New Features / Enhancements

• Add securityContext support to custom st2packs images, extra_hooks jobs; Also fallback to st2actionrunner securityContext for misc init container jobs and pods. by @cognifloyd in #410
• Stop generating the DataStore Secret (#385) and checksum labels when existing secret provided or disabled by @bmarick in #391
• Stop generating the checksum labels for Auth Secret when existing secret provided by @bmarick in #392
• Use image.pullPolicy for all containers including init containers that use image.utilityImage by @jk464 in #398
• Add image.entrypoint value to simplify using a custom entry point like dumb-init or pid1 by @cognifloyd in #413

Bugfixes

• Fix syntax with ensure-packs-volumes-are-writable job by @skiedude in #403 and #411

Other Misc Changes

• Update README.md to fix mispelling of volumes by @FileMagic in #404
• Improve Deployments migration in migrations/1.0/standardize-labels.sh by temporarily orphaning the old ReplicaSets by @cognifloyd in #412

New Contributors

• @skiedude made their first contribution in #403
• @FileMagic made their first contribution in #404
• @jk464 made their first contribution in #398

Full Changelog: v1.0.0...v1.1.0

The first stable release! 🎉

Breaking Changes

• Use the standardized labels recommended in the Helm docs. You can use migrations/v1.0/standardize-labels.sh to prepare an existing cluster before running helm update. by @cognifloyd in #351
• Drop support for networking.k8s.io/v1beta1 which was removed in kubernetes v1.22 (EOL 2022-10-28) by @cognifloyd in #353

New features

• Add st2canary job as a Helm Hook that runs before install/upgrade to ensure st2.packs.volumes is configured correctly (if st2.packs.volumes.enabled). by @cognifloyd in #323
• Configurable utilityImage + clusterDomain by @guzzijones in #356
• Enable using existing st2-auth secret. This allows users to manage this secret outside of the Helm process. by @bmarick in #359
• Add external secret for datastore encryption by @guzzijones in #366
• Add terminationGracePeriodSeconds to workflow and actionrunner pods to allow adjustment of grace period in k8s by @guzzijones in #374

Bugfixes

• Increase default db timeouts to avoid replicaset timeout by @guzzijones in #356
• PVC should use claimName key by @fuhrmannb in #369
• Remove redundant [credentials] header by @cars in #371
• Prevent duplicate init containers on helm upgrade by @guzzijones in #375
• Workaround kubeproxy+kubelet race: Add presleep for st2auth, st2web, st2api, st2stream by @guzzijones in #382
• Secret DataStore Crypto Key should not be created when existing provided by @bmarick in #385

Other Misc Changes

• Reduce duplication in label tests by @cognifloyd in #354
• CI: Shift K3s and K8s versions forward by @mamercad in #358
• Update K8s to latest version by @ZoeLeah in #379
• Update the Chart Maintainers - the StackStorm Authors by @armab in #383
• Create v1.0.0 and add "Releasing information" by @mamercad in #389

New Contributors

• @guzzijones made their first contribution in #356
• @fuhrmannb made their first contribution in #369
• @cars made their first contribution in #371
• @ZoeLeah made their first contribution in #379
• @armab made their first contribution in #383

Full Changelog: v0.110.0...v1.0.0

This release, v0.110.0, is the last of the v0.* releases. The next release will be v1.0.0.

This release installs StackStorm v3.8 as the new stable version (#347). Other updates are listed below.

Breaking Changes

None

Community Contributions (THANKS!)

New feature contributions

• Add support for providing custom st2actionrunner-specific docker repository, image name, pull policy, and pull secret via values.yaml. (#141) (by @Sheshagiri)
• Add existingConfigSecret. If this is defined, the st2.secrets.conf key within this secret will be written as /etc/st2/st2.secrets.conf and added to the end of the command line arguments of all pods. (#289) (by @eric-al/@ericreeves)
• Add extra_volumes to all python-based st2 jobs. (#333) (by @bmarick)
• Add ability to create custom labels for service account. (#327) (by @SuganJoe)
• Add support for providing ingressClassName. (#336) (by @mamercad)
• Set st2client resources by values.yaml. (#339) (by @mamercad)

Bugfix contributions

• Temporary workaround for #311 to use previous bitnami index from: bitnami/charts#10539 (#312 #318) (by @0xhaven)
• Use the correct apiVersion for Ingress to add support for Kubernetes v1.22. (#301) (by @arms11)
• Fix bug that hung an init container when st2.packs.volumes.enabled without st2.packs.volumes.configs. (#324) (by @rebrowning)
• Fix bug that would not set the appropriate redis connection string when using redis.password and redis.usePassword (#325) (by @rebrowning)

