v2.11.0 OpenTofu, Minor Breaking Changes
💥 Breaking Changes
OpenTofu
OK, not a breaking change, but we are excited about it:
we have made it easy to install OpenTofu into
Geodesic. At the command line or in your Dockerfile, just run:
Debian:
# We recommend pinning the version to ensure reproducibility
apt-get update && apt-get install tofu=1.6.2
Alpine:
# At this point, it seems there is only one version of OpenTofu available
# for Alpine, and a new version would be in a different repository, and it
# might get in the way nof updating later, so we don't pin the version here.
apk update && apk add opentofu@opentofu
Google Cloud SDK no longer pre-installed
Previously we pre-installed the Google Cloud SDK in the base image. Recent
changes to the Google Cloud SDK have made it seem like there is no good
one-size-fits-all way to install it, and peopple who need it would be better
served by picking the version and extra packages they want and having control
over when they are upgraded. So we have removed the Google Cloud SDK from the
base image.
We have left the Google Cloud Package repository installed in Debian, so you
can install the Google Cloud CLI with:
apt-get update && apt-get install google-cloud-cli
For Alpine, we used to install the Google Cloud SDK like this, which may or may not work with the switch to Google Cloud CLI, but should give you a good starting point anyway:
Alpine Dockerfile installing Google Cloud SDK
FROM google/cloud-sdk:$GOOGLE_CLOUD_SDK_VERSION-alpine as google-cloud-sdk
FROM alpine:$ALPINE_VERSION
#...
#
# Install Google Cloud SDK
#
ENV CLOUDSDK_CONFIG=/localhost/.config/gcloud/
COPY --from=google-cloud-sdk /google-cloud-sdk/ /usr/local/google-cloud-sdk/
RUN ln -s /usr/local/google-cloud-sdk/completion.bash.inc /etc/bash_completion.d/gcloud.sh && \
ln -s /usr/local/google-cloud-sdk/bin/gcloud /usr/local/bin/ && \
ln -s /usr/local/google-cloud-sdk/bin/gsutil /usr/local/bin/ && \
ln -s /usr/local/google-cloud-sdk/bin/bq /usr/local/bin/
On both Debian and Alpine, we used to set some configuration options for the
Google Cloud SDK. If you want to set these options, you can do so in your
Dockerfile like this:
# gcloud config writes successful status updates to stderr, but we want to preserve
# stderr for real errors in need of action.
RUN { gcloud config set core/disable_usage_reporting true --installation && \
gcloud config set component_manager/disable_update_check true --installation && \
gcloud config set metrics/environment github_docker_image --installation; } 2>&1
AWS CLI v1 and Python requirements removed [Debain only]
We have removed the AWS CLI v1 and its Python requirements (including boto3
)
from the Debian Geodesic. CLI v2 has been the default for nearly 3 years, so
we expect this to impact few to no users. If you need the AWS CLI v1 on Debian,
you can install it with:
pip3 install awscli
On Alpine, we have never installed the AWS CLI v2, because it requires
glibc
, and we continue to install AWS CLI v1 as before.
🚀 Enhancements
Update Dependencies, add OpenTofu package repo @Nuru (#936)
Breaking Changes
- Google Cloud SDK is no longer pre-installed. The Google Cloud Debian package repository is installed, so you can install it into Debian with
apt-get
. - AWS CLI v1 is no longer installed in Debian. The CLI v2 has been the default for Debian Geodesic for almost 3 years, so this should impact many people, if any.
- Python dependencies of AWS CLI v2 (including
boto3
) are also no longer pre-installed on Debian.
what
All OSes
- Update repository default branch name
master
->main
- Google Cloud SDK is no longer installed
Debian only
- Update Debian 12.4 -> 12.5
- Update Python 3.12.2 -> 2.12.3
- Add OpenTofu Debian package repository
- Pin
kubectl
package to Cloud Posse repository over Google Cloud SDK repository
Alpine only
- Update
bindfs
on Alpine 1.17.6 -> 1.17.7 - Install Alpine v3.19
community
package repo as@opentofu
why
- Branch name: Conform to Cloud Posse and GitHub standards.
