OverviewCopy link to clipboard
This page documents the release notes for each version of the Appian operator that is released for self-managed customers.
Note: Only the three most recent releases of the Appian operator are supported at any given time. Users should upgrade the operator frequently to stay up-to-date with bug and security fixes, especially since upgrading the operator neither requires upgrading installations of Appian on Kubernetes nor impacts their availability.
Release NotesCopy link to clipboard
v0.171.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
This release has been explicitly tested against Kubernetes v1.26-v1.30.
Bug FixesCopy link to clipboard
-
CN-34049 - Medium
Fixed a bug in the Migration Tool that prevented it from working on Windows.
-
CN-33980 - Low
Fixed a bug that prevented role bindings from being created for Data Server.
v0.166.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
This release has been explicitly tested against Kubernetes v1.26-v1.30.
Bug FixesCopy link to clipboard
-
CN-32833 - Medium
Fixed a bug that prevented httpd's
/run/httpd
directory from being writable. -
CN-31979 - Medium
Fixed a bug where a restarted site's pods might use the old site's secret values.
v0.161.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
This release has been explicitly tested against Kubernetes v1.26-v1.30.
Breaking ChangesCopy link to clipboard
- The Appian operator now creates
tmp
emptyDir
volumes in the pods it manages and volume mounts from them to ephemeral data directories. If you are doing this yourself via the .spec.[COMPONENT].additionalVolumes or .spec.[COMPONENT].additionalVolumeMounts fields on Appian custom resources, you will need to stop doing so when you upgrade the operator.
Note: Upgrading the operator to the new version will cause Zookeeper, Kafka, Search Server, Data Server, Service Manager, Webapp, and httpd pods to roll, if HA.
Bug FixesCopy link to clipboard
-
CN-28361 - Medium
Fixed a bug that prevented ephemeral data directories from being writable.
Note: This release has been explicitly tested against Kubernetes v1.26-v1.30. It has not been explicitly tested against versions older than Kubernetes v1.26.
v0.159.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
This release has been explicitly tested against Kubernetes v1.25-v1.29.
Bug FixesCopy link to clipboard
-
CN-28689 - Low
Upgraded golang.org/x/net to v0.24.0 to remediate CVE-2023-45288.
-
CN-29252 - Major
Fixed a bug with the migration tool that prevented the webapp from starting after migrating data.
v0.156.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
This release has been explicitly tested against Kubernetes v1.25-v1.29.
New FeaturesCopy link to clipboard
- RPA is now supported for Appian on Kubernetes. This new capability brings all of Appian RPA's features directly to your self-managed environment. Starting with RPA 9.9, this capability is supported on Appian 23.4 and newer.
Breaking ChangesCopy link to clipboard
- Appian on Kubernetes now requires an
appian.lic
license in addition tok3.lic
andk4.lic
licenses. Make sure you have requested anappian.lic
license and have loaded it into Kubernetes and referenced it in your Appian custom resource before upgrading the Appian operator.
Note: This release has been explicitly tested against Kubernetes v1.25-v1.29. It has not been explicitly tested against versions older than Kubernetes v1.25.
v0.154.1Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.23-1.27 for this release.
Bug FixesCopy link to clipboard
-
AN-268736 - Low
Upgraded github.com/emicklei/go-restful/v3 to address PRISMA-2022-0227.
-
CN-28132 - Low
Upgraded github.com/lestrrat-go/jwx/v2 and google.golang.org/protobuf to address CVE-2024-28122 and CVE-2024-24786, respectively.
v0.154.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.23-1.27 for this release.
Bug FixesCopy link to clipboard
-
CN-24866 - Low
Fixed a bug where additional labels (
.spec.additionalLabels
), which are mutable, were incorrectly applied to workload resources' pod selectors, which are immutable.
v0.151.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.23-1.27 for this release.
New FeaturesCopy link to clipboard
- The operator now supports custom labels on pods. Customers that need pods to be created with specific labels can set the new
.spec.<COMPONENT>.podLabels
fields in their Appian custom resources.
RemovalsCopy link to clipboard
- Removed the v1alpha1 API version of the Appian CRD previously deprecated in v0.108.0.
- Removed the
securityTokenSecretName
,adminPasswordSecretName
, andserviceManagerConfSecretName
fields previously deprecated in v0.108.0.
Bug FixesCopy link to clipboard
-
CN-25397 - Medium
Fixed a bug where the
.webhooks.caBundle
and.webhooks.webhookConfiguration.caBundle
Helm chart values were not properly injected into the Appian CRD by the CRD update job. -
CN-25650 - Low
Upgraded github.com/lestrrat-go/jwx/v2 to address CVE-2023-49290.
