit: 3d2302240be46ca85600e488c20059a9990f13d4
version: 2.25.4
gate:
commit: eab05d036bef8c391274baa7fb3d294862fad37e
version: 2.25.7
igor:
commit: 670df68838b5183faa5ab42db3559b20bbfb29c9
version: 2.25.4
kayenta:
commit: f859543dc93fe2438cca2b7907fde957dde9f64c
version: 2.25.4
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
orca:
commit: 8f84752ec39945409533737c25beb2a853fa22d0
version: 2.25.3
rosco:
commit: 8ef53c816490ac4350813003e098d9ccdff33b0b
version: 2.25.8
terraformer:
commit: 4551e4c1976da52d1f96033f2849d97dc4c9131c
version: 2.25.9
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Deck - 2.25.3…2.25.6

fix(settings): add MPTv2 and Dinghy Events flags back (#776)
fix(build): include cd actions & use cd dependencies (#1144)

Armory Kayenta - 2.25.2…2.25.4

fix(build): add cd workflow / use io.spinnaker deps (#284)
chore(cd): update base service version to kayenta:2021.12.08.00.12.05.release-1.25.x (#291)
chore(armory-commons): autobump armory-commons to 3.8.6 (#293)

Dinghy™ - 2.25.1…2.25.5

fix(config): bit more err checking on initial config load (#380)
fix(crash_on_module_updates): remove call to log.fatal() (#366) (#367) (#428)
chore(build): include workflow to onboard dinghy in cd images (#456)

Armory Clouddriver - 2.25.3…2.25.6

fix(build): use baseServiceVersion as base for the extension (#482)
fix(build): update workflows to produce CD images (#483)
fix(build): use the correct dependencies from baseServiceVersion (#485)
chore(build): bump armory.settings plugin to 1.7.2 (#495)
chore(cd): update base service version to clouddriver:2021.12.07.22.20.09.release-1.25.x (#504)
chore(armory-commons): autobump armory-commons to 3.8.6 (#507)

Armory Fiat - 2.25.3…2.25.5

fix(build): onboard 2.25.x with astrolabe cd (#265)
chore(cd): update base service version to fiat:2021.12.07.22.20.53.release-1.25.x (#277)
chore(armory-commons): autobump armory-commons to 3.8.6 (#280)

Terraformer™ - 2.25.0…2.25.9

chore(build): add gcloud sdk + anthoscli (#374) (#375)
chore(versions): add terraform 13.6 through 14.10 (bp #376) (#377)
security(versions): secure terraform binaries (backport #390) (#391)
chore(versions): update tf installer to use new hashi keys (#396) (#398)
chore(tests): retrieve secrets from s3, not vault (#418) (#422)
task(tf_versions): update tf bundled versions script to use new key-server (#417) (#424)
task(tf_versions): update tf bundled versions script to use new key (#428) (#430)
fix(build): add cd workflow (#446)

Armory Front50 - 2.25.2…2.25.4

fix(build): onboard front50 with astrolabe cd build (#326)
chore(cd): update base service version to front50:2021.12.07.22.22.25.release-1.25.x (#338)
chore(armory-commons): autobump armory-commons to 3.8.6 (#341)

Armory Gate - 2.25.5…2.25.7

fix(build): onboard 2.25.x with cd process (#340)
feat(gradle): Add stack trace to gradle build (backport #359) (#360)
chore(cd): update base service version to gate:2021.12.15.00.04.16.release-1.25.x (#357)

Armory Orca - 2.25.2…2.25.3

fix(build): add cd workflow for Astrolabe (#374)
chore(cd): update base orca version to 2021.12.07.23.35.56.release-1.25.x (#391)
chore(armory-commons): autobump armory-commons to 3.8.6 (#396)

Armory Rosco - 2.25.2…2.25.8

Update gradle.yml
fix(build): add cd workflows / build using artifact (#320)
chore(cd): update base service version to rosco:2021.12.07.23.36.04.release-1.25.x (#330)
chore(armory-commons): autobump armory-commons to 3.8.6 (#333)
fix(tests): remove tests intended for Spinnaker Cloud (#314) (#322)

Armory Igor - 2.25.2…2.25.4

fix(build): include workflows for CD with Astrolabe (#265)
chore(cd): update base service version to igor:2021.12.07.23.57.30.release-1.25.x (#273)
chore(armory-commons): autobump armory-commons to 3.8.6 (#276)

Armory Echo - 2.25.2…2.25.4

fix(build): onboard 2.25.x with astrolabe cd process (#376)
chore(build): bump armory gradle 1.7.2 (#378)
chore(cd): update base service version to echo:2021.12.07.22.20.45.release-1.25.x (#390)
chore(armory-commons): bump armory-commons to 3.8.6 (#394)

Continuous-Deployment: v2.26.4 Armory Continuous Deployment Release (Spinnaker™ v1.26.6)

Wed, 15 Dec 2021 00:00:00 +0000

2021/12/15 Release Notes

Note: If you’re experiencing production issues after upgrading Armory Continuous Deployment, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.26.4, use one of the following tools:

Armory-extended Halyard 1.12 or later
- 2.26.x is the last minor release that you can use Halyard to install or manage. Future releases require the Armory Operator. For more information, see Halyard Deprecation.
Armory Operator 1.2.6 or later For information about upgrading, Operator, see Upgrade the Operator.

