Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog , and this project adheres to Semantic Versioning.
[0.53.0] - 2025-08-29
Added
- agent-local: Added new labels to agent-local Kubernetes chart for Karpenter and GKE Autopilot to reduce the risk of pod eviction:
karpenter.sh/do-not-evict: "true"
karpenter.sh/do-not-disrupt: "true"
autopilot.gke.io/priority: high
- Provider Cache:
SCALR_AGENT_PROVIDER_CACHE_DROP_KERNEL_PAGES
configuration option (boolean). Controls whether to drop Linux kernel page cache entries for the OpenTofu/Terraform Provider Cache directory. Defaults totrue
. This frees cached filesystem pages but does not remove any provider files. - Provider Cache: Add an attempt to free cached kernel pages associated with the provider cache directory (best effort) using the
POSIX_FADV_DONTNEED
advice after each plan/apply stage is finished. This feature aims to reduce kernel page cache usage by OpenTofu/Terraform providers and improve memory reporting in the Kubernetes runtime.
[0.52.3] - 2025-08-21
Added
- Docker: Include Git in the scalr/agent image to make it a suitable choice for the local driver. Previously, only the bulk scalr/agent-runner image could be used for the local driver due to the lack of Git in the basic agent image.
- Kubernetes: Add
SCALR_AGENT_KUBERNETES_TERMINATION_GRACE_PERIOD_SECONDS
option to configure the termination grace period for agent task pods on Kubernetes driver. This allows better control over pod shutdown behavior. Default is 30 seconds.
Changes
- Kubernetes: The agent task pod deletion now respects the
SCALR_AGENT_KUBERNETES_TERMINATION_GRACE_PERIOD_SECONDS
setting. The default value has been updated from0
seconds (immediate force deletion) to30
seconds.
Fixed
- IAC: Fixed issue with module reports on agent runs
[0.52.2] - 2025-08-19
Fixed
- IAC: Added support for the OpenTofu extension
- IAC:
terragrunt hclvalidate
fails with an empty list of invalid HCL files.
[0.52.1] - 2025-08-15
Fixed
- Provider Cache: Resolve
h1:
checksums for the HCL lock file whenSCALR_AGENT_PROVIDER_CACHE_WARM_UP_FROM_LOCKFILE
is disabled. - Core: Add posting of state components to the Scalr API for reports.
[0.52.0] - 2025-08-08
Added
- Core: Reporting of runtime and driver details to the Scalr API when connecting to an agent pool.
- Core: Add
unzip
to the Docker image and use it as the preferred method to unpack provider plugins. - Core: Add new OpenTelemetry metrics to track RSS memory usage, threads and greenlets count.
- Provider Cache: Add the
SCALR_AGENT_PROVIDER_CACHE_WARM_UP_FROM_LOCKFILE
config option to allow disabling provider pre-download by the Scalr Agent, useful for debugging or in case of incompatibilities or issues.
Fixed
- Core: Fix intermittent timeout issues during provider plugin installation.
[0.51.0] - 2025-07-18
Added
Core: Reporting of runtime and driver details to the Scalr API when connecting to an agent pool.
Core: Add unzip
to the Docker image and use it as the preferred method to unpack provider plugins.
Core: Add new OpenTelemetry metrics to track RSS memory usage, threads and greenlets count.
Provider Cache: Add the SCALR_AGENT_PROVIDER_CACHE_WARM_UP_FROM_LOCKFILE
config option to allow disabling provider pre-download by the Scalr Agent, useful for debugging or in case of incompatibilities or issues.
Fixed
Core: Fix intermittent timeout issues during provider plugin installation.
[0.51.0] - 2025-07-18
Changes
Updated SCALR_AGENT_PROVIDER_CACHE_SIZE_LIMIT_MB
default from 2560 (2.5Gb) to 5120 (5Gb).
Fixed
Core: Fixed Provider Cache garbage collection issues where the cache could significantly exceed the expected threshold (5Gb by default). A reduction in disk usage is expected after the upgrade. Core: Minor fixes in OTLP metrics collection pipelines.
