This page documents the release notes for each version of the Appian operator that is released for self-managed customers.
Note: Only the three most recent releases of the Appian operator are supported at any given time. Users should upgrade the operator frequently to stay up-to-date with bug and security fixes, especially since upgrading the operator neither requires upgrading installations of Appian on Kubernetes nor impacts their availability.
This release has been explicitly tested against Kubernetes v1.26-v1.30.
CN-32833 - Medium
Fixed a bug that prevented httpd's /run/httpd directory from being writable.
CN-31979 - Medium
Fixed a bug where a restarted site's pods might use the old site's secret values.
This release has been explicitly tested against Kubernetes v1.26-v1.30.
tmp emptyDir volumes in the pods it manages and volume mounts from them to ephemeral data directories. If you are doing this yourself via the .spec.[COMPONENT].additionalVolumes or .spec.[COMPONENT].additionalVolumeMounts fields on Appian custom resources, you will need to stop doing so when you upgrade the operator.Note: Upgrading the operator to the new version will cause Zookeeper, Kafka, Search Server, Data Server, Service Manager, Webapp, and httpd pods to roll, if HA.
CN-28361 - Medium
Fixed a bug that prevented ephemeral data directories from being writable.
Note: This release has been explicitly tested against Kubernetes v1.26-v1.30. It has not been explicitly tested against versions older than Kubernetes v1.26.
This release has been explicitly tested against Kubernetes v1.25-v1.29.
CN-28689 - Low
Upgraded golang.org/x/net to v0.24.0 to remediate CVE-2023-45288.
CN-29252 - Major
Fixed a bug with the migration tool that prevented the webapp from starting after migrating data.
This release has been explicitly tested against Kubernetes v1.25-v1.29.
appian.lic license in addition to k3.lic and k4.lic licenses. Make sure you have requested an appian.lic license and have loaded it into Kubernetes and referenced it in your Appian custom resource before upgrading the Appian operator.Note: This release has been explicitly tested against Kubernetes v1.25-v1.29. It has not been explicitly tested against versions older than Kubernetes v1.25.
We support Kubernetes versions 1.23-1.27 for this release.
AN-268736 - Low
Upgraded github.com/emicklei/go-restful/v3 to address PRISMA-2022-0227.
CN-28132 - Low
Upgraded github.com/lestrrat-go/jwx/v2 and google.golang.org/protobuf to address CVE-2024-28122 and CVE-2024-24786, respectively.
We support Kubernetes versions 1.23-1.27 for this release.
CN-24866 - Low
Fixed a bug where additional labels (.spec.additionalLabels), which are mutable, were incorrectly applied to workload resources' pod selectors, which are immutable.
We support Kubernetes versions 1.23-1.27 for this release.
.spec.<COMPONENT>.podLabels fields in their Appian custom resources.securityTokenSecretName, adminPasswordSecretName, and serviceManagerConfSecretName fields previously deprecated in v0.108.0.CN-25397 - Medium
Fixed a bug where the .webhooks.caBundle and .webhooks.webhookConfiguration.caBundle Helm chart values were not properly injected into the Appian CRD by the CRD update job.
CN-25650 - Low
Upgraded github.com/lestrrat-go/jwx/v2 to address CVE-2023-49290.
CN-25942 - Low
Upgraded golang.org/x/crypto to address CVE-2023-48795.
We support Kubernetes versions 1.23-1.27 for this release.
CN-25397 - Medium
Fixed a bug where image pull secrets were not rendered into the CRD update job.
We support Kubernetes versions 1.23-1.27 for this release.
.webhooks.caBundle, has been added to replace the old, now deprecated .webhooks.webhookConfiguration.caBundle value.RollingUpdate if they have multiple replicas. This means that customers no longer have to manually delete pods after making certain changes to Appian custom resources.CN-24756 - Low
Upgraded golang.org/x/net to address CVE-2023-39325 and CVE-2023-44487
We support Kubernetes versions 1.23-1.27 for this release.
Note: This operator release supports Kubernetes version 1.27, and 1.21 and 1.22 are now deprecated.
CN-23177 - Low
Upgraded golang.org/x/net to address CVE-2023-3978
CN-23257 - Low
Fixed a bug where the operator would incorrectly attempt to update immutable job fields.
We support Kubernetes versions 1.21-1.26 for this release.
