1.27.1 (2026-04-30)
- configure metrics-server for EKS host networking (f7aef61)
- remove unneeded metrics-server values from control room path (e4790ac)
1.27.0 (2026-04-29)
- address review feedback on NetApp backup PR (68ae95b)
- add snapshot and backup protection to Azure NetApp volumes (27e90a6)
1.26.6 (2026-04-28)
- add CPU limits to Mimir store-gateway and Traefik (09ba466)
1.26.5 (2026-04-24)
- default Karpenter NodePool weight to 100 when unset (8f2de5e)
1.26.4 (2026-04-24)
- clusters-azure: use corev1.NewConfigMapPatch for CoreDNS forwarding ConfigMap (d3f5297)
1.26.3 (2026-04-24)
- azure: use per-site domains for Traefik Ingress generation (97c8c8b)
1.26.2 (2026-04-22)
- remove min node count for azure user pools (0c7f4fb)
1.26.1 (2026-04-22)
- default public_load_balancer to true (internet-facing) matching Python (340fa4e)
- fetch Karpenter subnet/SG IDs from EKS cluster VPC config (d64ee3b)
- match Python output details for Traefik ingress and Alloy values (de10b28)
- remove EnableServerSideApply from k8s provider (not set in other migrated steps) (f103837)
- restore Alloy cluster label and k8s provider settings from Python (66b3e57)
- retain Python naming conventions in AWS helm step migration (39fdcb6)
- synthesize session taint in overprovisioning tolerations matching NodePool logic (3ca8f49)
- use deterministic workload port instead of hardcoded 1080 for proxy (99dfe02)
- restore pulumi-kubernetes SDK to v4.21.1 to keep Azure provider stable (51b33c0)
1.26.0 (2026-04-21)
- proxy: kill surviving processes when pruning stale registry entries (2793946)
- proxy: replace hardcoded port 1080 in all steps with WorkloadPort (01869e7)
- proxy: replace hardcoded port 1080 in Python Pulumi code and remove dead Go fallbacks (8d4a3be)
- proxy: set ALL_PROXY in helm step and update docs for new port behavior (ddbb595)
- proxy: thread proxy port through SetupKubeConfig so kubeconfig uses the correct SOCKS5 port (77f1c0f)
- proxy: use context.Background() in daemon mode so subprocess survives ptd exit (a2ec568)
- proxy: add locked registry, deterministic ports, and new management commands (d28ee37)
1.25.1 (2026-04-21)
- add dual aliases for AWS provider, AlloyConfig ConfigMap, and mimir-auth Secret (2dcd6a7)
- correct Alloy ConfigMap alias and YAML indentation in helm chart CRs (5c01ca9)
- correct Alloy ConfigMap Pulumi alias to include AlloyConfig parent type (d3f16b4)
- mainDomain should use site named "main", not first alphabetically (4715421)
- use yaml.v2 for Traefik and Karpenter values, harden alias URNs and error handling (a33cb77)
- use yaml.v2 in marshalYAML and correct Azure helm diffs vs Python state (0e50fc1)
1.25.0 (2026-04-21)
- add unit tests for handoff helpers and fix resource categorization (0be41ce)
- generate eject handoff PDF and markdown document (0a67c38), closes #216
1.24.0 (2026-04-17)
- add Azure nvidia device plugin helm deployment (c1ed84d)
1.23.0 (2026-04-17)
- mirror nvidia device plugin for azure (f09c491)
1.22.1 (2026-04-17)
- proxy: kill subprocess group on stop to avoid Azure tunnel orphan (1c40215)
1.22.0 (2026-04-17)
- add automation for assigning aks rbac role (0f3a5df)
1.21.0 (2026-04-16)
- code review suggestions (e21cb06)
1.20.0 (2026-04-16)
- make snapshot dynamic, handle numeric IDs, add edge case tests (84768b8)
- add config strip and snapshot for eject severance (9d931b0)
1.19.0 (2026-04-16)
- conditionally include control room remote_write in Alloy config (9a141df)
1.18.0 (2026-04-16)
- add IAM trust removal runbook for eject bundle (09fd47e)
- add re-adopt runbook generator for eject bundle (9986433)
- add RemoveWorkloadMimirPassword for eject severance (5cafed5)
- cloud-specific access removal runbooks, wire into eject (e544235)
- tolerate nil control room target in ensure steps (bc3e99a)
1.17.0 (2026-04-15)
- clusters: address PR review — feature gaps and deduplication (619227e)
- rewrite clusters step in Go, retire Python implementation (1da055e)
1.16.0 (2026-04-15)
- justfile: make codesign conditional on macOS to fix Linux CI (3520692)
- sites: use exec plugin kubeconfig to eliminate token-rotation state diffs (6a815e3)
