기술 자료

Changelog

The vpctl command-line tool release history, including new features, fixes, and breaking changes.
읽는 시간 5분최근 업데이트: 4일 전
This changelog records vpctl release notes from an operator's perspective: new commands, new flags, behavior changes, and breaking changes. This changelog doesn't include internal refactors.

[0.10.0] - 2026-05-12

Security

  • Rebuilt with Go 1.26.3 (previously 1.25.x) to pick up four standard-library CVE fixes that were reachable from vpctl: two 
    html/template
    escaper bypasses used by CUE schema validation, a 
    net.Dialer
    NUL-byte panic on Windows used by OCI registry pulls, and an HTTP/2 
    SETTINGS_MAX_FRAME_SIZE
    infinite loop used by every outbound HTTP call. The 
    golang.org/x/net
    dependency is bumped to v0.53.0.

Added

  • New optional 
    configuration.networking.trustedCaSecretName
    manifest field. Reference a pre-existing Kubernetes Secret (single key 
    ca-bundle.crt
    , PEM-encoded CA chain) to make the .NET workflow containers (StorageTool) trust an internally-signed ingress certificate. Required for environments where the ingress TLS isn't chained to a publicly-trusted CA. The CA bundle is also mounted into the Pixyz Argo workflow templates (
    asset-manager-glb-preview
    , 
    asset-manager-metadata-extraction
    , 
    asset-manager-optimize-and-convert
    , 
    asset-manager-thumbnail-generator
    ) for defensive coverage of any future outbound HTTPS calls from those containers.
  • release deploy --timeout
    flag (default 
    10m
    ): per-release timeout passed to 
    helm
    when waiting.
  • release deploy --retries
    flag (default 
    0
    ): number of additional attempts after a failed 
    helm upgrade --install
    or 
    helm template | kubectl apply
    . Helps with the "CRDs not yet visible on first attempt" race that sometimes resolves on a second attempt.
  • release deploy --retry-delay
    flag (default 
    5s
    ): sleep between retry attempts.
  • keyType: hex
    support in the secret schema: generates 
    length
    hex characters (lowercase 
    a
    f
    / 
    0
    9
    ) from 
    crypto/rand
    for cryptographic secrets that require pure hex (for example, the Garage 
    rpc_secret
    ). The 
    length
    field is required and must be even.

Changed

  • Breaking: 
    release deploy --wait
    now defaults to 
    true
    (was 
    false
    ). Each Helm release is waited on before vpctl moves to the next chart, with the new default 10-minute per-release timeout. Pass 
    --wait=false
    to restore the previous fire-and-forget behavior.
  • Breaking: the 
    rustfs:
    manifest field under 
    configuration.infrastructure.components
    is replaced by 
    garage:
    , which exposes 
    resources
    (standard CPU and memory requests and limits), 
    metaStorage
    , 
    dataStorage
    , 
    replicas
    , and 
    replicationFactor
    (capped at 3). The on-premises release package's 
    compatibility.yaml
    minVpctlVersion
    is bumped to 
    0.10.0
    in the same release, so you must upgrade vpctl to 
    0.10.0
    before you can deploy on-premises release 
    0.13.0
    or later.
  • Remote Helm charts now resolve their source registry from 
    manifest.yaml
    artifactSync.sourceRepository
    , the same way Docker images and ORAS artifacts already do, instead of a per-chart URL.
  • The 
    _arrayMerge
    helper in chart values now recurses through nested map levels, so paths like 
    _arrayMerge.backups.pgbackrest.repos.0.X
    merge into 
    backups.pgbackrest.repos[0].X
    . Top-level array behavior is unchanged.

[0.9.0] - 2026-04-24

Added

  • secret generate --persist [path]
    flag: saves generated values to a file (default: 
    secrets.import.yaml
    ) and auto-loads it on subsequent runs so values are reused without regeneration.
  • keyType: ca-cert
    support in the secret schema: auto-generates a self-signed CA certificate (RSA 4096-bit, 10-year validity period) when no value is provided, so you don't need to manually supply a CA certificate for non-interactive generation.
  • Alphanumeric-only validation for generated password fields, to prevent special characters, for example, 
    @
    , 
    !
    , from breaking connection strings. This applies to both auto-generated and user-provided values. Set 
    alphanumeric: false
    in the secret schema to opt out for fields that are not used in connection strings.
  • deployment.helmChartMode
    manifest setting (
    "local"
    or 
    "remote"
    , defaults to 
    "local"
    ): choose between local charts from the release package or remote OCI charts. Existing manifests without this field continue using local charts.
  • vpctl artifact sync charts
    subcommand to sync OCI Helm charts between registries (mirrors remote charts for air-gapped deployments).
  • Remote chart support across the 
    release generate
    and 
    release deploy --format helm
    paths, including multi-source ArgoCD 
    Application
    generation (OCI chart source + Git values reference).
  • Image and chart references in rendered output are rewritten to your target registry during generation (air-gapped deployments).

Fixed

  • secret generate
    now re-prompts on invalid input in interactive mode instead of aborting the entire session.
  • secret generate
    export now correctly base64-encodes fields with 
    encoding: "base64"
    (e.g. licenses), so reimporting preserves the original values instead of corrupting them.
  • secret generate
    interactive input for 
    encoding: "base64"
    fields (licenses) now uses a multi-line reader, so pasted multiline base64 content works correctly.

Changed

  • secret generate --use-defaults
    now writes a 
    TBD
    placeholder for required fields with no default and no auto-generate option, instead of stopping execution. A warning is logged for each such field so you know to replace them before deploying.
  • Sync recap now lists the specific images and artifacts that failed instead of only showing a count.

