To get the latest product updates delivered to you, add the URL of this page to your
reader, or add the feed URL directly:
July 30, 2020
Updated the git-sync image to fix security vulnerability CVE-2019-5482.
June 15, 2020
A regression in Anthos Config Management 1.3.2 results in unnecessary patches to the API server for the
gatekeeper-system namespace and spurious logging for error
KNV2005. This "fight" results when the
gatekeeper-system namespace is managed in the Git repo, and two Anthos Config Management components (the operator and syncer) are both trying to reconcile the state of the namespace with the API server. The only workaround at this time is to unmanage the
gatekeeper-system namespace. The issue will be fixed in Anthos Config Management 1.4.1.
May 21, 2020
This release includes several performance and memory improvements.
In order to help prevent accidental deletion, Anthos Config Management will no longer allow a user to remove all namespaces or cluster-scoped resources in a single commit. If you wish to delete the full set of resources under management, it now requires two steps: remove all but one in a first commit, allow ACM to sync those changes, then remove the final resource in a second commit.
Error documentation has been updated to add more information on error codes. Errors that are no longer encountered in the product have been removed. Most error references have been embellished with examples and steps for remediation.
Anthos Config Management now supports a GKE-only authentication mechanism based on the service account of the cluster's node pool. Documentation on its use is here.
Anthos Config Management now includes Config Connector v1.8.0.
Anthos Config Management will now attempt to detect when resources that it manages are also managed by other controllers. Documentation on this behavior is available in error
knv2005 which ACM will log in that case.
Policy Controller has been upgraded to include a newer version of Open Policy Agent Gatekeeper.
This version includes updates to improve the management of policy resources. As a consequence, finalizers are no longer used to manage Constraints and Constraint Templates.
The following metrics have been made obsolete due to these changes and have been removed:
The following metrics were removed and will be re-implemented in a later version:
April 23, 2020
Anthos Config Management images are now included in the Google-provided system images for Binary Authorization.
Policy Agent now allows configuration of namespaces that will bypass the admission controller. For more information, see Excluding Namespaces from Policy Controller
You can now exempt Namespaces from Policy Controller enforcement
Anthos Config Management v1.3.1 now supports Kubernetes v1.16 and higher. Earlier versions of Anthos Config Management relied on APIs that have been deprecated in Kubernetes v1.16.
The Anthos Config Management Syncer pod now reports when it detects that it is fighting with another process over a resource.
Anthos Config Management no longer allows managing resources in unmanaged Namespaces.
If you define a CRD with an integer field that has min/max values, Anthos Config Management will be unable to update the CRD.
Anthos Config Management no longer overwrites undeclared labels and annotations on Namespaces.
March 24, 2020
Anthos Policy Controller is now Generally Available
Anthos Config Management now includes the generally-available version of Config Connector.
Anthos Config Management now supports the use of an HTTP or HTTPS proxy to connect with your Git host. More information can be found at Installing Anthos Config Management.