What's New in Kargo v0.6.0

It’s time for another Kargo release! As we move closer and closer to a GA release; the features and improvements keep coming. Not only are we diligently working on improving Kargo, we’re also out at various events talking with users and organizations on how Kargo can help in their Kubernetes CI/CD maturity model.

If you’ve missed our latest webinar on Kargo, it’s now up on our YouTube channel. If you’ve missed our talk about Kargo at GitOpsCon North America (in Seattle); you can find that presentation on the CNCF YouTube channel.

With that, we’re happy to announce the release of Kargo v0.6! This is something we’ve been working hard on at Akuity, and we’re proud to deliver this significant release with lots of stability improvements and new features provided not only by us, but also have significant contributions form the community as well.

There was a lot that went into this release so we’re going to focus on the highlights. For a full list of what has changed, please check out the full changelog on GitHub.

Role Management

The most significant update in Kargo v0.6 was a massive improvement of Role Management. These updates will be paramount to those who’re running a multi-tenant system. Role Management improvements will allow administrators to delegate operations to teams while still maintaining control over the platform as a whole.

Kargo CLI offers several conveniences for working with "Kargo Roles," which are simplified abstractions of Kubernetes ServiceAccount, Role, and RoleBinding resources. Creating a Kargo Role, therefore, affects creation of an underlying ServiceAccount/Role/RoleBinding trio. Similarly, deleting a Kargo Role deletes those same underlying resources. Updating a Kargo Role via grant or revoke commands updates the underlying ServiceAccount or RoleBinding accordingly. In short; Kargo’s RBAC functionality is an interface into Kubernetes’ ServiceAccount, Role, and RoleBinding. This brings a Kubernetes-native way of handling RBAC that Kubernetes administrators are already familiar with.

Note that Project “admin” and “viewer” roles are auto-created when a user or process creates a project.

You can list roles using the kargo get roles command:

$ kargo get roles --project kargo-demo
NAME               KARGO MANAGED      AGE
default               false                              23h
kargo-admin      true                               23h
kargo-viewer      true                               23h

Kargo shows all roles in the namespace, including the default ServiceAccount that exists in all Namespaces.

To create a custom role in a project called kargo-demo, run the kargo create role command:

$ kargo create role developer --project kargo-demo

Now that you have that role, you can assign permissions to that role in the kargo-demo project.

$ kargo grant --role developer \
  --resource-type stages --verb ‘*’ \
  --project kargo-demo

Then you can map this developer role to a group claim (coming from your OIDC configuration) called “mygroup”.

$ kargo grant --role developer --group mygroup --project kargo-demo

Although Kargo role management is mapped to ServiceAccounts, Roles, and RoleBindings; it’s important to keep in mind:

• A Kargo Role exists as long as an underlying ServiceAccount resource with the same name exists in the Project namespace.
• If any RoleBinding resources in the Project namespace reference the ServiceAccount resource, then all of the corresponding objects (Role, RoleBinding, etc) are also considered part of the Kargo role.
• Kargo can only manage roles that are created by Kargo or that are explicitly annotated as being Kargo managed.
• If you manage your ServiceAccount, Role, and RoleBinding resources, those resources should not be annotated as being Kargo-managed.

More information about Kargo Roles and how to manage them can be found by reading the official documentation on the Kargo documentation site.

Warehouse Filters

In Kargo v0.5.0, Warehouse subscription filters using regular expressions were introduced. This made it possible to, for instance, subscribe to a monorepo, but trigger the production of new Freight only when changes to relevant paths are detected. For example:

apiVersion: kargo.akuity.io/v1alpha1
kind: Warehouse
metadata:
  name: my-warehouse
  namespace: kargo-demo
spec:
  subscriptions:
  - git:
      repoURL: https://github.com/example/kargo-demo.git
      includePaths:
      - apps/guestbook

In the v0.6.0 release, this feature has been further enhanced to provide support for glob patterns (using a glob: prefix) and exact paths to files or directories. Additionally, the filters now apply to all commit selection strategies (and not just NewestFromBranch). This new filtering feature also allows for “mix and match” includes and excludes with glob and/or regex. For example:

apiVersion: kargo.akuity.io/v1alpha1
kind: Warehouse
metadata:
  name: my-warehouse
  namespace: kargo-demo
spec:
  subscriptions:
  - git:
      repoURL: https://github.com/example/kargo-demo.git
      includePaths:
      - glob:apps/*
      excludePaths:
      - regex:`^.*\.md$

For more information, consult the Kargo documentation.

Other Updates

Other highlighted updates and features in this v0.6 release:

• Credentials can now include descriptions, which are displayed in the UI for informational purposes. We plan to expand this feature to more Kargo resource types in the future.
• kargo get commands now support a --no-headers flag, which will avoid printing the column headers when provided.
• kargo promote can now wait for a Promotion to finish using --wait.
• Kargo can now be configured (via the chart configuration) to sign commits with a GPG key.
• GitHub pull request was added to Git-based promotion mechanisms in version 0.3, with this release we added the ability to have PR based promotions to users using GitLab. Special thanks to community member @PhilippParis for helping with this feature.
• Project settings and AnalysisTemplate resources can now be managed through the UI.
• Variety of bug fixes and other stability improvements to the Kargo UI.

New Contributors

As popularity grows, so does the community! The Kargo team would like to give special thanks to community members whose first contributions to the project are included in this release:

• @blakepettersson
• @ed-boykin
• @vavdoshka
• @zkhvan

Conclusion

This release has a ton of new features and improvements and we’re excited for you to try it out! Kargo is an Open Source project and we invite you to try out Kargo and hop on the Akuity Community Discord to share your experiences, connect with other users, and provide feedback to the maintainers. Looking to get hands-on experience with Kargo? Try out our Quickstart to get up and running.

As Kargo comes closer to general availability, we at Akuity are also including it as part of our SaaS platform. As part of our platform, we are adding automation features like multi-cluster promotions, automated provisioning and so much more. Interested in providing feedback? Sign up for our early access to help shape the future of Kargo!