[0.8.0] - 2026-03-17

Added

  • oras_artifacts
    support in 
    versions.yaml
    for tracking OCI artifact versions alongside Docker images.
  • vpctl artifact sync images
    subcommand for syncing Docker images between registries.
  • vpctl artifact sync oras
    subcommand for syncing ORAS artifacts between registries.
  • vpctl artifact sync preflight
    subcommand: verifies registry authentication by syncing one Docker image and one ORAS artifact, and provides troubleshooting hints if the command fails

Changed

  • Breaking: 
    vpctl image sync
    renamed to 
    vpctl artifact sync images
    / 
    vpctl artifact sync oras
    . Update any CI scripts that invoke the old command.
  • Breaking: Manifest field 
    imageSync
    renamed to 
    artifactSync
    . Update your 
    manifest.yaml
    .
  • Breaking: 
    --skip-login
    flag removed from 
    artifact sync images
    . Authenticate to source and target registries with 
    docker login
    before running the sync.

[0.7.0] - 2026-03-13

Added

  • vpctl manifest init
    command to interactively create a new 
    manifest.yaml
    (replaces 
    vpctl release init
    ).
  • vpctl manifest validate
    command to validate an existing manifest against the embedded CUE schema.
  • vpctl manifest schema
    command to display the CUE schema and export it for standalone 
    cue vet
    validation.
  • Manifest validation errors are now more precise: schema constraints, defaults, and cross-field rules are defined in CUE and embedded in the binary. 
    LoadManifest
    now validates manifests automatically during loading.
  • authentication.x509
    manifest configuration for X509 client certificate authentication.
  • logStorage
    field on the RustFS infrastructure component to size the log volume PVC independently of data storage.
  • configuration.transformations.parallelism
    manifest field to control the maximum number of concurrent transformation workflows in Argo Workflows (default: 20).
  • exactLength
    field in the secret schema to enforce exact value length validation.

Deprecated

  • vpctl release init
    is deprecated; use 
    vpctl manifest init
    instead.

Removed

  • Breaking: 
    configuration.licensing
    manifest section (
    FlexLM
    and 
    sdkLicenses
    ) removed. Parallelism is now controlled by 
    configuration.transformations.parallelism
    .

[0.6.0] - 2026-03-03

Added

  • Version compatibility check: 
    release generate
    and 
    secret generate
    now verify that vpctl satisfies the minimum version required by the release package (
    compatibility.yaml
    ). The command blocks execution and displays a clear upgrade message when vpctl is too old. Use 
    --skip-version-check
    to bypass. Dev builds and RC versions are handled gracefully.
  • image sync --concurrency
    flag: processes multiple images in parallel using a worker pool (default: 1 = sequential).

Fixed

  • vpctl version
    no longer prints an irrelevant manifest-not-found warning.

[0.5.0] - 2026-02-23

Added

  • infrastructure
    manifest section with sizing profiles (
    small
    , 
    medium
    , 
    large
    ) and per-component resource overrides for MongoDB, PostgreSQL, RabbitMQ, object storage, and Elasticsearch.
  • image sync --skip-existing
    flag: checks if each image already exists on the target registry (via 
    docker manifest inspect
    ) and skips it, to avoid redundant pull an push cycles.
  • image sync --cleanup
    flag: removes local images (
    docker rmi
    ) after each successful push, to free disk space on CI runners and local machines.

[0.4.0]

Added

  • monitoring.logCollection
    manifest section to enable or disable Loki + Alloy log collection.
  • deployment.argocd
    manifest section for ArgoCD deployment defaults (
    repoURL
    , 
    pathPrefix
    , 
    destinationServer
    , 
    targetRevision
    ). CLI flags take precedence over manifest values when you provide both.

Changed

  • Breaking: Manifest field 
    docker.images.sourceRepository
    renamed to 
    imageSync.sourceRepository
    .

[0.3.1]

Added

  • Service mesh configuration in the manifest.

Changed

  • Traefik configuration moved under the 
    ingress
    manifest section.

[0.3.0]

Added

  • ArgoCD app-of-apps chart generation support (
    release generate --format argocd
    ).
  • release init
    command to initialize a new manifest file.
  • release uninstall
    command to uninstall a release.
  • RSA private key generation in the secret schema.
  • --name
    flag on 
    image sync
    , 
    release generate
    , and 
    release deploy
    to filter to a single chart or image.
  • --dry-run
    flag on 
    release deploy
    and 
    image sync
    .
  • Default storage class configuration for Kubernetes storage in the manifest.
  • Network configuration in the manifest.

Changed

  • release pull
    now extracts to 
    ./extracted-release
    by default. Use 
    --skip-extract
    to skip extraction; use 
    --extract-dir
    to specify a custom extraction directory. Replaces the previous 
    --extract
    flag.
  • Breaking: 
    release deploy
    and 
    image sync
    now execute by default. Use 
    --dry-run
    to preview commands. Previously they printed commands without executing.
  • image sync
    is now a no-op when the target registry is unset or equals the source registry (
    uccmpprivatecloud.azurecr.io
    ).
  • Traefik configuration simplified to set up a 
    LoadBalancer
    service with annotations.

[0.2.0]

No customer-facing changes. (Internal updates to the secret-template format.)

[0.1.0]

Added

  • Initial release of the vpctl CLI tool.
  • Application management commands: download, generate, and deploy.
  • Manifest file support with automatic discovery, searched upward from CWD.
  • Secret management commands: generate.
  • Configuration management commands: view, set, and delete.
  • version
    command.