Other Misc contributions

• Switch to the official bats Docker image for e2e tests. (#338) (by @mamercad)
• Cover the three most recent Kubernetes versions in Minikube and the single most recent in K3s. (#342) (by @mamercad)
• Update the GitHub badges. (#345) (by @mamercad)
• Reorganizing and renaming the CI workflows and jobs. (#344) (by @mamercad)
• Add an experimental GitHub/K3s Lint and End-to-End testing workflow. (#243) (by @mamercad)

Other Misc

• Refactor label definitions to be more consistent by building labels and label selectors in partial helper templates. (#299) (by @cognifloyd)
• Fix mounts for jobs.preRegisterContentCommand container to use the same mounts as the primary register-content container. (#322) (by @cognifloyd)

Breaking Changes

None

Community Contributions (THANKS!)

• Migrate from python 3.6 Ubuntu Bionic to python 3.8 Ubuntu Focal as a base StackStorm OS (StackStorm/st2-dockerfiles#54) (by @jstaph)
• Add support for use of overrides that are available in v3.7 of st2 via helm charts. (#306) (by @cwilson21)

Misc updates

• Switch st2 to v3.7 as a new default stable version (#274)
• Upgrade MongoDB v4.0 -> v4.4 as 4.0 has reached its EOL. (#304)

Breaking Changes

None

Community Contributions (THANKS!)

• New feature to include possibility for external services in st2api, st2stream and st2auth, setting default value for this services as ClusterIP and hostname: "". Also, added new entry for custom_annotations_test.yaml and created new unit test services_test.yaml. (by @sandesvitor)

Major Features

• Add extra_volumes to all python-based st2 deployments. This can facilitate changing log levels by loading logging conf file(s) from a custom ConfigMap. (#276) (by @cognifloyd)
• Allow partitioning sensors using the hash_range strategy instead of one sensor per pod. (#218) (by @cognifloyd)
• Advanced Feature: Make securityContext (on Deployments/Jobs) and podSecurityContext (on Pods) configurable. This allows dropping all capabilities, for example. You can override the securityContext for st2actionrunner, st2sensorcontainer, and st2client if your actions or sensors need, for example, additional capabilites that the rest of StackStorm does not need. (#271) (by @cognifloyd)
• Advanced Feature: Add extra Helm hook Jobs. This minimizes the boilerplate required to run stackstorm workflows at various helm hook stages: post-install, pre-upgrade, post-upgrade. (#265) (by @cognifloyd)

Everything Else

• Prefix template helpers with chart name and format helper comments as template comments. (#272) (by @cognifloyd)
• Initialize basic unittest infrastructure using helm-unittest. Added tests for labels, custom annotations, SecurityContext, pullSecrets, pullPolicy, Resources, nodeSelector, tolerations, affinity, dnsPolicy, dnsConfig, ServiceAccount attach, postStartScript, both sensor-modes, env, envFrom, st2.packs.images, and st2.packs.volumes. (#284, #288, #292)

Breaking Changes

• Auto-generate datastore_crypto_key on install if not provided. This way all HA installs will have a datastore_crypto_key configured. This is only a breaking change for installations that do not want a datastore_crypto_key. To disable set datastore_crypto_key to disable instead of setting it to "", null, or leaving it unset. (#266)

Community Contributions (THANKS!)

• Allow adding custom env variables to any Deployment or Job. (#120) (by @angrydeveloper)
• Include nodeSelector, affinity and tolerations on st2client to allow more flexibility in pod positioning. (#263) (by @sandesvitor)

Significant Fixes

• Set default/sample RBAC config files to "" (empty string) to prevent adding them. This is needed because they cannot be removed by overriding the roles/mappings values. (#247)
• Fix indent for lifecycle postStart hook of st2web pod. (#268)

Major Features

• Switch st2 to v3.6 as a new default stable version (#274)
• Advanced Feature: Allow st2web to serve HTTPS when the ssl certs are provided via st2web.extra_volumes. To enable this, add ST2WEB_HTTPS: "1" to st2web.env in your values file. (#264)
• Add extra_volumes to st2actionrunner, st2client, st2sensorcontainer. This is useful for loading volumes to be used by actions or sensors. This might include secrets (like ssl certificates) and configuration (like system-wide ansible.cfg). (#254)
• Some helm upgrades do not need to run all the jobs. An upgrade that only touches RBAC config, for example, does not need to run the register-content job. Use --set 'jobs.skip={apikey_load,key_load,register_content}' to skip the other jobs. (#255)
• Add envFromSecrets to st2actionrunner, st2client, st2sensorcontainer, and jobs. This is useful for adding custom secrets to the environment. This complements the extra_volumes feature (loading secrets as files) to facilitate loading secrets that are not easily injected via the filesystem. (#259)