- The
google-cloud-sdk
package is deprecated in favor ofgoogle-cloud-cli
and additional packages. For example, the current version of the Google Cloud CLI is 474.0.0, but the latestgoogle-cloud-sdk
package version is 467.0.0. - Recent releases of Google Cloud SDK (474.0.0, 473.0.0, and 470.0.0) have had breaking changes, making it important that users have control over which version they use and when they change versions. There is no longer a single good choice of which version to install, so Cloud Posse does not want force one on anyone.
- Reduce size of distributed Docker image.
- Debian version, Debian Python version, Alpine BindFS version: Stay current.
- Enable OpenTofu to be installed easily:
- On Debian:
apt-get update && apt-get install tofu
(or ...tofu=1.6.2
) - On Alpine:
apk update && apk add opentofu@opentofu
- On Debian:
- Google Cloud SDK package repo has a package named
kubectl
that installs multiple versions ofkubectl
, causing excessive bloat. Cloud Posse'skubectl
package installs only the latest version, sufficient forkubectl-auto-select
to determine and install the correct version for your cluster. Cloud Posse provideskubectl-1.x
packages which take advantage of the Debian Alternatives system to allow both versions to be present but automatically select the more specific package's version to be used by default, but this feature is not compatible with Google's package.
references
- OpenTofu
- Google Cloud SDK v473.0.0 Release Notes
- Google Cloud SDK v474.0.0 Release Notes
- Google Cloud Community post referencing deprecation of
google-cloud-sdk
🧰 Included Tools [Alpine Only]
Update dependency cryptography to v42.0.6 @renovate (#937)
This PR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
cryptography (changelog) | ==42.0.5 -> ==42.0.6 |
Release Notes
Update AWS CLI packages @renovate (#935)
This PR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
awscli (source, changelog) | ==1.32.93 -> ==1.32.98 |
||||
boto3 | ==1.34.93 -> ==1.34.98 |
Release Notes
aws/aws-cli (awscli)
v1.32.98
=======
- api-change:
bedrock-agent
: This release adds support for using Provisioned Throughput with Bedrock Agents. - api-change:
connect
: This release adds 5 new APIs for managing attachments: StartAttachedFileUpload, CompleteAttachedFileUpload, GetAttachedFile, BatchGetAttachedFileMetadata, DeleteAttachedFile. These APIs can be used to programmatically upload and download attachments to Connect resources, like cases. - api-change:
connectcases
: This feature supports the release of Files related items - api-change:
datasync
: Updated guidance on using private or self-signed certificate authorities (CAs) with AWS DataSync object storage locations. - api-change:
inspector2
: This release adds CSV format to GetCisScanReport for Inspector v2 - api-change:
sagemaker
: Amazon SageMaker Inference now supports m6i, c6i, r6i, m7i, c7i, r7i and g5 instance types for Batch Transform Jobs - api-change:
sesv2
: Adds support for specifying replacement headers per BulkEmailEntry in SendBulkEmail in SESv2.
v1.32.97
=======
- api-change:
dynamodb
: This release adds support to specify an optional, maximum OnDemandThroughput for DynamoDB tables and global secondary indexes in the CreateTable or UpdateTable APIs. You can also override the OnDemandThroughput settings by calling the ImportTable, RestoreFromPointInTime, or RestoreFromBackup APIs. - api-change:
ec2
: This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM). - api-change:
personalize
: This releases ability to delete users and their data, including their metadata and interactions data, from a dataset group. - api-change:
redshift-serverless
: Update Redshift Serverless List Scheduled Actions Output Response to include Namespace Name.
v1.32.96
=======
- api-change:
bedrock-agent
: This release adds support for using MongoDB Atlas as a vector store when creating a knowledge base. - api-change:
ec2
: Documentation updates for Amazon EC2. - api-change:
personalize-runtime
: This release adds support for a Reason attribute for predicted items generated by User-Personalization-v2. - api-change:
securityhub
: Updated CreateMembers API request with limits. - api-change:
sesv2
: Fixes ListContacts and ListImportJobs APIs to use POST instead of GET.