-
CN-25942 - Low
Upgraded golang.org/x/crypto to address CVE-2023-48795.
v0.146.2Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.23-1.27 for this release.
Bug FixesCopy link to clipboard
-
CN-25397 - Medium
Fixed a bug where image pull secrets were not rendered into the CRD update job.
v0.146.1Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.23-1.27 for this release.
New FeaturesCopy link to clipboard
- The Appian operator Helm chart now includes a hook that installs or upgrades the Appian custom resource definition (CRD). Customers no longer have to annotate or patch the Appian CRD after installing or upgrading the Appian operator or upgrade it before upgrading the operator. As part of this change, a new Helm chart value,
.webhooks.caBundle
, has been added to replace the old, now deprecated.webhooks.webhookConfiguration.caBundle
value. - The Appian operator Helm chart can now be pulled from Appian's container registry instead of downloaded from Appian Community. For more information, see Appian operator Helm chart
- The operator now sets stateful sets' update strategies to
RollingUpdate
if they have multiple replicas. This means that customers no longer have to manually delete pods after making certain changes to Appian custom resources.
Bug FixesCopy link to clipboard
-
CN-24756 - Low
Upgraded golang.org/x/net to address CVE-2023-39325 and CVE-2023-44487
v0.140.1Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.23-1.27 for this release.
New FeaturesCopy link to clipboard
- Appian on Kubernetes now supports collecting support bundles for easier troubleshooting. For more information, see Support Bundle for Appian on Kubernetes.
Note: This operator release supports Kubernetes version 1.27, and 1.21 and 1.22 are now deprecated.
Bug FixesCopy link to clipboard
-
CN-23177 - Low
Upgraded golang.org/x/net to address CVE-2023-3978
-
CN-23257 - Low
Fixed a bug where the operator would incorrectly attempt to update immutable job fields.
v0.137.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.26 for this release.
New FeaturesCopy link to clipboard
- Appian on Kubernetes now supports MirrorMaker for Kafka mirroring in support of Cold Failover. Customers can now set the
.spec.kafka.mirrorMakerListeners
and.spec.mirrorMaker
fields in their primary and backup Appian custom resources, respectively, to enable MirrorMaker. For more information, see Kafka / Zookeeper.
Bug FixesCopy link to clipboard
-
CN-22038 - Medium
Fixed a bug where the operator would incorrectly set ingress path types to
ImplementationSpecific
instead ofPrefix
. -
CN-22373 - Low
Fixed a bug where additional labels (
.spec.additionalLabels
), which are mutable, were incorrectly applied to workload resources' pod selectors, which are immutable. -
CN-22438 - Low
Fixed a bug where the Migration Tool would allow migration to continue without checking for certain path customizations.
v0.136.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.26 for this release.
New FeaturesCopy link to clipboard
- The operator now reconciles multiple Appian custom resources in parallel.
- The operator now supports DNS Policy and DNS Config for all components. Customers that need to set the
dnsPolicy
anddnsConfig
fields on pods created by the operator can set the new.spec.<COMPONENT>.dnsPolicy
and.spec.<COMPONENT>.dnsConfig
fields in their Appian custom resources. - The operator now supports custom annotations on pods. Customers that need pods to be created with specific annotations can set the new
.spec.<COMPONENT>.podAnnotations
fields in their Appian custom resources. - The operator now supports storing data source usernames in existing secrets. Customers that need to store data source usernames in secrets can do so and set the new
.spec.webapp.dataSources.primary.usernameSecretKeyRef
and.spec.webapp.dataSources.business[].usernameSecretKeyRef
fields in their Appian custom resources.
RemovalsCopy link to clipboard
- Removed the
validationQuery
fields in v1alpha1 previously deprecated in v0.108.0.
Bug FixesCopy link to clipboard
-
CN-19943 - Low
Fixed a bug where the operator would fail to update the status of Appian custom resources.
-
AN-205041 - Low
Fixed a bug where the operator would incorrectly set Service Manager's termination grace period to 24 hours.
-
AN-234601 - Low
Fixed a bug where Webapp pods would not terminate gracefully.
v0.133.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.26 for this release.
New FeaturesCopy link to clipboard
- Make Service Manager shutdown job resources configurable for the shutdown pod via the new field
.spec.serviceManager.shutdown
in their Appian custom resources. The container no longer has CPU and memory requests and limits by default.
