v3.4.0

🚀 Enhancements

Fix ~/.aws symlink @Nuru (#959)

what

• Restore symbolic link in $HOME to .aws
• Update Debian 12.6 -> 12.7
• Update Python 3.12.5 -> 3.12.7
• Update helm-diff 3.9.9 -> 3.9.11

why

• Fixes #958
• Routine updates to current versions

🧰 Included Tools

• Update Debian 12.6 -> 12.7
• Update Python 3.12.5 -> 3.12.7
• Update helm-diff 3.9.9 -> 3.9.11

Footnote

In every release, we update all unpinned packages to their latest packaged versions. These changes are not detailed here.

v3.3.0 Smarter abbreviation of EKS cluster name

• #956

Footnote

In every release, we update all unpinned packages to their latest packaged versions. These changes are not detailed here.

v3.2.0

🧰 Included Tools

Update Python to 3.12.5, fix init script @Nuru (#955)

what

• Update Python 3.12.4 -> 3.12.5
• Update Debian 12.6 from 20240722 to 20240812
• Fix conversion of gomplate split to strings.Split done wrong in #953

why

• Stay current
• Fix #954

Footnote

In every release, we update all unpinned packages to their latest packaged versions. These changes are not detailed here.

v3.1.0 Update dependencies and tools

🧰 Included Tools

Update dependencies and tools @Nuru (#953)

what

• Update Debian 12.5 -> 12.6
• Update Python 3.12.3 -> 3.12.4
• Update kube-ps1 0.8.0 -> 0.9.0
• Update helm-diff 3.9.4 -> 3.9.9
• Update helm-git 0.15.1 -> 1.3.0
• Update bootstrap gomplate template to use strings.Split instead of deprecated split
• Update all unpinned packages to latest released versions
  • Updates OpenTofu 1.7.1 -> 1.7.3

why

• Keep current

🏗️ Build/Release Maintenance

Ignore updates to Alpine @Nuru (#952)

what

• Configure Renovate to Ignore updates to Alpine version of Geodesic

why

• No longer supporting Alpine

Migrate Renovate configuration (base -> recommended) per validator @Nuru (#951)

what

• Migrate Renovate configuration (from base of config:base to config:recommended) per validator

why

• Mend Renovate recommended update

references

• https://docs.renovatebot.com/release-notes-for-major-versions/#breaking-changes-for-36

Footnote

In every release, we update all unpinned packages to their latest packaged versions. These changes are not detailed here.

v3.0.0

🚀 Geodesic version 3 (#945)

Breaking Changes

Geodesic Version 3 is not about adding new features, it is about slimming down and removing support for outdated tools and workflows. Many have complained that the Geodesic Docker image is too big. Geodesic v3 is roughly half the size of the Geodesic v2.10.0. 🥳

As such, there are many breaking changes, but for most people, there should be little or no impact.

Major Changes

Alpine Discontinued

Geodesic was first released based on Alpine. With Version 2, we added a Debian-based version, and deprecated the Alpine version. Now, with Version 3, we are only publishing the Debian-based version.

Terraform replaced with OpenTofu

Previously, Geodesic shipped with the latest version of Terraform installed. Now Geodesic ships with OpenTofu installed instead. Using the Debian alternatives system, it is also installed as an alternative to Terraform, so it can be run as either tofu or terraform.

Unneeded Packages Removed

Recently we removed AWS CLI v1 and Google SDK from the base version of Geodesic. With Geodesic version 3, we are removing additional Debian packages that were not worth the space in the Docker image. For the most part, any of these tools can be added back using apt-get install in your Dockerfile if you want them.

Removed Packages

• direnv
• fuse3
• goofys
• groff (note that groff-base is installed instead, so the groff command itself remains)
• musl-dev
• pandoc
• python3 (see note below)
• terragrunt
• variant
• variant2

Note on Python3

The python3 Debian package installs a segregated Python in /usr/bin/python3 for use only by system packages. Significantly, this installation of Python uses dist-packages instead of site-packages to reference installed packages. Read more about this in Debian Python: Deviations from Upstream. We have not found it useful in Geodesic, so we no longer install it.