Security

Breaking changes

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Highlighted updates

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.26.6 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

version: 2.26.4
timestamp: "2021-12-15 17:47:54"
services:
clouddriver:
commit: 18729608df655fa9ffdf28a968e4bdf22e140e59
version: 2.26.24
deck:
commit: 198d62eae2710dceed1f462e50a183abba613fef
version: 2.26.11
dinghy:
commit: d1406fad85771d7f44a266d3302d6195c00d7ec2
version: 2.26.12
echo:
commit: ce4f4ed265be8cb746784c6fd4bed7bf5156107e
version: 2.26.12
fiat:
commit: e46182a670fc9bac7c02f809df7ffe65c89ba148
version: 2.26.13
front50:
commit: 7e14c30538a9b97468aba0360408abf4a06bc0dd
version: 2.26.14
gate:
commit: 41c92b2d613e47521c60d2c9036504ff405fbb91
version: 2.26.12
igor:
commit: 889135384533cd723c0a6377a37a7365cf92a8b2
version: 2.26.12
kayenta:
commit: 2403ad86e76898a65939ebdf879bf287fa8b1429
version: 2.26.13
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
orca:
commit: 624af61e6bf75bc92e67a6bef6439f8ae29ec79a
version: 2.26.18
rosco:
commit: cbb42562fad6583e6efcb24a7378cb6fd84668f0
version: 2.26.18
terraformer:
commit: 2dc177734c1445252dfeb3b8353ce94596c8a4c3
version: 2.26.14
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.26.11…2.26.12

chore(build): bump armory-commons 3.9.6 (backport #260) (#262)

Armory Clouddriver - 2.26.20…2.26.24

chore(build): Autobump armory-commons: 3.9.6 (backport #364) (#458)

Armory Kayenta - 2.26.12…2.26.13

chore(build): remove platform build (#279)
chore(build): Autobump armory-commons: 3.9.6 (backport #268) (#281)

Armory Echo - 2.26.11…2.26.12

chore(build): Autobump armory-commons: 3.9.6 (backport #351) (#372)

Armory Deck - 2.26.10…2.26.11

Armory Orca - 2.26.17…2.26.18

chore(build): remove platform build (#364)
chore(build): Autobump armory-commons: 3.9.6 (backport #335) (#368)

Terraformer™ - 2.26.13…2.26.14

Armory Gate - 2.26.11…2.26.12

chore(build): Autobump armory-commons: 3.9.6 (backport #305) (#329)
chore(cd): update base service version to gate:2021.12.14.23.45.08.release-1.26.x (#356)

Dinghy™ - 2.26.11…2.26.12

Armory Rosco - 2.26.15…2.26.18

chore(build): Autobump armory-commons: 3.9.6 (backport #286) (#310)

Armory Fiat - 2.26.12…2.26.13

chore(build): Autobump armory-commons: 3.9.6 (backport #232) (#257)
chore(cd): update base service version to fiat:2021.12.14.22.49.55.release-1.26.x (#283)

Armory Front50 - 2.26.13…2.26.14

chore(build): remove platform build (#312)
chore(build): Autobump armory-commons: 3.9.6 (backport #285) (#318)

Continuous-Deployment: v2.24.3 Armory Continuous Deployment Release

Tue, 14 Dec 2021 00:00:00 +0000

2.24.x is not a supported version.

2021/12/14 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.24.3, use one of the following tools:

Armory-extended Halyard 1.10 or later
Armory Operator 1.2.1 or later For information about upgrading, Operator, see Upgrade the Operator.

Security

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Suffix no longer added to jobs created by Kubernetes Run Job stage

To continue having a random suffix added to the job name, set the metadata.generateName field instead of metadata.name, which causes the Kubernetes API to append a random suffix to the name.

Previously, this behavior was opt-in.

Impact

Introduced in: Armory 2.22

Zombie Executions

Workarounds:

To resolve the issue, cancel any zombie executions. For information about how to cancel them, see the Orca Zombie Execution runbook.

Affected versions: 2.23.0 and later

ManifestForceCacheRefreshTask removed from Orca

When you upgrade to 2.23.0 or later, you might encounter the following error:

2021-01-29 23:57:19.691 ERROR 1 --- [ scheduler-2] c.netflix.spinnaker.q.redis.RedisQueue : Failed to read message 8f072714f1df6dbf3af93a4f4fe4cae2, requeuing...
com.fasterxml.jackson.databind.JsonMappingException: No task found for 'com.netflix.spinnaker.orca.clouddriver.tasks.manifest.ManifestForceCacheRefreshTask' (through reference chain: com.netflix.spinnaker.orca.q.RunTask["taskType"])

Workaround

Before starting, make sure that you have access to the Redis instance that Orca uses.

