Skip to main content

Changelog

0.5.0 - 2026-03-05

Security hardening

  • Added -H flag to quickstart.sh for STIG-hardened installations
  • In hardened mode, NetworkPolicies are applied to the support and ziti namespaces (BYO clusters)
  • Enabled TLS certificate verification for Logstash and Grafana connections to Elasticsearch
  • Added configurable elasticsearch.tlsCaSecret Helm value for BYO Elasticsearch deployments
  • Added SHA256 integrity verification for downloaded ECK operator manifests
  • Registry pull secret output is suppressed and file permissions restricted

Upgrade script improvements

  • Added component-specific upgrade flags: --router, --controller, --ziti-host, --support, --k3s
  • Added --skip-snapshot / -S flag to skip pre-upgrade database snapshot
  • Auto-detect offline mode from pre-downloaded Helm charts

Fixes

  • Fixed snapshot creation and restore jobs for offline environments
  • Removed unused Docker socket mount from Metricbeat
  • Fixed .env parsing to use export instead of eval
  • Updated ziti-host Helm chart version constraint to ^1.2.0
  • Bumped support Helm chart to 0.1.5

0.4.4 - 2026-02-24

  • Improved alignment with offline installer
  • Fixes for snapshot creation and restore jobs
  • Fixed missing zip dependency for debian and offline install packages
  • Documentation updates
  • Improved user guidance post-install and upgrade for debian package
  • Fixed OpenZiti upgrade order based on latest OpenZiti best practices (routers, then controller)

0.4.3 - 2026-02-11

  • Fixes for nf-helpers.sh to be re-run safe
  • Updates for package installer for deb amd64 and arm64 packages
  • Added nf-restore-snapshot command for restoring controller snapshots

0.4.2 - 2025-11-14

  • Updated installer docs with offline install and zlan options
  • Fix script directory path in nf-helpers.sh
  • Fix Helm chart apiVersion

0.4.1 - 2025-11-10

  • Multiple fixes for zLAN installation
  • Added an OpenZiti database snapshot as a pre-upgrade step to upgrade.sh
  • Fix default router policy to better account to private routers
  • Added nf-help commands

0.4.0 - 2025-10-30

  • Updated support stack container images to use wolfi/oss image variants
  • Added migration script for ziti-host container at ./utilities/migrate_ZET_to_helmchart.sh for legacy installs
  • Pinned Helm chart versions for OpenZiti components in .env file to ensure alignment on OpenZiti versions
  • Fix for zLAN installs - added missing interfaces.v1 config type

0.3.4 - 2025-10-28

  • ziti-host container in the support namespace is now managed by Helm for easier maintenance and upgrades
  • NetFoundry support stack is now installed by default, the -s option can be passed to disable it
  • Added support for zLAN installation using the -z flag. Requires NetFoundry container registry secret
  • Updated charts so that all container images and pull policies are configurable

0.3.3 - 2025-09-24

  • Improve handling of KUBECONTEXT for K3S installs
  • Fix default imagePullPolicy for support stack resources
  • Enabled OpenZiti database snapshots by default
  • Migrated documentation to public docs site at: https://netfoundry.io/docs/onprem/intro

0.3.2

  • Added doc for FIPS installation
  • Reworked quickinstall.sh for better K8s and EKS integration
  • Added guided upgrade script at ./upgrade.sh
  • Fixes for missing KUBECONTEXT and making quickstart more re-run safe
  • Added OEM documentation at ./docs/oem.md for advanced installation use cases
  • Added support and documentation for automated backups, restore, and migration

0.3.1

  • Updates to support ziti-controller Helm chart v2.0+
  • cert-manager and trust-manager are now installed as separate Helm charts and managed independently from the ziti-controller chart
  • Added charts for local PCV backup or S3 backup for OpenZiti boltdb database
  • Enabled local PVC backup of boltdb by default
  • Added improved support for custom helm value files
  • Added restore processes for local PVC backup and S3 backup (./utilities/restore.sh, ./utilities/s3_restore.sh)

0.3.0

  • Moved to k3s as the default Kubernetes engine
  • Updated proxy documentation for k3s

0.2.8

  • Cleanup of quickinstall feedback and INSTALL-NOTES.txt
  • Fix for older versions of helm that failed upon re-add of a repo
  • Documentation cleanup

0.2.7

  • Added additional logging and diagnostic collection to installer scripts
  • Added documentation for single-node RKE2 installs
  • Added support for additional logstash outputs via helm values

0.2.6

  • Added documentation for outbound whitelisting for installations behind a corporate proxy
  • Changed default elasticsearch nodes to 1 for a much smaller resource footprint by default
  • Updated default configuration to use ALPN support for OpenZiti, reducing the number of ports and load balancers needed
  • Added support for ARM architecture
  • Added support and documentation for minimal installs on MicroK8s and Raspberry Pi4+

0.2.5

  • Added support for non-interactive quickstarts, use the -y flag and set the CTRL_ADDR environment variable
  • Added an uninstall.sh script that removes OpenZiti, support, and all checkpoints
  • Added a production installer - k8s-install.sh
  • Fixed time scale for Grafana OpenZiti controller dashboard showing in milliseconds when it should have showed nanoseconds