Geodesic continues to ship with a very recent version of Python installed for users in /usr/local/bin/python3 and using site-packages, sourced from the official Python source distribution.

Removed Support for Obsolete Workflows and Tools

Geodesic is the tool Cloud Posse uses to support its customers in their workflows. As Cloud Posse's reference architecture and standard workflows have changed, a lot of the custom scripts and other support for the old workflows is no longer in use and has not been maintained. In version 3, the support is fully removed. Here is a representative list of support that has been removed, though it may not be fully complete.

• Many years ago, configurations were managed by a combination of Makefiles and direnv + envrc (and our similar tfenv tool). All of that support has been removed, including customizations and addons to make and Makefiles in general. We no longer use make from within Geodesic.
• Around the same time, we built Kubernetes clusters using kops and had extensive support for that. That has all been removed in favor of using AWS EKS to manage Kubernetes, and other solutions (such as AWS ECS) for managing workloads without using Kubernetes.
• As part of this ancient system, we had customized enhancements in support of helmfile. That support has been removed. We now use our own tool, Atmos to do all that helmfile could do and so much more.
• We have also removed support for using make to generate your own Makefile to build your own version of Geodesic. That mechanism was too customized for kops and custom tooling we no longer support. We recommend instead that you use Makefile.custom file as a template and fill in the blanks manually.
• Related scripts like build-kops-manifest, deps, kopsctl, and helmctl have been removed.
• All custom support for Atlantis has been removed. You may be able to use Atlantis under Geodesic v3, but Cloud Posse stopped using Atlantis several years ago and so we are no longer providing official support for it.
• Customized, built-in support for AWS authentication via Okta, aws-vault, and saml2aws has been dropped. We recommend managing authentication either via aws sso or Leapp, which provides support for integration with SAML IdP, AWS SSO, and other authentication mechanisms. (Note: Although Noovolari has announced the end of commercial support for Leapp Pro, Leapp started out as open source and we expect the open source version of Leapp to remain supported and one of the best cloud credential management tools available for the foreseeable future.)
• Previously, we configured XDG_CONFIG_HOME (see the XDG Base Directory Specification for more details) to point to a directory in the Geodesic Docker image, so that we could store configuration supporting the above in that directory. With this initial release of Geodesic v3, we are starting to migrate XDG_* to the Docker host's file system. If you set XDG_CONFIG_HOME on your host, Geodesic will import that value for use from within Geodesic. (Moving Geodesic's own configuration to XDG_CONFIG_HOME is planned to come at a later date, most likely in Geodesic v4.) Geodesic no longer pre-populates anything in XDG_CONFIG_HOME.
• Previously, Geodesic had support for mounting an AWS S3 bucket as a local file system. This was never terrifically robust, and was only used to support kops operations, so it has been entirely removed.

what

• Drop Alpine version of Geodesic
• Replace Terraform with OpenTofu
• Remove obsolete and underutilized packages, tools, scripts, and related support

why

• Alpine's incompatibilities with Linux are a continuing maintenance issue and not worth the relatively modest reduction in Docker image size given the volume of additional tools and support Geodesic adds.
• Hashicorp has changed Terraform's License and it is no longer compatible with Cloud Posse's mission. OpenTofu is intended to be a drop-in replacement for Terraform and is in much better alignment with Cloud Posse's values.
• Dramatically reduce the size of the Geodesic Docker image
• Reduce the maintenance issues that result from having complex features that neither Cloud Posse nor its customers use anymore.

v2.11.3

🚀 Enhancements

Fix colorized string in prompt @Nuru (#942)

what

• Fix colorized text added to prompt without delimiters for color codes by aws.sh

why

• Bash counts the characters in the prompt to manage viewing and editing command history. Non-printing characters must be delimited so they are not counted in the prompt text length.

Every Release

In every release, we update all unpinned packages to their latest packaged versions.

On a regular basis (roughly weekly), on Alpine only, we update the AWS CLI v1 and its dependencies to the latest versions. Debian does not have AWS CLI v1 installed, only v2.