To resolve this issue, delete the message from the queue:

Verify that there are pipeline execution failure messages that contain ManifestForceCacheRefreshTask:

Redis

hgetall orca.task.queue.messages

The command returns information similar to the following:

1) "93ac65e03399a4cfd3678e1355936ab2"
2) "{\"kind\":\"runTask\",\"executionType\":\"PIPELINE\",\"executionId\":\"01EVFCCDG3Q2209E0Z1QTNC0FS\", \"application\":\"armoryhellodeploy\",\"stageId\":\"01EVFCCDG3TJ7AFPYEJT1N8RDJ\",\"taskId\":\"5\",\"taskType\":\"com.netflix.spinnaker. orca.clouddriver.tasks.manifest.ManifestForceCacheRefreshTask\",\"attributes\":[{\"kind\":\"attempts\",\"attempts\":1}], \"ackTimeoutMs\":600000}"

Delete the message(s):

Redis
```
hdel orca.task.queue.messages
```
The command returns information similar to the following:
```
93ac65e03399a4cfd3678e1355936ab2
(integer) 1
```

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

Lambda UI issue

Affected versions: 2.23.0 (1.23.0) - 2.26.2 Fixed version: 2.26.3

Pipelines-as-Code fails unexpectedly when updating modules

The container for the Dinghy service that Pipelines-as-Code uses fails when updating pipelines using modules stored in GitHub. The error you encounter references a failure related to GitHub, such as one of the following:

422 Validation Failed [{Resource:CommitComment Field:body Code:custom Message:body is too long (maximum is 65536 characters)}]

422 No commit found for SHA: <SHA for a commit> []

This results in only some pipelines in your deployment getting updated when a module gets updated.

Workaround:

Use the arm CLI to render the JSON for your dinghyfiles.
Update pipelines manually using the UI.

Affected versions: 2.22.x, 2.23.x, 2.24.0 Fixed versions: 2.25.0

Highlighted updates

Continuous-Deployment: v2.27.2 Armory Continuous Deployment Release LTS (Spinnaker™ v1.27.0)

Tue, 14 Dec 2021 00:00:00 +0000

2021/12/14 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Operator version

To install, upgrade, or configure Armory 2.27.2, use the following Operator version:

Armory Operator 1.4.0 or later

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Highlighted updates

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

version: 2.27.2
timestamp: "2021-12-14 23:38:36"
services:
clouddriver:
commit: a9bd461d8e5e862925b4c04f77774da97e2ecd73
version: 2.27.2
deck:
commit: d2a44f00f618e01853ef7890abe1ed6d2ce62c2e
version: 2.27.2
dinghy:
commit: 71f2ed003fe6b75d8e4f43e800725f2ff3a8a1fe
version: 2.27.2
echo:
commit: 5ec4a67ff921c2bdefc776dda03a0780ff853bcf
version: 2.27.2
fiat:
commit: f23a1b97346816afc4e8e85dfc3ac137282af64a
version: 2.27.2
front50:
commit: f6339ea78bf6edc39250289b1a9e5545d53bc94f
version: 2.27.2
gate:
commit: 10936c03e0722b42a8d632f7869e4c1ad29610a6
version: 2.27.2
igor:
commit: 9f4db42f060f6fb45aad4c038525d71528a2f9f5
version: 2.27.2
kayenta:
commit: 1cdf69a42c359a1f12077b6b1cba5606ac3e5daf
version: 2.27.2
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
orca:
commit: 522655a252c5a1a97f7745fe622ba06bccb99a8c
version: 2.27.2
rosco:
commit: ac6fe57054e435c6058911c4caa177cba5fa64b3
version: 2.27.2
terraformer:
commit: 5e69c32279c6516047eaf6de261d3632095677aa
version: 2.27.2
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Rosco - 2.27.1…2.27.2

Dinghy™ - 2.27.1…2.27.2

Armory Kayenta - 2.27.1…2.27.2

Armory Front50 - 2.27.1…2.27.2

Armory Fiat - 2.27.1…2.27.2

Armory Deck - 2.27.1…2.27.2

chore(cd): update base deck version to 2021.0.0-20211115175155.release-1.27.x (#1148)

Armory Gate - 2.27.1…2.27.2

chore(cd): update base service version to gate:2021.12.14.20.34.14.release-1.27.x (#355)

Armory Orca - 2.27.1…2.27.2

Armory Echo - 2.27.1…2.27.2

Armory Clouddriver - 2.27.1…2.27.2

Terraformer™ - 2.27.1…2.27.2

Armory Igor - 2.27.1…2.27.2

Continuous-Deployment: v2.27.1 Armory Continuous Deployment Release LTS (Spinnaker™ v1.27.0)

Thu, 18 Nov 2021 00:00:00 +0000

2021/11/18 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Operator version

To install, upgrade, or configure Armory 2.27.1, use the following Operator version:

Armory Operator 1.4.0 or later

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Pipelines-as-Code Slack notifications stop working

Impact

After upgrading to 2.27.x, your Pipelines-as-Code Slack notifications may stop working even though they were working previously.

Hotfix

See the Dinghy Slack Notifications not working KB article for the Hotfix.

Introduced in: Armory CD 2.27.0

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Halyard deprecation

Halyard is no longer supported for installing Armory Continuous Deployment 2.27.0 and later. Use the Operator. For more information, see Halyard Deprecation.

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Highlighted updates

Deployment targets

General fixes

Fixed an NPE related to the kubesvcCredentialsLoader.
Fixed an issue where new namespaces failed to get created as part of a Deploy Manifest Stage. This issue occurred because of a validation problem.
The Clouddriver service is now more resilient when starting. Previously, the service failed to start if an account that gets added has permission errors.
Fixed an issue where a stage never completes if the manifest getting deployed is of the kind CSIDriver.