Everything Else

• Refactor deployments/jobs to inject st2 username/password via envFrom instead of via env. (#257)
• Use "--convert" when loading keys into datastore (in key-load Job) so that st2.keyvalue[].value can be any basic JSON data type. (#253)
• Custom annotations now apply to deployments and jobs, not just pods. (#270)
• Template more values:
  • Template the contents of st2.config and the values in st2chatops.env. This allows adding secrets defined elsewhere in values. (#249)
  • Template ~/.st2/config. This allows customizing the settings used by the st2client and jobs pods for using the st2 apis. (#262)
• Improve sensor handling:
  • Explicitly differentiate sensor modes: all-sensors-in-one-pod vs one-sensor-per-pod. Exposes the mode in new stackstorm/sensor-mode annotation. (#222)
  • Make configuring stackstorm/sensor-mode=all-sensors-in-one-pod more obvious by using st2.packs.sensors only for one-sensor-per-pod. all-sensors-in-one-pod mode now only uses values from st2sensorcontainer. (#246)

Breaking Changes

• Move secrets.st2.* values into st2.* (#203)

Community Contributions (THANKS!)

• Updated redis constant sentinel ID which will allow other sentinel peers to update to the new given IP in case of pod failure or worker node reboots. (#191) (by @manisha-tanwar)
• Fix a bug when datastore cryto keys are not able to read by the rules engine. datastore_crypto_key volume is now mounted on the st2rulesengine pods (#223) (by @moti1992)

Significant Fixes

• Fix permissions for /home/stanley/.ssh/stanley_rsa using the postStart lifecycle hook (#219)
• st2chatops change: If st2chatops.env.ST2_API_KEY is defined, do not set ST2_AUTH_USERNAME or ST2_AUTH_PASSWORD env vars any more. (#197)

Major Features

• Shared packs volumes st2.packs.volumes. Allow using cluster-specific persistent volumes to store packs, virtualenvs, and (optionally) configs. This enables using st2 pack install. It even works with st2packs images in st2.packs.images. (#199)
• Add image.tag overrides for all deployments. (#200)
• Auto-generate password and ssh_key secrets. (#203)
• Allow adding dnsPolicy and/or dnsConfig to all pods. (#201)
• Make system_user configurable when using custom st2actionrunner images that do not provide stanley (#220)
• Allow providing scripts in values for use in lifecycle postStart hooks of all deployments. (#206)
• Add preRegisterContentCommand in an initContainer for register-content job to run last-minute content customizations (#213)

Everything Else

• Removed reference to st2-license pullSecrets, which was missed when removing enterprise flags (#192)
• Add optional imagePullSecrets to ServiceAccount using serviceAccount.pullSecret from values.yaml. If pods do not have imagePullSecrets (eg without image.pullSecret in values.yaml), k8s populates them from the ServiceAccount. (#196 & #239)
• Reformat some yaml strings so that single quotes wrap strings that include double quotes (#194)
• If your k8s cluster admin requires custom annotations (eg: to indicate mongo or rabbitmq usage), you can now add those to each set of pods. (#195)
• Add optional hubot-scripts volume to st2chatops pod. To add this, define st2chatops.hubotScriptsVolume. (#207)
• Add advanced pod placment (nodeSelector, affinity, tolerations) to specs for batch Jobs pods. (#193)
• Move st2-config-vol volume definition and list of st2-config-vol volumeMounts to helpers to reduce duplication (#198)
• Minimize required sensor config by using default values from st2sensorcontainer for each sensor in st2.packs.sensors (#221)
• Do not template rabbitmq secrets file unless rabbitmq subchart is enabled. (#242)
• Automatically stringify st2chatop.env values if needed. (#241)

Warning!
Breaking change!

• Switch st2 version to v3.5dev as a new latest development version (#187)
• Change st2packs definition to a list, to support multiple st2packs containers (#166) (by @moonrail)
• Enabled RBAC/LDAP configuration for OSS version, removed enterprise flags (#182) (by @hnanchahal)
• Fixed datastore_crypto_key secret name for rules engine (#188) (by @lordpengwin)

• Improve resource allocation and scheduling by adding resources requests cpu/memory values for st2 Pods (#179)
• Avoid cluster restart loop situations by making st2 Pod initContainers to wait for DB/MQ connection (#178)
• Add option to define config.js for st2web (#165) (by @moonrail)

• Added Redis with Sentinel to replace etcd as a coordination backend (#169)