Bug FixesCopy link to clipboard
-
CN-12329 - Low
Fixed a bug where
/usr/local/appian/ae/_admin/validation
was persisted. -
CN-20588 - Low
Fixed a bug where Zookeeper's network policy allowed traffic from Data Server and Webapp for newer versions of Appian.
v0.131.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.26 for this release.
New FeaturesCopy link to clipboard
- Non-primary Webapp replicas now start in parallel.
v0.127.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.26 for this release.
New FeaturesCopy link to clipboard
- The operator no longer caches objects it does not operate or own - making it more resource efficient - especially in large clusters.
- The operator now supports Pod Priority for all components. Customers that need to set the
priorityClassName
field on pods created by the operator can set the new.spec.<COMPONENT>.priorityClassName
fields in their Appian custom resources. - The operator now supports creating objects with custom, additional labels. Customers that need objects created by the operator, including pods, to be created with specific labels can set the new
.spec.additionalLabels
field in their Appian custom resources.
Note: This operator release supports Kubernetes version 1.26.
Bug FixesCopy link to clipboard
-
CN-19728 - Low
Upgraded golang.org/x/net to address CVE-2022-41723
-
CN-19466 - Medium
Fixed a bug where default inter-pod anti-affinity was improperly configured for replicas of the execution and analytics engines.
v0.124.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.25 for this release.
New FeaturesCopy link to clipboard
-
The operator now allows configuring TLS ingress secrets in their cluster. Customers with a use case of handling their own ingress certificates can use the new field
.spec.ingress.tls
. -
The Migration Tool now supports saving state with annotations during import. When import times out, it will now pick back up in the state that it timed out on.
-
Customers can now provide data source passwords by referencing an existing secret in
.spec.webapp.dataSources.primary.passwordSecretKeyRef
or.spec.webapp.dataSources.business[].passwordSecretKeyRef
instead of configuring the password value directly. The old.spec.webapp.dataSources.primary.password
and.spec.webapp.dataSources.business[].password
values are now deprecated. -
The operator now exposes Pod Disruption Budget support for all components. Currently the defaulting is for httpd to preserve existing behavior but this will eventually be removed, so customers wanting PDBs for httpd should explicitly set
.spec.httpd.pdb
.
Bug FixesCopy link to clipboard
-
CN-18488 - Low
Upgraded golang.org/x/net to address CVE-2022-41717.
-
CN-18231 - Low
Fixed a bug where Migration Tool export didn't work with UNC paths on Windows.
v0.120.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.25 for this release.
New FeaturesCopy link to clipboard
-
The Migration Tool now reports estimated progress during merge and import.
-
The Migration Tool now has a darwin/amd64 variant.
-
The Migration Tool now reports which pods it's waiting for during import by default and links to the appropriate section in the troubleshooting documentation in the event of a timeout.
v0.118.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.25 for this release.
New FeaturesCopy link to clipboard
-
When shutting down sites running newer versions of Appian with
.spec.version
defined, the Appian operator now creates a single job to shutdown the Appian engines instead of a job per engine. This reduces the amount of resources required to shutdown the Appian engines. -
The Migration Tool now reports estimated progress during export.
-
The Appian operator Helm chart now defines a NOTES.txt file with helpful post-install and post-upgrade information - including reminders to inject your certificate's CA bundle into the Appian custom resource definition (CRD) and upgrade the Appian CRD.
Bug FixesCopy link to clipboard
-
AN-210105 - Medium
Fixed a bug where the Appian operator might not shutdown the Appian engines cleanly - resulting in transaction replays or possible data loss on the next startup. To benefit from this bug fix, you must upgrade Appian to the latest hotfix and set the
.spec.version
field in your Appian custom resources.
v0.117.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.21-1.25 for this release.
New FeaturesCopy link to clipboard
-
Added version printer column to Appians resources. When running
kubectl get appians
in terminal, the Appian version is now printed if it was set in the Appian custom resource. -
Updated all statefulset update strategies to OnDelete. From Kubernetes documentation: "When a StatefulSet's
.spec.updateStrategy.type
is set toOnDelete
, the StatefulSet controller will not automatically update the Pods in a StatefulSet. Users must manually delete Pods to cause the controller to create new Pods that reflect modifications made to a StatefulSet's.spec.template
." -
Created a new field in the CRD for the Appian version in
.spec.version
. While the field is currently optional, we recommend customers start setting the field in their custom resources as the field will become required in the future. The operator will now understand the version of Appian a site is running on and in the future could perform different actions based on the version. If.spec.version
is set, customers can omit the.spec.<component>.image.tag
fields from their custom resources, as they will get automatically populated with the version.