AWS Lambda

Note that these updates also require v1.0.9 of the AWS Lambda plugin.

Fixed an issue in the UI where a stack trace gets displayed when you try to view functions.
Fixed an issue where the UI did not show functions for an application if there are no configured clusters. Functions now appear instead of a 404 error.
Caching behavior and performance have been improved. The changes include fixes for the following issues:
- The Lambda API returns request conflicts (HTTP status 409).
- Event Source Mapping of ARNs fails after initially succeeding. This occured during the Lambda Event Configuration Task.
- Underscores (_) in environment variable names caused validation errors.
- An exception related to event configs occurred intermittently during the Lambda Event Configuration Task.
- Lambda function creation using the Deploy Lambda stage failed causing subsequent runs of the pipeline to encounter an error that states the function already exists.
- The Lambda Cache Refresh Task did not refresh the cache. This led to issues where downstream tasks referenced older versions.
- A permission issue caused the Infrastructure view in the UI (Deck) to not display Lambda functions.

Cloud Foundry

Improved the resiliency of the Cloud Foundry provider. Invalid permissions for a caching agent, such as if permissions are missing for one region, no longer cause all deployments to that account to fail.
Improved the caching behavior for the provider. Previously, the cache on a dedicated caching pod (such as when cache sharding or HA is enabled) may not have been updated if a different pod performed an operation that modifies the cache. This led to situations where the Cloud Foundry provider attempts actions for Server Groups that no longer existed. You can configure this behavior with the following properties:
- expireAfterWrite: the amount of time (in seconds) to wait before expiring the cache after a write operation
- expireAfterAccess: the amount of time (in seconds) to wait before expiring the cache after a access operation
Improved error handling when a caching agent has insufficient permissions. A RuntimeException no longer occurs.

Added an Unbind Service Stage to the Cloud Foundry provider. Services must be unbound before they can be deleted. Use this stage prior to a Destroy Service stage. Alternatively, you can unbind all services before they are deleted in the Destroy Service stage by selecting the checkbox in the stage to do this.
Improved error handling when a Deploy Service stage fails
The Cloud Foundry provider now supports the following manifest attributes:
- Processes Health
- Timeout
- Random route
Fixed an issue where attributes that involved health-check-type parameters were not respected. Armory Continuous Deployment (Spinnaker) now allows single parameters, such as timeout, to be set. Note that Armory Continuous Deployment does not perform validation on parameters, so you may encounter runtime exceptions for Cloud Foundry if you provide invalid parameters.

Instance registration

When you log in to the UI, you are prompted to register your Armory Continuous Deployment (Spinnaker) instance. When you register an instance, Armory provides you with a client ID and client secret that you add to your Operator manifest.

Registration is required for certain features to work.

Note that registration does not automatically turn on Armory Diagnostics. This means that registration does not send information about your apps and pipelines to Armory. If you are sending diagnostic information to Armory, registering your deployment ensures that Armory can know which logs are yours, improving Armory’s ability to provide support.

For more information, see Instance Registration.

Plugin compatibility

Due to changes in the underlying services, older versions of some plugins may not work with Armory Continuous Deployment 2.27.x or later.

The following table lists the plugins and their required minimum version:

Plugin	Version
Armory Agent for Kubernetes Clouddriver Plugin	0.10.0
App Name	0.2.0
AWS Lambda	1.0.9
Evaluate Artifacts	0.1.1
External Accounts	0.2.0
Observability Plugin	1.3.1
Policy Engine	0.2.1-rc

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

version: 2.27.1
timestamp: "2021-11-04 21:25:35"
services:
clouddriver:
commit: a9bd461d8e5e862925b4c04f77774da97e2ecd73
version: 2.27.1
deck:
commit: 8912ef4f4a4f171384497b787aee0e83847ffd5c
version: 2.27.1
dinghy:
commit: 71f2ed003fe6b75d8e4f43e800725f2ff3a8a1fe
version: 2.27.1
echo:
commit: 5ec4a67ff921c2bdefc776dda03a0780ff853bcf
version: 2.27.1
fiat:
commit: f23a1b97346816afc4e8e85dfc3ac137282af64a
version: 2.27.1
front50:
commit: f6339ea78bf6edc39250289b1a9e5545d53bc94f
version: 2.27.1
gate:
commit: 68ccfd60091751f192cebde89572fe555b914ea5
version: 2.27.1
igor:
commit: 9f4db42f060f6fb45aad4c038525d71528a2f9f5
version: 2.27.1
kayenta:
commit: 1cdf69a42c359a1f12077b6b1cba5606ac3e5daf
version: 2.27.1
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
orca:
commit: 522655a252c5a1a97f7745fe622ba06bccb99a8c
version: 2.27.1
rosco:
commit: ac6fe57054e435c6058911c4caa177cba5fa64b3
version: 2.27.1
terraformer:
commit: 5e69c32279c6516047eaf6de261d3632095677aa
version: 2.27.1
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Orca - 2.27.0…2.27.1

[create-pull-request] automated change (#335) (#367)
[create-pull-request] automated change (#371) (#372)
Revert “[create-pull-request] automated change (#371) (#372)” (#373)

Armory Deck - 2.27.0…2.27.1

Armory Echo - 2.27.0…2.27.1

Armory Front50 - 2.27.0…2.27.1

chore(build): remove platform build (#311)
chore(cd): update base service version to front50:2021.10.28.01.40.53.release-1.27.x (#324)