v1.32.95
=======
- api-change:
chime-sdk-voice
: Due to changes made by the Amazon Alexa service, GetSipMediaApplicationAlexaSkillConfiguration and PutSipMediaApplicationAlexaSkillConfiguration APIs are no longer available for use. For more information, refer to the Alexa Smart Properties page. - api-change:
codeartifact
: Add support for the Ruby package format. - api-change:
fms
: AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization. - api-change:
omics
: Add support for workflow sharing and dynamic run storage - api-change:
opensearch
: This release enables customers to create Route53 A and AAAA alias record types to point custom endpoint domain to OpenSearch domain's dualstack search endpoint. - api-change:
pinpoint-sms-voice-v2
: Amazon Pinpoint has added two new features Multimedia services (MMS) and protect configurations. Use the three new MMS APIs to send media messages to a mobile phone which includes image, audio, text, or video files. Use the ten new protect configurations APIs to block messages to specific countries. - api-change:
qbusiness
: This is a general availability (GA) release of Amazon Q Business. Q Business enables employees in an enterprise to get comprehensive answers to complex questions and take actions through a unified, intuitive web-based chat experience - using an enterprise's existing content, data, and systems. - api-change:
quicksight
: New Q embedding supporting Generative Q&A - api-change:
route53resolver
: Release of FirewallDomainRedirectionAction parameter on the Route 53 DNS Firewall Rule. This allows customers to configure a DNS Firewall rule to inspect all the domains in the DNS redirection chain (default) , such as CNAME, ALIAS, DNAME, etc., or just the first domain and trust the rest. - api-change:
sagemaker
: Amazon SageMaker Training now supports the use of attribute-based access control (ABAC) roles for training job execution roles. Amazon SageMaker Inference now supports G6 instance types. - api-change:
signer
: Documentation updates for AWS Signer. Adds cross-account signing constraint and definitions for cross-account actions.
v1.32.94
=======
- api-change:
amplify
: Updating max results limit for listing any resources (Job, Artifacts, Branch, BackendResources, DomainAssociation) to 50 with the exception of list apps that where max results can be up to 100. - api-change:
connectcases
: This feature releases DeleteField, DeletedLayout, and DeleteTemplate API's - api-change:
inspector2
: Update Inspector2 to include new Agentless API parameters. - api-change:
timestream-query
: This change allows users to update and describe account settings associated with their accounts. - api-change:
transcribe
: This update provides error messaging for generative call summarization in Transcribe Call Analytics - api-change:
trustedadvisor
: This release adds the BatchUpdateRecommendationResourceExclusion API to support batch updates of Recommendation Resource exclusion statuses and introduces a new exclusion status filter to the ListRecommendationResources and ListOrganizationRecommendationResources APIs.
boto/boto3 (boto3)
v1.34.98
=======
- api-change:
bedrock-agent
: [botocore
] This release adds support for using Provisioned Throughput with Bedrock Agents. - api-change:
connect
: [botocore
] This release adds 5 new APIs for managing attachments: StartAttachedFileUpload, CompleteAttachedFileUpload, GetAttachedFile, BatchGetAttachedFileMetadata, DeleteAttachedFile. These APIs can be used to programmatically upload and download attachments to Connect resources, like cases. - api-change:
connectcases
: [botocore
] This feature supports the release of Files related items - api-change:
datasync
: [botocore
] Updated guidance on using private or self-signed certificate authorities (CAs) with AWS DataSync object storage locations. - api-change:
inspector2
: [botocore
] This release adds CSV format to GetCisScanReport for Inspector v2 - api-change:
sagemaker
: [botocore
] Amazon SageMaker Inference now supports m6i, c6i, r6i, m7i, c7i, r7i and g5 instance types for Batch Transform Jobs - api-change:
sesv2
: [botocore
] Adds support for specifying replacement headers per BulkEmailEntry in SendBulkEmail in SESv2.