Note: This operator release supports Kubernetes version 1.25, and 1.19 and 1.20 are now deprecated.
Bug FixesCopy link to clipboard
-
CN-17607 - Medium
Upgraded golang.org/x/text to v0.3.8+ to address CVE-2022-32149.
-
CN-17162 - Low
Upgraded golang.org/x/net to address CVE-2022-27664.
v0.112.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.19-1.24 for this release.
New FeaturesCopy link to clipboard
- Updated the storage API version to be v1beta1 in the Appian CRD. This means that newly created or updated objects will be persisted using the new v1beta1 API version.
Note: Upgrading the operator to the new version will cause Zookeeper, Kafka, and Webapp pods to roll.
Bug FixesCopy link to clipboard
-
AN-211296 - Medium
Fixed a bug where
/usr/local/appian/ae/zookeeper/config/tmp
and/usr/local/appian/ae/kafka/config/tmp
might not be writable. -
CN-16866 - Low
Upgraded github.com/emicklei/go-restful to v2.16.0 to address CVE-2022-1996.
-
CN-16612 / CN-16613 - Medium
Fixed bugs in Zookeeper, Kafka, and Webapp probe configurations.
v0.108.0Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.19-1.24 for this release.
New FeaturesCopy link to clipboard
- Added conversion webhooks to allow for versioning of the Appian custom resource definition. This allows evolving the schema for Appian custom resources without breaking backward compatibility.
- Webhook certificates are now required and externally managed. This enables customers to manage certificates in a wider variety of ways. Customers can still use cert-manager to handle their certificates if they were using it previously.
Note: Upgrading the operator to the new version will require manual action on the customer to either externally manage their own certificates or configure cert-manager to inject the CA bundle. Please refer to our documentation for more information prior to upgrading.
- Added new API version v1beta1 to the Appian CRD. The following changes have been made in v1beta1:
- Removed deprecated field
.spec.webapp.dataSources.validationQuery
. In order to configure a validation query in v1beta1, use the.spec.webapp.dataSources.attributes
field. .spec.webapp.url
is now moved to.spec.url
- Removed deprecated field
-
Added support for replicas, pod disruption budgets, and horizontal pod autoscaling for the operator's webhooks.
- In previous operator versions, the user had the responsibility of manually managing the Appian Data Server security token and Service Manager admin user credentials. Now the operator conveniently manages these internally. As a result of this change, if customers are creating custom resources without the Service Manager auth secret name, Service Manager will restart.
- This also means that the following secret fields have now been deprecated.
.spec.dataServer.securityTokenSecretName
.spec.serviceManager.auth
- This also means that the following secret fields have now been deprecated.
DeprecationsCopy link to clipboard
The features listed below are deprecated and will be removed in future releases. Do not begin using deprecated features, and transition away from any prior usage of now deprecated features. Where applicable, supported alternatives are described for each deprecation.
- The field
.spec.webapp.dataSources.validationQuery
in the CRD is now deprecated, use.spec.webapp.dataSources.attributes
to configure a validation query instead. - The field
.spec.webapp.url
in the CRD is now deprecated, use.spec.url
instead. - Secret fields previously exposed in the CRD
.spec.dataServer.securityTokenSecretName
and.spec.serviceManager.auth
are now deprecated. The operator will take on the responsibility of managing the secrets.
Bug FixesCopy link to clipboard
-
CN-14295 - High
Fixed a bug where Search Server custom properties would not be migrated.
-
CN-14913 - Critical
Upgraded golang.org/x/crypto to address CVE-2022-27191 and removed tool dependencies from dependency tree.
-
CN-15615 - Critical
Upgraded gopkg.in/yaml.v3 to address CVE-2022-28948.
-
CN-15280 - Medium
Updated httpd's probes to monitor the mod_jk workers to make sure there is a good communication channel between httpd and Webapp.
v0.89.3Copy link to clipboard
Kubernetes CompatibilityCopy link to clipboard
We support Kubernetes versions 1.19-1.24 for this release.
Bug FixesCopy link to clipboard
-
CN-14763 - Medium
Fixed an issue where liveness probe initial delays and startup probe configurations were not configured correctly for small sites.
-
CN-14913 - Low
Fixed an issue where tool dependencies were included in the Appian operator Docker image.
v0.89.1Copy link to clipboard
Bug FixesCopy link to clipboard
-
CN-14204 - Low
Fixed an issue where users were able to define duplicate values in set fields in Appian custom resources.
-
CN-14295 - Medium
Fixed an issue where
<APPIAN_HOME>/search-server/conf/custom.properties
was not migrated by the Migration Tool.