Armory Igor - 2.27.0…2.27.1

Terraformer™ - 2.27.0…2.27.1

Updating Terraform Versions 1.0.8 1.0.9 (#444) (#445)

Armory Rosco - 2.27.0…2.27.1

[create-pull-request] automated change (#286) (#309)

Armory Clouddriver - 2.27.0…2.27.1

[create-pull-request] automated change (#364) (#457)
chore(cd): update base service version to clouddriver:2021.10.12.23.25.53.release-1.27.x (#462)
chore(cd): update base service version to clouddriver:2021.10.12.23.52.07.release-1.27.x (#463)
chore(cd): update base service version to clouddriver:2021.10.18.21.53.46.release-1.27.x (#466)
chore(cd): update base service version to clouddriver:2021.10.19.23.47.12.release-1.27.x (#467)
chore(cd): update base service version to clouddriver:2021.11.01.21.19.09.release-1.27.x (#476)
chore(cd): update base service version to clouddriver:2021.11.02.19.30.35.release-1.27.x (#478)
chore(cd): update base service version to clouddriver:2021.11.03.20.45.14.release-1.27.x (#480)

Dinghy™ - 2.27.0…2.27.1

Armory Kayenta - 2.27.0…2.27.1

[create-pull-request] automated change (#268) (#280)

Armory Gate - 2.27.0…2.27.1

[create-pull-request] automated change (#305) (#328)
Rebuild artifacts (#336)
chore(release): Bump armory header version (#337) (#338)

Armory Fiat - 2.27.0…2.27.1

[create-pull-request] automated change (#232) (#256)
[create-pull-request] automated change (#261) (#262)

Continuous-Deployment: v2.26.3 Armory Continuous Deployment Release (Spinnaker™ v1.26.6)

Fri, 24 Sep 2021 00:00:00 +0000

2021/09/24 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.26.3, use one of the following tools:

Armory-extended Halyard 1.12 or later
- 2.26.x is the last minor release that you can use Halyard to install or manage. Future releases require the Armory Operator. For more information, see Halyard Deprecation.
Armory Operator 1.2.6 or later

For information about upgrading, Operator, see Upgrade the Operator.

Security

Breaking changes

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Pipelines-as-Code GitHub comments

Affected versions: 2.26.x and later

Workaround:

You can either manually resolve the comments so that you can merge any PRs or turn the notifications that Pipelines-as-Code sends to GitHub.

For information about about how to disable this functionality, see GitHub Notifications.

Highlighted updates

AWS Lambda

Fixed an issue where infrastructure for Lambda functions was not being displayed in the UI. This was related to Lambda functions and their event source mappings.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.26.6 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

version: 2.26.3
timestamp: "2021-09-23 02:12:12"
services:
clouddriver:
commit: d361f7e62fe555fda9dd5682b64627f4703563a8
version: 2.26.20
deck:
commit: 198d62eae2710dceed1f462e50a183abba613fef
version: 2.26.10
dinghy:
commit: d1406fad85771d7f44a266d3302d6195c00d7ec2
version: 2.26.11
echo:
commit: c1e9ced6759392159ee628e63cc5808a1c5d8fdd
version: 2.26.11
fiat:
commit: ea4874e41748992d24e0a36a5534bc37d0aa0d31
version: 2.26.12
front50:
commit: ba5b33e616e51dc0e655f40da18277c9434ca5fe
version: 2.26.13
gate:
commit: a7242aa7506dff2f342c69562666308c653fae17
version: 2.26.11
igor:
commit: d1ad3f87ee857a73f6e546ea4cc410286e87cea9
version: 2.26.11
kayenta:
commit: 4f668d1297a5d205d516667c1af6902d0d9f380f
version: 2.26.12
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
orca:
commit: a3463f61ff082502c1c6cb35ea7b01aeee5456a9
version: 2.26.17
rosco:
commit: 1dfc60f1f70ccdadc2cc03ff9f27b5ca39bb9c39
version: 2.26.15
terraformer:
commit: 2dc177734c1445252dfeb3b8353ce94596c8a4c3
version: 2.26.13
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Igor - 2.26.10…2.26.11

chore(build): remove platform build (#257)

Armory Clouddriver - 2.26.19…2.26.20

chore(cd): update base service version to clouddriver:2021.09.01.22.20.35.release-1.26.x (#412)
chore(cd): update base service version to clouddriver:2021.09.02.07.27.19.release-1.26.x (#413)
chore(cd): update base service version to clouddriver:2021.09.02.07.44.26.release-1.26.x (#414)
chore(cd): update base service version to clouddriver:2021.09.02.17.47.50.release-1.26.x (#416)
chore(build): remove platform build (#426)
chore(cd): update base service version to clouddriver:2021.09.09.21.52.53.release-1.26.x (#432)
chore(cd): update base service version to clouddriver:2021.09.09.23.19.30.release-1.26.x (#433)
chore(cd): update base service version to clouddriver:2021.09.10.19.35.46.release-1.26.x (#438)
chore(cd): update base service version to clouddriver:2021.09.17.17.07.10.release-1.26.x (#445)
chore(cd): update base service version to clouddriver:2021.09.17.18.53.46.release-1.26.x (#447)