- add Claude auto-review and PR assistant workflows (ac2d4b7)
1.15.0 (2026-04-14)
- drop mimir from workload purpose string, hoist siteSecretFields (c6a4913)
- remove okta-oidc-client-creds from secret catalog (7ad61c1)
1.14.0 (2026-04-13)
- remove automated kustomize-to-Helm migration job from TeamOperator (e0233b5)
1.13.0 (2026-04-13)
- check out.Close() error in copyFile to catch flush failures (ebd45c6)
- sanitize file paths in config copy to resolve Snyk findings (65d075f)
1.12.0 (2026-04-13)
- enable Pulumi debug logging when -v flag is set (f165a01)
1.11.0 (2026-04-08)
1.10.0 (2026-04-08)
1.9.0 (2026-04-08)
1.8.5 (2026-04-08)
- add mutex to postgres config test mock to prevent data race (4e32dc3)
1.8.4 (2026-04-08)
- pin bastion AMI regex to kernel-6.18 variant (57a7902)
1.8.3 (2026-04-08)
- use runtime.Caller instead of git rev-parse in test setup (979ef52)
1.8.2 (2026-04-07)
- update uv.lock for pulumi-aws 6.78.0 (805771a)
- upgrade pulumi-aws and pass force_update_version to both Cluster and NodeGroup (128f232)
1.8.1 (2026-04-07)
- use runtime.Caller instead of git rev-parse in test setup (69edc7a)
1.8.0 (2026-04-06)
- adopt existing FelixConfiguration before Helm manages it (063b26e)
- dataclass inheritance ordering and ruff FBT lint errors (a496abe)
- drop Nftables dataplane and CRD patch, stay on Iptables (70b5d6c)
- force NFT iptables backend for Calico on AL2023 (8da6d66)
- patch Installation CR to enforce Calico CNI on EKS (5fc673e)
- remove unnecessary FelixConfiguration adoption patch (42cef46)
- restore FelixConfiguration adoption patch with ignore_changes to prevent drift (c56f7eb)
- add third_party_telemetry_enabled config to disable infra telemetry (1135cbe)
- pre-patch Installation CRD to allow Nftables dataplane on upgrade (cdfcfb1)
- upgrade Tigera Operator 3.29.3 → 3.31.4 (cea1639)
1.7.1 (2026-04-06)
- disable azure load balancer alerts until fixed (2f2fe6f)
- update tests to reflect disabled loadbalancer alerts (16f7a8b)
1.7.0 (2026-04-02)
- add var to enable shell identification while using workon (f9bf9ef)
1.6.0 (2026-04-02)
- new netapp throughput limit alert (5678437)
1.5.2 (2026-03-31)
- bump default alb latency alert threshold (fec5940)
1.5.1 (2026-03-26)
- bump go directive to 1.25.6 (CVE-2025-61728, CVE-2025-61726) (d416b1a)
- upgrade google.golang.org/grpc to v1.79.3 (CVE-2026-33186) (d882605)
1.5.0 (2026-03-20)
- add tenant label back to metrics alert (53dfbc2)
- alloy instance duplication bug (ab2e645)
- azure load balancer metrics resource group and azure alert queries and formatting (767acff)
- bump default aws alb idle connection timeout (3440fdf)
- change azure metric names and give better alert descriptions (16fc658)
- correct workload.go (089dce8)
- correct worktree path in CLAUDE.md (c28115e)
- docs: correct dashboard deployment documentation inaccuracies (ab73129)
- docs: correct dashboard UID description and add trailing newline (2ebb899)
- ensure all alerts are always created (28ccbf2)
- grafana: add missing cluster filters to unlinked panels in Posit Team Overview (05fdccc)
- grafana: apply site filter consistently and correct version in Posit Team Overview (d477d44)
- grafana: correct Connect panel titles to match query semantics (9396999)
- grafana: correct dashboard provisioning settings for posit_team_overview (1284bdc)
- grafana: enable multi-cluster support for Kubernetes Global View dashboard (388e320)
- grafana: fix Package Manager panel query and display issues (b0d8b1f)
- grafana: handle division by zero and fix labels in License Consumption gauge (0337f5a)
- grafana: prevent automatic time unit conversion in License days left panel (fcc0ecb)
- grafana: remove inaccurate License expires panels from dashboard (dbc436f)
- grafana: remove orphaned cluster references from posit-team-overview transformations (1c588e0)
- grafana: standardize label ordering in by() clauses for license metrics (63e1166)
- grafana: use max aggregation for Connect global metrics (0263879)
- grafana: use pattern match operator for site filter in Posit Team Overview (de943c0)
