May 14, 2024
Christian Hernandez
What's New in Kargo v0.6.0
It’s time for another Kargo release! As we move closer and closer to a GA release; the features and improvements keep coming. Not only are we diligently working on improving Kargo, we’re also out at various events talking with users and organizations on how Kargo can help in their Kubernetes CI/CD maturity model.
If you’ve missed our latest webinar on Kargo, it’s now up on our YouTube channel. If you’ve missed our talk about Kargo at GitOpsCon North America (in Seattle); you can find that presentation on the CNCF YouTube channel.
With that, we’re happy to announce the release of Kargo v0.6! This is something we’ve been working hard on at Akuity, and we’re proud to deliver this significant release with lots of stability improvements and new features provided not only by us, but also have significant contributions form the community as well.
There was a lot that went into this release so we’re going to focus on the highlights. For a full list of what has changed, please check out the full changelog on GitHub.
Role Management
The most significant update in Kargo v0.6 was a massive improvement of Role Management. These updates will be paramount to those who’re running a multi-tenant system. Role Management improvements will allow administrators to delegate operations to teams while still maintaining control over the platform as a whole.
Kargo CLI offers several conveniences for working with "Kargo Roles," which are simplified abstractions of Kubernetes ServiceAccount
, Role
, and RoleBinding
resources. Creating a Kargo Role, therefore, affects creation of an underlying ServiceAccount
/Role
/RoleBinding
trio. Similarly, deleting a Kargo Role deletes those same underlying resources. Updating a Kargo Role via grant
or revoke
commands updates the underlying ServiceAccount
or RoleBinding
accordingly.
In short; Kargo’s RBAC functionality is an interface into Kubernetes’ ServiceAccount
, Role
, and RoleBinding
. This brings a Kubernetes-native way of handling RBAC that Kubernetes administrators are already familiar with.
Note that Project
“admin” and “viewer” roles are auto-created when a user or process creates a project.
You can list roles using the kargo get roles
command:
$ kargo get roles --project kargo-demo NAME KARGO MANAGED AGE default false 23h kargo-admin true 23h kargo-viewer true 23h
Kargo shows all roles in the namespace, including the default
ServiceAccount
that exists in all Namespaces.
To create a custom role in a project called kargo-demo
, run the kargo create role
command:
$ kargo create role developer --project kargo-demo
Now that you have that role, you can assign permissions to that role in the kargo-demo
project.
$ kargo grant --role developer \ --resource-type stages --verb ‘*’ \ --project kargo-demo
Then you can map this developer
role to a group claim (coming from your OIDC configuration) called “mygroup”.
$ kargo grant --role developer --group mygroup --project kargo-demo
Although Kargo role management is mapped to ServiceAccount
s, Role
s, and RoleBinding
s; it’s important to keep in mind:
- A Kargo Role exists as long as an underlying
ServiceAccount
resource with the same name exists in the Project namespace. - If any
RoleBinding
resources in the Project namespace reference theServiceAccount
resource, then all of the corresponding objects (Role
,RoleBinding
, etc) are also considered part of the Kargo role. - Kargo can only manage roles that are created by Kargo or that are explicitly annotated as being Kargo managed.
- If you manage your
ServiceAccount
,Role
, andRoleBinding
resources, those resources should not be annotated as being Kargo-managed.
More information about Kargo Roles and how to manage them can be found by reading the official documentation on the Kargo documentation site.
Warehouse Filters
In Kargo v0.5.0, Warehouse
subscription filters using regular expressions were introduced. This made it possible to, for instance, subscribe to a monorepo, but trigger the production of new Freight
only when changes to relevant paths are detected. For example:
apiVersion: kargo.akuity.io/v1alpha1 kind: Warehouse metadata: name: my-warehouse namespace: kargo-demo spec: subscriptions: - git: repoURL: https://github.com/example/kargo-demo.git includePaths: - apps/guestbook
In the v0.6.0 release, this feature has been further enhanced to provide support for glob patterns (using a glob:
prefix) and exact paths to files or directories. Additionally, the filters now apply to all commit selection strategies (and not just NewestFromBranch
). This new filtering feature also allows for “mix and match” includes and excludes with glob
and/or regex
. For example:
apiVersion: kargo.akuity.io/v1alpha1 kind: Warehouse metadata: name: my-warehouse namespace: kargo-demo spec: subscriptions: - git: repoURL: https://github.com/example/kargo-demo.git includePaths: - glob:apps/* excludePaths: - regex:`^.*\.md$
For more information, consult the Kargo documentation.
Other Updates
Other highlighted updates and features in this v0.6 release:
- Credentials can now include descriptions, which are displayed in the UI for informational purposes. We plan to expand this feature to more Kargo resource types in the future.
kargo get
commands now support a--no-headers
flag, which will avoid printing the column headers when provided.kargo promote
can now wait for aPromotion
to finish using--wait
.- Kargo can now be configured (via the chart configuration) to sign commits with a GPG key.
- GitHub pull request was added to Git-based promotion mechanisms in version 0.3, with this release we added the ability to have PR based promotions to users using GitLab. Special thanks to community member @PhilippParis for helping with this feature.
Project
settings andAnalysisTemplate
resources can now be managed through the UI.- Variety of bug fixes and other stability improvements to the Kargo UI.
New Contributors
As popularity grows, so does the community! The Kargo team would like to give special thanks to community members whose first contributions to the project are included in this release:
Conclusion
This release has a ton of new features and improvements and we’re excited for you to try it out! Kargo is an Open Source project and we invite you to try out Kargo and hop on the Akuity Community Discord to share your experiences, connect with other users, and provide feedback to the maintainers. Looking to get hands-on experience with Kargo? Try out our Quickstart to get up and running.
As Kargo comes closer to general availability, we at Akuity are also including it as part of our SaaS platform. As part of our platform, we are adding automation features like multi-cluster promotions, automated provisioning and so much more. Interested in providing feedback? Sign up for our early access to help shape the future of Kargo!