[0.50.0] - 2025-07-11
Changes
Core: Disabled strict shell pipeline mode (set -e
) for hooks. This reverts a change introduced in 0.48.0, where the mode was unintentionally applied to user-defined hooks.
Fixed
IAC: Fixed random Cannot configure volume
errors when apply is triggered via the auto-approve workflow after a plan.
IAC: Fixed 'utf-8' codec can't decode byte...
errors when parsing declared configuration version variables.
[0.49.0] - 2025-07-03
Added
Core: New metrics added for core, policy, cost, and checkov components.
Changes
Core: Updated HOME
directory handling. Previously, the HOME
directory could be /root
or /tmp
, depending on the user under which the agent was launched. For the local driver, HOME
defaults to app/terraform/runs/run-xxx/tmp
within the Scalr agent data directory. In containerized environments (Docker or Kubernetes drivers), the /tmp
mount is used. This change ensures HOME
is consistent across user configurations and improves run behavior predictability across various agent deployments.
Provider Configurations: Initialize Google/AWS OIDC provider configuration files before the init phase to make these files available in hooks for custom scripts. Previously, these files were initialized after init, so they weren’t available for pre-init hooks.
Fixed
Core: Resolved stat /root/.netrc: permission denied
error when installing a Terraform module under the Docker agent running as a non-root user.
Core: Added new shell variables for the run environment:
SCALR_AGENT_RUN_CONFIG_DIR
– Root directory of the current configuration version containing the .tf files.SCALR_AGENT_RUN_DATA_DIR
– Directory for data files and configs stored outside the OpenTofu/Terraform .tf configuration files.SCALR_AGENT_RUN_WORK_DIR
– Terraform working directory within the configuration directory where all OpenTofu/Terraform commands are executed.
These variables may be useful for hook scripts under the local driver, where directories can differ between runs (e.g. /var/lib/scalr-agent/app/terraform/runs/run-xxx/data
, /var/lib/scalr-agent/app/terraform/runs/run-xxx/workdir
), compared to containerized drivers like Docker or Kubernetes, where directories are represented by static mounts inside containers (e.g., /opt/data
, /opt/workdir
, etc.).
Core: Resolved Python UserWarning on service startup.
Local Driver: Resolved issues with Google/AWS OIDC provider configuration on the local driver.
[0.48.0] - 2025-06-18
Added
Local Driver: Added the scalr/agent-runner image for the agent-local Kubernetes chart, based on scalr/runner:0.1.4. See scalr/runner 0.1.4 release for details.
Kubernetes/Docker Driver: Added an option to enforce the use of a custom runner image instead of the default scalr/runner:x.y.z - SCALR_AGENT_CONTAINER_TASK_IMAGE
. It can also be used to pin a specific version of the scalr/runner image, as by default this is controlled by the Scalr platform settings. This option only applies if software binary releases are enabled for the agent pool’s account. This option will ignore SCALR_AGENT_CONTAINER_TASK_IMAGE_REGISTRY
which was intended to match against a large set of images for different software versions. If you want to use a custom image registry for custom runner image (aka golden image), simply specify it with SCALR_AGENT_CONTAINER_TASK_IMAGE=registry.example.com/company/runner:1.2.3
.
Kubernetes Driver: Added standardized labels for Pods spawned by the Scalr Agent controller:
- app.kubernetes.io/name: "agent-k8s-task"
- app.kubernetes.io/managed-by: "agent-k8s"
- app.kubernetes.io/component: "task"
- app.kubernetes.io/instance: "atask-xxx" (Scalr Agent Task ID)
These labels can be used by monitoring and logging tools, such as DataDog Agent or Grafana Alloy, to identify all pods related to the Scalr Agent installation.
Changes
Core: Updated the filesystem directory layout for run directories and GC behavior for stale run directories:
- Old path:
/var/lib/scalr-agent/workspaces/ws-v0ord7i9m8b4h7bvg/runs/run-v0ormbhajtqial94u/plan-v0ormbtfj2avqk453
- New path:
/var/lib/scalr-agent/app/terraform/runs/run-v0ormbhajtqial94u
The new path is simplified and consistent for both the plan and apply phases.