These changes are not detailed here.

v2.11.2

🏗️ Build/Release Maintenance

PR & Release management maintenance @Nuru (#940)

what

• Install font needed by vhs-action in a separate step
• Label PRs that only affect the Alpine version as alpine-only
• Exclude Apline-only PRs from release notes
• Add a standard catchall to every release note

why

• Work around broken install-fonts in vhs-action
• Deprecate Alpine, focus release notes on Debian
• The AWS CLI v1 and boto3 release notes are huge and yet not very informative
• Packages are updated on every release, without those changes being documented, so let people know that

references

• charmbracelet/vhs-action#264

Every Release

In every release, we update all unpinned packages to their latest packaged versions.

On a regular basis (roughly weekly), on Alpine only, we update the AWS CLI v1 and its dependencies to the latest versions. Debian does not have AWS CLI v1 installed, only v2.

These changes are not detailed here.

v2.11.1

🚀 Enhancements

Dockerfile examples, Renovate config, color text bugfixes @Nuru (#939)

what

• Update Dockerfile examples
• Update Renovate config
• Update vhs-action GHA to v2
• Better support for non-terminals and monochrome terminals with respect to colorized output

why

• Closes #927
• Properly exclude Dockerfiles that should not be updated
• Update dependencies
• Resolve errors displayed when running VHS

🧰 Included Tools [Alpine only]

Update dependency cryptography to v42.0.7 @renovate (#938)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==42.0.6 -> ==42.0.7

---

Release Notes

pyca/cryptography (cryptography)

v42.0.7

Compare Source

---

v2.11.0 OpenTofu, Minor Breaking Changes

💥 Breaking Changes

OpenTofu

OK, not a breaking change, but we are excited about it:
we have made it easy to install OpenTofu into
Geodesic. At the command line or in your Dockerfile, just run:

Debian:

# We recommend pinning the version to ensure reproducibility
apt-get update && apt-get install tofu=1.6.2 

Alpine:

# At this point, it seems there is only one version of OpenTofu available
# for Alpine, and a new version would be in a different repository, and it
# might get in the way nof updating later, so we don't pin the version here.
apk update && apk add opentofu@opentofu

Google Cloud SDK no longer pre-installed

Previously we pre-installed the Google Cloud SDK in the base image. Recent
changes to the Google Cloud SDK have made it seem like there is no good
one-size-fits-all way to install it, and peopple who need it would be better
served by picking the version and extra packages they want and having control
over when they are upgraded. So we have removed the Google Cloud SDK from the
base image.

We have left the Google Cloud Package repository installed in Debian, so you
can install the Google Cloud CLI with:

apt-get update && apt-get install google-cloud-cli

For Alpine, we used to install the Google Cloud SDK like this, which may or may not work with the switch to Google Cloud CLI, but should give you a good starting point anyway:

Alpine Dockerfile installing Google Cloud SDK

FROM google/cloud-sdk:$GOOGLE_CLOUD_SDK_VERSION-alpine as google-cloud-sdk

FROM alpine:$ALPINE_VERSION
#...

#
# Install Google Cloud SDK
#
ENV CLOUDSDK_CONFIG=/localhost/.config/gcloud/

COPY --from=google-cloud-sdk /google-cloud-sdk/ /usr/local/google-cloud-sdk/

RUN ln -s /usr/local/google-cloud-sdk/completion.bash.inc /etc/bash_completion.d/gcloud.sh && \
    ln -s /usr/local/google-cloud-sdk/bin/gcloud /usr/local/bin/ && \
    ln -s /usr/local/google-cloud-sdk/bin/gsutil /usr/local/bin/ && \
    ln -s /usr/local/google-cloud-sdk/bin/bq /usr/local/bin/

On both Debian and Alpine, we used to set some configuration options for the
Google Cloud SDK. If you want to set these options, you can do so in your
Dockerfile like this:

# gcloud config writes successful status updates to stderr, but we want to preserve
# stderr for real errors in need of action.
RUN { gcloud config set core/disable_usage_reporting true --installation && \
      gcloud config set component_manager/disable_update_check true --installation && \
      gcloud config set metrics/environment github_docker_image --installation; } 2>&1

AWS CLI v1 and Python requirements removed [Debain only]

We have removed the AWS CLI v1 and its Python requirements (including boto3)
from the Debian Geodesic. CLI v2 has been the default for nearly 3 years, so
we expect this to impact few to no users. If you need the AWS CLI v1 on Debian,
you can install it with:

pip3 install awscli

On Alpine, we have never installed the AWS CLI v2, because it requires
glibc, and we continue to install AWS CLI v1 as before.

