Skip to main content

Version 0.7.0-beta.4 Released

Β· 6 min read

Fourth beta of the 0.7.0 line. Fixes a TLS crash on outbound HTTPS, restores the bots create/delete API across the OpenAPI schema and the SDKs, and adds a new Python SDK β€” on top of beta.1–beta.3's OCI registry support, local cluster mode, configurable database pool, and tunable deployment credentials. Still beta β€” exercise it in non-production first.

TLS Crypto Provider Fix πŸ”’β€‹

With both aws-lc-rs and ring linked into rustls 0.23, neither is the process default, so the first outbound TLS handshake panicked. api, chart-discovery, and status-updates now install the aws-lc-rs provider explicitly at startup, so HTTPS to registries, AWS, and OIDC providers works reliably.

Thanks to @ben-schreiber for this contribution!

Bots API: Create and Delete Restored πŸ€–β€‹

The bots collection exposed only list/get/update in its OpenAPI schema β€” the POST /bots (createBot) and DELETE /bots/{id} (deleteBot) operations, and the NewBot request body, were missing from the generated schema and therefore from every generated SDK. The bots collection now registers the full set, so NewBot, createBot, and deleteBot are back in the OpenAPI document and the SDKs.

Python SDK πŸβ€‹

There's now a Python SDK, published to PyPI as platz. Like the JavaScript SDK it's generated from the backend's OpenAPI schema and versioned to match the backend. Betas install with the pre-release flag:

pip install --pre platz

Tunable Deployment Credentials πŸ”‘β€‹

k8s-agent previously hard-coded the deployment credentials refresh cadence to a fraction of a fixed token lifetime. Both numbers are now operator-tunable via humantime durations:

  • PLATZ_DEPLOYMENT_CREDENTIALS_REFRESH_INTERVAL β€” how often to refresh per-deployment credentials. Default 20m.
  • PLATZ_DEPLOYMENT_CREDENTIALS_TOKEN_DURATION β€” lifetime of issued deployment credential tokens. Default 1h.

Both surface through the helm chart as per-instance values:

k8sAgent:
  instances:
    - name: default
      deploymentCredentialsRefreshInterval: 30m
      deploymentCredentialsTokenDuration: 2h

The refresh loop also no longer aborts the whole batch on the first deployment that fails to apply a credential β€” remaining deployments in the same chunk now get their refresh attempt, and the error is propagated after the chunk completes.

Thanks to @ben-schreiber for this contribution!

OCI Registry Discovery πŸ“¦β€‹

chart-discovery can poll a generic OCI registry instead of listening for ECR push events. Set provider: oci on a chart-discovery instance and point oci.registryUrl at a Docker Distribution, zot, ghcr.io, or any other registry that speaks the OCI distribution spec.

The poller walks the registry's /v2/_catalog and per-repo tag listings, filters to helm-config-media-type artifacts, pulls each chart with helm pull, and records it the same way the ECR provider does. ECR continues to be the default, and existing deployments need no changes.

New chart values:

chartDiscovery:
  instances:
    - name: default
      provider: oci
      oci:
        registryUrl: "http://registry.platz.svc.cluster.local:5000"
        pollInterval: 5s

The helm_registries table gained a provider column to record which backend a registry came from. The Helm pod's bootstrap script now skips aws ecr get-login-password for non-ECR registries β€” they're expected to be anonymously readable from the cluster running the pod.

Local Cluster Provider Mode πŸ β€‹

k8s-agent can register a single cluster from a kubeconfig context instead of scanning AWS for EKS clusters. Set provider: local on a k8s-agent instance and optionally pin a localContext; the agent derives a synthetic local:<ctx> provider ID and writes a row through the same code path EKS discovery uses.

This unblocks running Platz outside AWS, and is what powers the single-command local dev stack in platzio/dev.

k8sAgent:
  instances:
    - name: default
      provider: local
      localContext: kind-platz
      disableDeploymentCredentials: true

PLATZ_DISABLE_DEPLOYMENT_CREDENTIALS is readable from the environment in addition to the CLI flag, so the chart values can flip it on without a custom command line.

Configurable Database Connection Pool πŸŠβ€‹

Every Platz pod that opens the database can have its connection pool tuned via environment variables β€” DB_POOL_MAX_SIZE (default 50), DB_POOL_MIN_IDLE, DB_POOL_CONNECTION_TIMEOUT_SECS (default 30), DB_POOL_IDLE_TIMEOUT_SECS (default 600), and DB_POOL_MAX_LIFETIME_SECS (default 1800). Database pool exhaustion is now handled as a graceful error rather than a panic.

Surfaced through the helm chart under database.pool and the Terraform module's database_pool variable:

module "platz" {
  source = "github.com/platzio/terraform-aws-platzio?ref=v0.7.0-beta.4/modules/main"
  # ...
  database_pool = {
    max_size                = 200
    connection_timeout_secs = 10
  }
}

Thanks to @joshimi for this contribution!

Build and Release Pipeline βš‘β€‹

The backend Dockerfile was rewritten around cargo-chef with per-architecture musl static builds, and the release workflow now uses per-arch native runners instead of QEMU. End-to-end backend release time dropped from ~50 minutes to ~20. CI is split into separate test, build, and release workflows, with image builds running in parallel with tests and the release gated on tests passing.

The Dockerfile also gained a dev target stage so the same Dockerfile serves local dev and release builds, matching how the helm chart and terraform module already work. The frontend Dockerfile builds dist/ in its own multi-stage, multi-arch build, removing the implicit dependency on a pre-built artifact and matching the backend's release pattern.

Local Dev Lives in platzio/dev πŸ› οΈβ€‹

The old docker-compose.yaml, scripts/run-api.sh, scripts/run-db.sh, scripts/run-oidc.sh, and scripts/container-build.sh have been removed from the backend repo. Local development now lives in platzio/dev, which orchestrates the full stack via Tilt against a kind cluster running k8s-agent in local provider mode and chart-discovery against a Docker Distribution registry.

SDKs πŸ“šβ€‹

All three SDKs are published at 0.7.0-beta.4, regenerated against this release's OpenAPI schema (so they pick up the restored bots create/delete operations):

  • platz-sdk (crates.io) β€” Rust.
  • @platzio/sdk (npm) β€” TypeScript.
  • platz (PyPI) β€” Python, new in this cycle. PyPI normalizes the version to 0.7.0b4; install betas with pip install --pre platz.

The Rust SDK's HelmRegistry carries the provider field, and the collections that had drifted out of it β€” bots, bot_tokens, deployment_permissions, env_user_permissions, helm_tag_formats β€” remain exposed.

Helm Chart βŽˆβ€‹

Images bumped to v0.7.0-beta.4 (backend and frontend; the helm base image stays at v9). The chart's backend dependency platz-chart-ext moved to 0.7.1 (utoipa 5, juspay_jsonlogic). The chart is published with artifacthub.io/prerelease: true, so ArtifactHub flags it as a pre-release. Every Rust pod (api, chart-discovery, k8s-agent, resource-sync, status-updates) honors a per-pod extraEnv list for injecting arbitrary env vars without forking the chart.