Garbage collection will now remove stale run directories strictly older than 24 hours (based on st_mtime), without making additional API calls to the Scalr Platform to check the run status. Under normal conditions, run directories are temporary and are removed immediately after run stage completion.
Core: Explicitly export the $HOME directory as a shell variable by default for better compatibility with Python’s pip packages installations.
Core: Include $HOME/.local/bin
in the $PATH by default for better compatibility with Python’s pip binary packages installations.
Core: Respect all Scalr Agent configuration options under theSCALR*AGENT*_
environment variable prefix, in addition to the currentSCALR\__
prefix, except forSCALR*URL
. This change improves configuration consistency by distinguishing Scalr platform options (SCALR*_
) from Scalr Agent options (SCALR*AGENT*_
). Old prefix will be backward compatible and no changes for existing configuration is requred.
Core: Upgraded Python Huey worker from 2.3.0 to 2.5.3.
Core: Increased the filesystem polling timeout for execution loop file polling from 5 to 15 seconds to improve behavior on NFS filesystems with metadata attribute caching.
Fixed
Local Driver: Resolved the git must be available and on the PATH
error when installing OpenTofu/Terraform modules via Git (fixed by adding the scalr/agent-runner image, which includes Git preinstalled).
Local Driver: Resolved the Error: failed to get shared config profile, default
error when using AWS Provider Configurations with the Local Driver. This issue occurred because the AWS configuration path was inconsistent between the plan and apply phases (fixed by the filesystem directory layout changes).
Core: Fixed /usr/bin/git exited with 128: fatal: detected dubious ownership in repository at ...
when cloning Git modules on NFS during CLI-driven runs.
[0.47.0] - 2025-05-30
Added
Introduced the $SCALR_AGENT_ENV environment variable to customize the Run environment through Workspace Hook scripts.
Changes
Failed tofu/terraform show commands will log their stderr output to the Run Console.
Local Driver: Shell environment variables from the host are propagated to the Scalr Run shell
environment. The Scalr Agent configuration variables (SCALR_*
) are an exception.
Upgraded Python version from 3.12.7 to 3.13.3.
Upgraded various Python libraries to their latest versions (gevent, greenlet, blinker, orjson, structlog, and some minor sub-dependencies).
Fixed
Fixed compatibility issues on NFS-backed storage. Previously, runs could get stuck during the initialization phase on Kubernetes agents using storages like AWS EFS. The container task entrypoint will now avoid using filesystem FIFO pipes to maintain compatibility with network filesystems, which have limited support for these features. The solution has been tested on NFSv4.1. Fixed an issue where the formatting check integration could fail with exit code 1 and report an empty list of improperly formatted files.
[0.46.0] - 2025-05-20
Fixed
Fixed a random issue where the command failed with unexpected exit code 93. Fixed a random issue where the command did not complete within 10 seconds. Kubernetes Driver: Fixed an issue where Agent Workers could stop accepting incoming agent tasks due to problems tracking the resourceVersion while listening to the Pods event stream. The resourceVersion is now reset to 0 after 5 unsuccessful attempts to reconnect to the event stream.
[0.45.0] - 2025-05-15
Added
Implemented the local
driver. The Scalr Agent can now run tasks locally without isolation, removing the dependency on a Docker daemon or Kubernetes API. When the local
driver is enabled, tasks are executed directly in the same environment the agent is running in. To enable it, start the agent with the --local
flag or set the SCALR_DRIVER=local
configuration option. This local
driver is useful when running agents in environments that don’t require isolation themselves — such as serverless platforms (AWS Fargate, Cloud Run, Azure Container Apps, etc.) — or when you don’t want to grant agents access to the Docker socket and prefer to manage orchestration independently.
The local driver is best used with Single Mode or by setting SCALR_AGENT_CONCURRENCY
to 1 to ensure that only one run stage is executed at a time in such an environment.
Improved handling of the --url
/SCALR_URL
configuration. For agent pool tokens generated after Scalr version 8.162.0 this configuration is optional and the Scalr API endpoint can now be auto-extracted from the token payload. Explicitly setting the URL is still recommended for long-lived services to avoid issues if the account is renamed.
Introduced runtime environment variable SCALR_RUN_CONTENT_ROOT
that contains absolute path to the root of the configuration being executed.