v1.34.97
=======
- api-change:
dynamodb
: [botocore
] This release adds support to specify an optional, maximum OnDemandThroughput for DynamoDB tables and global secondary indexes in the CreateTable or UpdateTable APIs. You can also override the OnDemandThroughput settings by calling the ImportTable, RestoreFromPointInTime, or RestoreFromBackup APIs. - api-change:
ec2
: [botocore
] This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM). - api-change:
personalize
: [botocore
] This releases ability to delete users and their data, including their metadata and interactions data, from a dataset group. - api-change:
redshift-serverless
: [botocore
] Update Redshift Serverless List Scheduled Actions Output Response to include Namespace Name.
v1.34.96
=======
- api-change:
bedrock-agent
: [botocore
] This release adds support for using MongoDB Atlas as a vector store when creating a knowledge base. - api-change:
ec2
: [botocore
] Documentation updates for Amazon EC2. - api-change:
personalize-runtime
: [botocore
] This release adds support for a Reason attribute for predicted items generated by User-Personalization-v2. - api-change:
securityhub
: [botocore
] Updated CreateMembers API request with limits. - api-change:
sesv2
: [botocore
] Fixes ListContacts and ListImportJobs APIs to use POST instead of GET.
v1.34.95
=======
- api-change:
chime-sdk-voice
: [botocore
] Due to changes made by the Amazon Alexa service, GetSipMediaApplicationAlexaSkillConfiguration and PutSipMediaApplicationAlexaSkillConfiguration APIs are no longer available for use. For more information, refer to the Alexa Smart Properties page. - api-change:
codeartifact
: [botocore
] Add support for the Ruby package format. - api-change:
fms
: [botocore
] AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization. - api-change:
omics
: [botocore
] Add support for workflow sharing and dynamic run storage - api-change:
opensearch
: [botocore
] This release enables customers to create Route53 A and AAAA alias record types to point custom endpoint domain to OpenSearch domain's dualstack search endpoint. - api-change:
pinpoint-sms-voice-v2
: [botocore
] Amazon Pinpoint has added two new features Multimedia services (MMS) and protect configurations. Use the three new MMS APIs to send media messages to a mobile phone which includes image, audio, text, or video files. Use the ten new protect configurations APIs to block messages to specific countries. - api-change:
qbusiness
: [botocore
] This is a general availability (GA) release of Amazon Q Business. Q Business enables employees in an enterprise to get comprehensive answers to complex questions and take actions through a unified, intuitive web-based chat experience - using an enterprise's existing content, data, and systems. - api-change:
quicksight
: [botocore
] New Q embedding supporting Generative Q&A - api-change:
route53resolver
: [botocore
] Release of FirewallDomainRedirectionAction parameter on the Route 53 DNS Firewall Rule. This allows customers to configure a DNS Firewall rule to inspect all the domains in the DNS redirection chain (default) , such as CNAME, ALIAS, DNAME, etc., or just the first domain and trust the rest. - api-change:
sagemaker
: [botocore
] Amazon SageMaker Training now supports the use of attribute-based access control (ABAC) roles for training job execution roles. Amazon SageMaker Inference now supports G6 instance types. - api-change:
signer
: [botocore
] Documentation updates for AWS Signer. Adds cross-account signing constraint and definitions for cross-account actions.
v1.34.94
=======
- api-change:
amplify
: [botocore
] Updating max results limit for listing any resources (Job, Artifacts, Branch, BackendResources, DomainAssociation) to 50 with the exception of list apps that where max results can be up to 100. - api-change:
connectcases
: [botocore
] This feature releases DeleteField, DeletedLayout, and DeleteTemplate API's - api-change:
inspector2
: [botocore
] Update Inspector2 to include new Agentless API parameters. - api-change:
timestream-query
: [botocore
] This change allows users to update and describe account settings associated with their accounts. - api-change:
transcribe
: [botocore
] This update provides error messaging for generative call summarization in Transcribe Call Analytics - api-change:
trustedadvisor
: [botocore
] This release adds the BatchUpdateRecommendationResourceExclusion API to support batch updates of Recommendation Resource exclusion statuses and introduces a new exclusion status filter to the ListRecommendationResources and ListOrganizationRecommendationResources APIs.