- improve alerting when no metrics received from one or all workloads (9ffa0e8)
- lint (ae55544)
- python-pulumi: implement robust RFC 1123 name sanitization with validation (91e56c0)
- python-pulumi: resolve linter warnings in dashboard code (cef03bb)
- python-pulumi: sanitize dashboard names for Kubernetes RFC 1123 compliance (1008253)
- quote descriptions in alerts with colon characters (2423c6a)
- remove client_id and secrets_provider_client_id from azure_workload fixture (f6a3fb9)
- remove workload alert sidecar and fix azure resource graph query syntax (6f83f76)
- replace underscores in alerts generated via file (ebf2319)
- resolve lint errors in test fixtures and conftest (c69be20)
- solve intermittent no data result with netapp latency alerts and adjust thresholds based on current workloads (65fad8f)
- stop overriding team-operator image when not explicitly configured (49f7b2c)
- undo unrelated change (569c8b3)
- undo unrelated change (a7af92d)
- use custom_role for EKS access entry when configured (d1a4aee)
- add Go↔Python config sync validation and standardize test fixtures (bfa9f3d)
- add ppm-oidc-client-secret to site secret provisioning (46ae5ac)
- allow force for cluster upgrades (fb990a3)
- automatically recreate azure bastion vm with latest version (0384239)
- azure: add configurable bastion instance type (36bb44d)
- grafana: add cluster filter to all Posit Team Overview dashboard panels (dcba6f2)
- grafana: add Connect row to Posit Team Overview dashboard (1440b2c)
- grafana: add Package Manager row to Posit Team Overview dashboard (03ea325)
- grafana: improve Running Version panel display in Posit Team Overview dashboard (cdd1b7a)
- support per-workload custom tags on AKS resources (e52c0c0)
- support setting externally created route table on private azure subnet (a0f3711)
- undo unintended Justfile change (4858593)
1.4.2 (2026-02-13)
- do not use key auth for storage accounts due to security warnings (3e4e860)
- enable azure auth in the cli when run in AWS Workspace (5b846e4)
1.4.1 (2026-02-10)
- eks: add explicit resource dependencies for cluster provisioning (072f84e)
- eks: restore parallel execution for Tigera and node groups (d6a8587)
- persistent: remove AWS-only guard from mimir password sync (9e70212)
- persistent: skip mimir password check for control rooms (7bec570)
- team-operator: create posit-team-system namespace before migration resources (b074d4f)
- team-operator: skip await on Helm release to debug failures (35b38a3)
- tigera: update Calico Helm chart repository URL (511bbb3)
- remove skip_await from team-operator Helm release (f2c8293)
- team-operator: remove explicit posit-team-system namespace (7b64328)
1.4.0 (2026-02-09)
- remove env copy (931661d)
- add azure workload support to k9s command (44d135c)
1.3.0 (2026-02-06)
- lib: fix flaky TestGenerateRandomString test (74755d3)
- control-room: add EKS access entries support (b739db1), closes #79
- eks: enable access entries by default (3a538f6), closes #111
1.2.1 (2026-02-03)
- support workon for custom steps (2ef2752)
1.2.0 (2026-02-03)
- add workflow to handle team-operator version updates (2541d23)
1.1.3 (2026-01-28)
- team-operator: add retain_on_delete protection for CRDs and namespace (8c2d8ce)
- team-operator: simplify to namespace protection only (39c179a)
1.1.2 (2026-01-28)
1.1.1 (2026-01-27)
- clean up repo references to use posit-dev (470b829)
1.1.0 (2026-01-21)
- monitoring: add container metrics collection for pod debugging (23b597f)
1.0.2 (2026-01-21)
- add helm.sh/resource-policy: keep to CRD patch (e175604)
1.0.1 (2026-01-16)
- add missing site yaml for sites step (e28e8e5)
- add documentation (docs/) (986bec5)
- add end-to-end tests (e2e/) (bc3a4b0)
- add example configurations (examples/) (18a4683)
- add GitHub Actions workflows (.github/workflows/) (bd44f3b)
- add Go CLI (cmd/) (07fd413)
- add project configuration files (be217cd)
- add Python Pulumi IaC package (python-pulumi/) (84cbe96)
- add root build and config files (50adb12)
- add shared Go libraries (lib/) (3d52c6f)
- ci: add semantic versioned releases (12cbfba)