Armory Fiat - 2.26.11…2.26.12

chore(build): remove platform build (#251)

Armory Kayenta - 2.26.11…2.26.12

Terraformer™ - 2.26.12…2.26.13

chore(build): remove platform build (#440)

Armory Deck - 2.26.9…2.26.10

chore(build): remove platform build (#1116)
fix(build): use same name than GHA (#1119)
chore(cd): update base deck version to 2021.0.0 20210922221550.release-1.26.x-166666656 (#1120)

Armory Gate - 2.26.10…2.26.11

chore(build): remove platform build (#326)

Armory Rosco - 2.26.14…2.26.15

Armory Front50 - 2.26.12…2.26.13

chore(cd): update base service version to front50:2021.06.25.20.05.12.release-1.26.x (#307)

Armory Orca - 2.26.16…2.26.17

fix(build): remove redhat publishing (#357)

Dinghy™ - 2.26.10…2.26.11

chore(build): remove platform build (#455)

Armory Echo - 2.26.10…2.26.11

chore(build): remove platform build (#368)

Continuous-Deployment: v2.26.2 Armory Continuous Deployment Release (Spinnaker™ v1.26.6)

Fri, 03 Sep 2021 00:00:00 +0000

2021/09/03 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.26.2, use one of the following tools:

Armory-extended Halyard 1.12 or later
- 2.26.x is the last minor release that you can use Halyard to install or manage. Future releases require the Armory Operator. For more information, see Halyard Deprecation.
Armory Operator 1.2.6 or later

For information about upgrading, Operator, see Upgrade the Operator.

Security

Breaking changes

Java 11.0.11+, TLS 1.1 communication failure

This is an issue between Java 11.0.11 and TLSv1.1. Only installations using TLSv1.1 will encounter communication failures between services when those services upgrade to Java 11.0.11+.

TLSv1.1 was deprecated in March of 2020 and reached end-of-life in March of 2021. You should no longer be using TLSv1.1 for secure communication.

Oracle released Java 11.0.11 in April of 2021. Java 11.0.11 dropped support for TLSv1.1. See the Java release notes for details.

Impact

Fix

Choose the option that best fits your environment.

Disable TLSv1.1 and enable TLSv1.2 (preferred):

See Knowledge Base articles Disabling TLS 1.1 in Spinnaker and Specifying the Protocols to be used and How to fix TLS error “Reason: extension (5) should not be presented in certificate_request”.
Add a query parameter to the MySQL JDBC URIs:
```
?enabledTLSProtocols=TLSv1.2
```
Note that this only fixes communication between Armory CD and MySQL.

See MySQL communication failure when using TSL1.1 for more information.

Kubernetes version for deployment targets

Armory CD 2.26 no longer supports Kubernetes deployment targets prior to version 1.16.

Impact

Any Kubernetes deployment target must run version 1.16 or higher. If you try to deploy to clusters older than 1.16, you may see errors like the following in the UI:

Additionally, errors like the following appear in the Clouddriver logs:

2021-05-04 21:17:16.032 WARN 1 --- [0.0-7002-exec-9] c.n.s.c.k.c.ManifestController : Failed to read manifest

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.status(KubernetesReplicaSetHandler.java:98) ~[clouddriver-kubernetes.jar:na]

2021-05-05 14:29:09.653 WARN 1 --- [utionAction-538] c.n.s.c.k.c.a.KubernetesCachingAgent : kubernetes/KubernetesCoreCachingAgent[1/1]: Failure adding relationships for service

com.netflix.spinnaker.clouddriver.kubernetes.op.handler.UnsupportedVersionException: No replicaSet is supported at api version extensions/v1beta1
at com.netflix.spinnaker.clouddriver.kubernetes.op.handler.KubernetesReplicaSetHandler.getPodTemplateLabels(KubernetesReplicaSetHandler.java:167)

Workaround

If you are affected by this change, perform the following tasks to update your applications:

Upgrade the Kubernetes clusters that you are trying to deploy to. They must run version 1.16 or higher.
If you have manifest files using deprecated APIs, update them to use newer APIs. For more information on which APIs are deprecated in each Kubernetes version and how to migrate, see the Kubernetes Deprecated API Migration Guide.

Introduced in: Armory CD 2.26.0

Kubernetes infrastructure in the UI

Starting in 2.26, the UI has been updated to more closely follow immutable infrastructure principles.

Impact

Users do not see these actions in the UI by default. You must configure the UI to display them if you want your users to be able to perform them through the UI.

Workaround

Whether or not these actions are available in the UI is controlled by the following property in settings-local.yml:

window.spinnakerSettings.kubernetesAdHocInfraWritesEnabled = <boolean>;

If the application only has the Kubernetes provider configured, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI.
When set to false, this property causes the actions to be unavailable to users. This prevents users from manually creating and deleting Kubernetes infrastructure from the UI. The users can still view the infrastructure but cannot make changes through the UI.

If the application includes Kubernetes and other providers, the following applies:

When set to true, this property causes the UI to function as it did in previous releases. This allows people to manually create and delete Kubernetes infrastructure from the UI. Users can continue to select whether they want to create Kubernetes or other infrastructure in the UI.
When set to false, this property causes Kubernetes to be unavailable as an option when trying to modify infrastructure from the UI. Users can still make changes to infrastructure for the application from cloud providers, such as AWS, but not Kubernetes.