.spec.kafka.mirrorMakerListeners and .spec.mirrorMaker fields in their primary and backup Appian custom resources, respectively, to enable MirrorMaker. For more information, see Kafka / Zookeeper.CN-22038 - Medium
Fixed a bug where the operator would incorrectly set ingress path types to ImplementationSpecific instead of Prefix.
CN-22373 - Low
Fixed a bug where additional labels (.spec.additionalLabels), which are mutable, were incorrectly applied to workload resources' pod selectors, which are immutable.
CN-22438 - Low
Fixed a bug where the Migration Tool would allow migration to continue without checking for certain path customizations.
We support Kubernetes versions 1.21-1.26 for this release.
dnsPolicy and dnsConfig fields on pods created by the operator can set the new .spec.<COMPONENT>.dnsPolicy and .spec.<COMPONENT>.dnsConfig fields in their Appian custom resources..spec.<COMPONENT>.podAnnotations fields in their Appian custom resources..spec.webapp.dataSources.primary.usernameSecretKeyRef and .spec.webapp.dataSources.business[].usernameSecretKeyRef fields in their Appian custom resources.validationQuery fields in v1alpha1 previously deprecated in v0.108.0.CN-19943 - Low
Fixed a bug where the operator would fail to update the status of Appian custom resources.
AN-205041 - Low
Fixed a bug where the operator would incorrectly set Service Manager's termination grace period to 24 hours.
AN-234601 - Low
Fixed a bug where Webapp pods would not terminate gracefully.
We support Kubernetes versions 1.21-1.26 for this release.
.spec.serviceManager.shutdownin their Appian custom resources. The container no longer has CPU and memory requests and limits by default.CN-12329 - Low
Fixed a bug where /usr/local/appian/ae/_admin/validation was persisted.
CN-20588 - Low
Fixed a bug where Zookeeper's network policy allowed traffic from Data Server and Webapp for newer versions of Appian.
We support Kubernetes versions 1.21-1.26 for this release.
We support Kubernetes versions 1.21-1.26 for this release.
priorityClassName field on pods created by the operator can set the new .spec.<COMPONENT>.priorityClassName fields in their Appian custom resources..spec.additionalLabels field in their Appian custom resources.Note: This operator release supports Kubernetes version 1.26.
CN-19728 - Low
Upgraded golang.org/x/net to address CVE-2022-41723
CN-19466 - Medium
Fixed a bug where default inter-pod anti-affinity was improperly configured for replicas of the execution and analytics engines.
We support Kubernetes versions 1.21-1.25 for this release.
The operator now allows configuring TLS ingress secrets in their cluster. Customers with a use case of handling their own ingress certificates can use the new field .spec.ingress.tls.
The Migration Tool now supports saving state with annotations during import. When import times out, it will now pick back up in the state that it timed out on.
Customers can now provide data source passwords by referencing an existing secret in .spec.webapp.dataSources.primary.passwordSecretKeyRef or .spec.webapp.dataSources.business[].passwordSecretKeyRef instead of configuring the password value directly. The old .spec.webapp.dataSources.primary.password and .spec.webapp.dataSources.business[].password values are now deprecated.
The operator now exposes Pod Disruption Budget support for all components. Currently the defaulting is for httpd to preserve existing behavior but this will eventually be removed, so customers wanting PDBs for httpd should explicitly set .spec.httpd.pdb.
CN-18488 - Low
Upgraded golang.org/x/net to address CVE-2022-41717.
CN-18231 - Low
Fixed a bug where Migration Tool export didn't work with UNC paths on Windows.
We support Kubernetes versions 1.21-1.25 for this release.
The Migration Tool now reports estimated progress during merge and import.
The Migration Tool now has a darwin/amd64 variant.
The Migration Tool now reports which pods it's waiting for during import by default and links to the appropriate section in the troubleshooting documentation in the event of a timeout.
We support Kubernetes versions 1.21-1.25 for this release.
When shutting down sites running newer versions of Appian with .spec.version defined, the Appian operator now creates a single job to shutdown the Appian engines instead of a job per engine. This reduces the amount of resources required to shutdown the Appian engines.
The Migration Tool now reports estimated progress during export.
The Appian operator Helm chart now defines a NOTES.txt file with helpful post-install and post-upgrade information - including reminders to inject your certificate's CA bundle into the Appian custom resource definition (CRD) and upgrade the Appian CRD.