🚀 Enhancements

Update Dependencies, add OpenTofu package repo @Nuru (#936)

Breaking Changes

• Google Cloud SDK is no longer pre-installed. The Google Cloud Debian package repository is installed, so you can install it into Debian with apt-get.
• AWS CLI v1 is no longer installed in Debian. The CLI v2 has been the default for Debian Geodesic for almost 3 years, so this should impact many people, if any.
• Python dependencies of AWS CLI v2 (including boto3) are also no longer pre-installed on Debian.

what

All OSes

• Update repository default branch name master -> main
• Google Cloud SDK is no longer installed

Debian only

• Update Debian 12.4 -> 12.5
• Update Python 3.12.2 -> 2.12.3
• Add OpenTofu Debian package repository
• Pin kubectl package to Cloud Posse repository over Google Cloud SDK repository

Alpine only

• Update bindfs on Alpine 1.17.6 -> 1.17.7
• Install Alpine v3.19 community package repo as @opentofu

why

• Branch name: Conform to Cloud Posse and GitHub standards.
• The google-cloud-sdk package is deprecated in favor of google-cloud-cli and additional packages. For example, the current version of the Google Cloud CLI is 474.0.0, but the latest google-cloud-sdk package version is 467.0.0.
• Recent releases of Google Cloud SDK (474.0.0, 473.0.0, and 470.0.0) have had breaking changes, making it important that users have control over which version they use and when they change versions. There is no longer a single good choice of which version to install, so Cloud Posse does not want force one on anyone.
• Reduce size of distributed Docker image.
• Debian version, Debian Python version, Alpine BindFS version: Stay current.
• Enable OpenTofu to be installed easily:
  • On Debian: apt-get update && apt-get install tofu (or ... tofu=1.6.2)
  • On Alpine: apk update && apk add opentofu@opentofu
• Google Cloud SDK package repo has a package named kubectl that installs multiple versions of kubectl, causing excessive bloat. Cloud Posse's kubectl package installs only the latest version, sufficient for kubectl-auto-select to determine and install the correct version for your cluster. Cloud Posse provides kubectl-1.x packages which take advantage of the Debian Alternatives system to allow both versions to be present but automatically select the more specific package's version to be used by default, but this feature is not compatible with Google's package.

references

• OpenTofu
• Google Cloud SDK v473.0.0 Release Notes
• Google Cloud SDK v474.0.0 Release Notes
• Google Cloud Community post referencing deprecation of google-cloud-sdk

🧰 Included Tools [Alpine Only]

Update dependency cryptography to v42.0.6 @renovate (#937)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cryptography (changelog)	==42.0.5 -> ==42.0.6

---

Release Notes

pyca/cryptography (cryptography)

v42.0.6

Compare Source

---

Update AWS CLI packages @renovate (#935)

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
awscli (source, changelog)	==1.32.93 -> ==1.32.98
boto3	==1.34.93 -> ==1.34.98

---

Release Notes

aws/aws-cli (awscli)

[`v1.3...

v2.10.1

🚀 Enhancements

You can now run update-terminal-mode dark or update-terminal-mode light to force the dark/light mode setting if auto-detection does not work.

Dark mode caching fix @Nuru (#934)

what

• Fix caching of terminal escape codes
• Update update-terminal-mode command to allow forcing a mode
• rename internal update_terraform_prompt to _update_terraform_prompt

why

• Substantial performance improvement on every command line prompt
• Auto-detection is likely to be unavailable or wrong on some terminals
• Keep internal functions from showing up in command line completions