Introduced in: Armory CD 2.26.0

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

Lambda UI issue

Affected versions: 2.23.0 (1.23.0) - 2.26.2 Fixed version: 2.26.3

SpEL expressions and artifact binding

Workaround:

2.27.x or later: Disable artifact binding by adding the following parameter to the stage JSON: enableArtifactBinding: false.

kubernetes:
 artifact-binding:
 docker-image: match-name-only

This setting only binds the version when the tag is missing, such as image: nginx without a version number.

Affected versions: 2.26.x and later

Lambda icon missing

In the left navigation of the UI, the icon for Lambda functions is missing. This does not affect any functionality.

Highlighted updates

Artifacts

This release includes the following improvements for git-based artifact providers:

The GitRepo artifact provider now supports token files. Use the tokenFile: (Operator) or --token-file (Halyard) parameters to specify a token file.
The GitHub, GitLab, and GitRepo artifact providers now support token files that are dynamically updated. The token file is automatically reloaded when Armory Continuous Deployment makes a request.

AWS ECS

Resolved an issue where the subnets and server groups were not being cached.

AWS Lambda

These improvements require version 1.0.8 of the AWS Lambda Plugin in addition to Armory Continuous Deployment 2.26.2.

This release includes the following new features and improvements for the Lambda provider:

Improved cache performance including fixes to cache issues found in 2.24.2
New configuration properties that give you greater control over how Armory Continuous Deployment behaves when connection or cache issues occur.

Configure the following properties in your Operator manifest (spinnakerservice.yml by default). Note that all these properties are optional and use the default if omitted.

spec.spinnakerConfig.profiles.orca.spinnaker.:

cloudDriverReadTimeout: Integer. The timeout (in seconds) when attempting to read from Lambda. (Defaults to 60 seconds.)
cloudDriverConnectTimeout: Integer. The connection timeout (in seconds) when trying to connect to AWS Lambda from Clouddriver. (Defaults to 15 seconds.)
cacheRefreshRetryWaitTime: Integer. The time (in seconds) to wait between retries when attempting to refresh the Lambda cache stored in Clouddriver. (Defaults to 15 seconds.)
cacheOnDemandRetryWaitTime: Integer. The time (in seconds) to wait between retries when attempting to refresh the cache on-demand. (Defaults to 15 seconds.)

For example:

# This example only shows the location of the properties. The rest of the manifest is omitted for brevity.
spec:
 spinnakerConfig:
 profiles:
 orca:
 lambdaPluginConfig:
 cloudDriverReadTimeout: 30
 cloudDriverConnectTimeout: 10
 cacheRefreshRetryWaitTime: 10
 CacheOnDemandRetryWaitTime: 10

spec.spinnakerConfig.profiles.clouddriver.aws.lambda.:

retry.timeout: Integer. The time (in minutes) that Clouddriver will wait before timing out when attempting to connect to the Lambda client. (Defaults to 15 minutes.)
concurrency.threads: Integer. The maximum number of threads to use for calls to the Lambda client. (Defaults to 10 threads.)

For example:

# This example only shows the location of the properties. The rest of the manifest is omitted for brevity.
spec:
 spinnakerConfig:
 profiles:
 clouddriver:
 aws:
 enabled: true
 lambda:
 enabled: true
 retry:
 timeout: 10
 concurrency:
 threads: 5

Pipelines-as-Code

Strict JSON Validation

Pipelines-as-Code (PaC) will now attempt a strict JSON validation of template modules and pipelines to catch certain syntactical errors sooner. This behavior may break existing users that make heavy use of template language constructs. If you find that behavior has changed and need to revert to the previous parsing behavior, add the jsonValidationDisabled config to your PaC profile:

spec:
 spinnakerConfig:
 profiles:
 dinghy:
 jsonValidationDisabled: true

Event notifications honor global config

PaC will now honor configurations that define a self-hosted GitHub Enterprise instance when sending GitHub notifications. No configuration change is necessary for this fix to take effect.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.26.6 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand

version: 2.26.2
timestamp: "2021-09-02 18:30:45"
services:
clouddriver:
commit: 942f74be6aa77ebd34f9183437171848e3b9fd35
version: 2.26.19
deck:
commit: a2296787ab03efc53c85d03cbf8eecddedab6094
version: 2.26.9
dinghy:
commit: 0796be13e88a77c72d94d4e0538a4fab152366b8
version: 2.26.10
echo:
commit: b2f76d93f06a0434987fb00daa77a22396c54658
version: 2.26.10
fiat:
commit: 6aba766ef74c6fe186d7f047095a775936bef71f
version: 2.26.11
front50:
commit: 8bdd585434b9bde9834bf580d96fdd42d12dc933
version: 2.26.12
gate:
commit: 1d66c8a302ed4bf7ad07ce3944b7d7e43baae0a0
version: 2.26.10
igor:
commit: 4f76b327913693263e18a670dc8782d77bbc8ee1
version: 2.26.10
kayenta:
commit: 4f668d1297a5d205d516667c1af6902d0d9f380f
version: 2.26.11
monitoring-daemon:
version: 2.26.0
monitoring-third-party:
version: 2.26.0
orca:
commit: 6b547ff4ac81742d1c4cb7fab713a16f6deefd34
version: 2.26.16
rosco:
commit: 1dfc60f1f70ccdadc2cc03ff9f27b5ca39bb9c39
version: 2.26.14
terraformer:
commit: d20745f6ac1fb87b876dbd255b0b26004fb0341a
version: 2.26.12
dependencies:
redis:
version: 2:2.8.4-2
artifactSources:
dockerRegistry: docker.io/armory