AN-210105 - Medium
Fixed a bug where the Appian operator might not shutdown the Appian engines cleanly - resulting in transaction replays or possible data loss on the next startup. To benefit from this bug fix, you must upgrade Appian to the latest hotfix and set the .spec.version field in your Appian custom resources.
We support Kubernetes versions 1.21-1.25 for this release.
Added version printer column to Appians resources. When running kubectl get appians in terminal, the Appian version is now printed if it was set in the Appian custom resource.
Updated all statefulset update strategies to OnDelete. From Kubernetes documentation: "When a StatefulSet's .spec.updateStrategy.type is set to OnDelete, the StatefulSet controller will not automatically update the Pods in a StatefulSet. Users must manually delete Pods to cause the controller to create new Pods that reflect modifications made to a StatefulSet's .spec.template."
Created a new field in the CRD for the Appian version in .spec.version. While the field is currently optional, we recommend customers start setting the field in their custom resources as the field will become required in the future. The operator will now understand the version of Appian a site is running on and in the future could perform different actions based on the version. If .spec.version is set, customers can omit the .spec.<component>.image.tag fields from their custom resources, as they will get automatically populated with the version.
Note: This operator release supports Kubernetes version 1.25, and 1.19 and 1.20 are now deprecated.
CN-17607 - Medium
Upgraded golang.org/x/text to v0.3.8+ to address CVE-2022-32149.
CN-17162 - Low
Upgraded golang.org/x/net to address CVE-2022-27664.
We support Kubernetes versions 1.19-1.24 for this release.
Note: Upgrading the operator to the new version will cause Zookeeper, Kafka, and Webapp pods to roll.
AN-211296 - Medium
Fixed a bug where /usr/local/appian/ae/zookeeper/config/tmp and /usr/local/appian/ae/kafka/config/tmp might not be writable.
CN-16866 - Low
Upgraded github.com/emicklei/go-restful to v2.16.0 to address CVE-2022-1996.
CN-16612 / CN-16613 - Medium
Fixed bugs in Zookeeper, Kafka, and Webapp probe configurations.
We support Kubernetes versions 1.19-1.24 for this release.
Note: Upgrading the operator to the new version will require manual action on the customer to either externally manage their own certificates or configure cert-manager to inject the CA bundle. Please refer to our documentation for more information prior to upgrading.
.spec.webapp.dataSources.validationQuery. In order to configure a validation query in v1beta1, use the .spec.webapp.dataSources.attributes field..spec.webapp.url is now moved to .spec.urlAdded support for replicas, pod disruption budgets, and horizontal pod autoscaling for the operator's webhooks.
.spec.dataServer.securityTokenSecretName.spec.serviceManager.authThe features listed below are deprecated and will be removed in future releases. Do not begin using deprecated features, and transition away from any prior usage of now deprecated features. Where applicable, supported alternatives are described for each deprecation.
.spec.webapp.dataSources.validationQuery in the CRD is now deprecated, use .spec.webapp.dataSources.attributes to configure a validation query instead..spec.webapp.url in the CRD is now deprecated, use .spec.url instead..spec.dataServer.securityTokenSecretName and .spec.serviceManager.auth are now deprecated. The operator will take on the responsibility of managing the secrets.CN-14295 - High
Fixed a bug where Search Server custom properties would not be migrated.
CN-14913 - Critical
Upgraded golang.org/x/crypto to address CVE-2022-27191 and removed tool dependencies from dependency tree.
CN-15615 - Critical
Upgraded gopkg.in/yaml.v3 to address CVE-2022-28948.
CN-15280 - Medium
Updated httpd's probes to monitor the mod_jk workers to make sure there is a good communication channel between httpd and Webapp.
We support Kubernetes versions 1.19-1.24 for this release.
CN-14763 - Medium
Fixed an issue where liveness probe initial delays and startup probe configurations were not configured correctly for small sites.
CN-14913 - Low
Fixed an issue where tool dependencies were included in the Appian operator Docker image.
CN-14204 - Low
Fixed an issue where users were able to define duplicate values in set fields in Appian custom resources.
CN-14295 - Medium
Fixed an issue where <APPIAN_HOME>/search-server/conf/custom.properties was not migrated by the Migration Tool.
Appian Operator Release Notes