Armory

Armory Fiat - 2.26.10…2.26.11

Armory Front50 - 2.26.11…2.26.12

Terraformer™ - 2.26.9…2.26.12

Armory Clouddriver - 2.26.12…2.26.19

chore(cd): update base service version to clouddriver:2021.07.28.19.49.01.release-1.26.x (#381)
chore(cd): update base service version to clouddriver:2021.07.28.23.39.00.release-1.26.x (#382)
chore(cd): update base service version to clouddriver:2021.07.29.00.03.42.release-1.26.x (#383)
chore(cd): update base service version to clouddriver:2021.07.29.00.21.10.release-1.26.x (#384)
chore(cd): update base service version to clouddriver:2021.08.17.07.55.22.release-1.26.x (#396)
chore(cd): update base service version to clouddriver:2021.08.18.19.46.18.release-1.26.x (#397)

Armory Deck - 2.26.7…2.26.9

chore(cd): update base deck version to 2021.0.0-20210820171135.release-1.26.x (#1112)

Armory Rosco - 2.26.13…2.26.14

Armory Igor - 2.26.9…2.26.10

Armory Gate - 2.26.9…2.26.10

Armory Kayenta - 2.26.10…2.26.11

Dinghy™ - 2.26.6…2.26.10

fix(notif): honor github endpoint in notifier constructor (backport #447) (#448)
fix(build): add dinghy to stackfile (#449)

Armory Orca - 2.26.15…2.26.16

chore(cd): update base orca version to 2021.08.17.08.55.02.release-1.26.x (#354)

Armory Docs – Armory Continuous Deployment Release Notes

Continuous-Deployment: v2.36.9 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

2026-04-01 release notes

Required Armory Operator version

Important

Security

Breaking changes

Known issues

Echo Filter enabled pipelines feature

Highlighted updates

Clouddriver: Redis scheduler configuration validation

Security hardening: URL restriction validation for artifacts and webhooks

Clouddriver SQL cache: sharding-aware unknown-agent cleanup

HA deployment guidance

Clouddriver cache sharding: pluggable strategy and key extraction

Clouddriver: Redis Priority Scheduler (opt-in)

AWS JDBC Driver Update

Configuration for IAM Authentication with Aurora Global Database

Observability Plugin Update

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

Armory Continuous Deployment 2.36.2 onwards Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

New pipeline stage configuration backOffPeriodMs

Java upgrades

Performance Improvements for Pipeline Executions

Performance Improvements for SQL Backend

Feature: Read Connection Pool for SQL Execution Repository

Enhanced pipeline batch update feature

Gate

Orca

Front50

Spinnaker community contributions

Detailed updates

Bill Of Materials (BOM)

Armory

Armory Clouddriver - 2.36.8…2.36.9

Armory Fiat - 2.36.8…2.36.9

Armory Front50 - 2.36.8…2.36.9

Armory Orca - 2.36.8…2.36.9

Armory Igor - 2.36.8…2.36.9

Terraformer™ - 2.36.8…2.36.9

Armory Rosco - 2.36.8…2.36.9

Armory Gate - 2.36.8…2.36.9

Armory Echo - 2.36.8…2.36.9

Armory Deck - 2.36.8…2.36.9

Armory Kayenta - 2.36.8…2.36.9

Dinghy™ - 2.36.8…2.36.9

Spinnaker

Spinnaker Igor - 1.36.1

Spinnaker Rosco - 1.36.1

Spinnaker Gate - 1.36.1

Spinnaker Echo - 1.36.1

Spinnaker Deck - 1.36.1

Spinnaker Orca - 1.36.1

Spinnaker Kayenta - 1.36.1

Spinnaker Front50 - 1.36.1

Spinnaker Clouddriver - 1.36.1

Spinnaker Fiat - 1.36.1

Continuous-Deployment: v2.36.8 Armory Continuous Deployment Release (Spinnaker™ v1.36.1)

2026-03-05 release notes

Required Armory Operator version

Important

Security

Breaking changes

Known issues

Echo Filter enabled pipelines feature

Highlighted updates

Clouddriver: Redis scheduler configuration validation

Security hardening: URL restriction validation for artifacts and webhooks

Clouddriver SQL cache: sharding-aware unknown-agent cleanup

HA deployment guidance

Clouddriver cache sharding: pluggable strategy and key extraction

Clouddriver: Redis Priority Scheduler (opt-in)

AWS JDBC Driver Update

Configuration for IAM Authentication with Aurora Global Database

Observability Plugin Update

Security enhancement: Url Filtering/Restriction capabilities on Artifact accounts

Armory Continuous Deployment 2.36.2 onwards Docker images now based on Ubuntu

Pipeline Reference feature is now able to Lazy load the pipeline reference pipelines

New pipeline stage configuration backOffPeriodMs

New pipeline stage configuration `backOffPeriodMs`

New pipeline stage configuration `backOffPeriodMs`

New pipeline stage configuration `backOffPeriodMs`