Changes
Removed Docker socket requirement from VCS agents. Multi-version OPA and Checkov tasks now require Software Binaries to be enabled. In single mode, the agent will wait for a new incoming task instead of exiting immediately if the task queue is empty. Modified exec-loop logging format and communication pipelines with the container entrypoint. The entrypoint now shares logs and exit codes via the filesystem, rather than relying on Docker or Kubernetes logging drivers. Added detailed logging and tracing coverage for Checkov, Infracost, and OPA policy tasks. Performance improvements for OPA policy tasks, the exec-loop entrypoint shell script, and log streaming of run stages. The Policy Checks and Checkov run stages, which relies on multiple different versions of software, now require Software Binaries to be enabled. See.
[0.44.4] - 2025-05-06
Fixed
Fixed issues with filesystem permissions while starting the run container on Docker backend. Fixed issue where terraform variable files were not loaded during the init phase.
[0.44.2] - 2025-05-02
Fixed
Fixed an issue where memory and CPU limits (SCALR_CONTAINER_TASK_MEM_LIMIT and SCALR_CONTAINER_TASK_CPU_LIMIT) from the agent configuration were ignored and instead taken from the Scalr billing plan for Docker-based agents. This regression was introduced in version 0.42.0.
[0.44.0] - 2025-04-25
Changes
Bumped docker version to 28.1.1
.
Removed
Removed the workflow that attempted to retry failed run stages after unexpected agent shutdowns. This workflow was non-functional and caused multiple issues. Failed stages must now be restarted manually.
[0.43.1] - 2025-04-23
Fixed
Issue where the Scalr Agent could get stuck during provider downloads. Added stricter timeouts for fetching the provider registry and downloading provider artifacts.
Added
Introduced SCALR_PROVIDER_CACHE_INSTALL_TIMEOUT_SEC
config option to control the maximum time (in seconds) allowed for downloading and installing provider plugins outside the Terraform init phase.
Introduced SCALR_PROVIDER_CACHE_CONCURRENCY
config option to configure the number of concurrent threads used for provider installation. This value is global across all Scalr Agent runs.
[0.43.0] - 2025-04-18
Added
Added support for the arm64 architecture.
Added OpenTelemetry tracing (disabled by default). Use the SCALR_OTLP_ENDPOINT
environment variable to set the host:port address of your OpenTelemetry collector — a gRPC server running an OTLP collector. Use SCALR_OTLP_TRACES_ENABLED
to enable tracing for plan and apply tasks.
Changes
Change the container log format from JSON to plain text to simplify the logging pipeline and avoid issues related to double encoding messages into JSON. From now on, containers running Terraform/OpenTofu operations will log data in plain text.
Add detailed log timestamps. All initialization phases will now log more internal workflow details, including execution time
Reworked provider cache storage and removed tofu/terraform providers lock from the pipeline.
This command was originally introduced to ensure consistency of h1 checksums in cases where the lockfile doesn’t include the platform-specific checksum for the Scalr agent’s target platform, but it significantly impacted performance by forcing Terraform to re-download all providers every time.
The Scalr agent now ensures h1 consistency independently by implementing the Provider Registry Protocol and storing providers in the cache with both h1 and zh checksums.
If an HCL lockfile is present in the configuration, the agent will use it to download providers concurrently (across all runs) into the global cache, storing both zh and h1 checksums. The download is limited to 10 concurrent processes per Scalr agent service.
If the provider from the HCL lockfile is missing the h1 checksum for the target platform, it will be added after validation using the zh (zip archive) checksum from the providers cache metadata.
If the dependency lockfile is missing, or some providers are not listed in it, the remaining providers will be downloaded by tofu/terraform init
and cached after the init step.
The Provider Cache directory has changed from $SCALR_AGENT_DATA_DIR/plugins
to $SCALR_AGENT_DATA_DIR/providers
. The old directory will be removed by the Provider Cache garbage collector.
Removed
Support for the Terraform provider cache with Terraform versions before 0.14. The provider cache now only works with the HCL dependency lockfile.
Fixed
Issues with Terraform working directories that contain spaces in the path.
[0.42.0] - 2025-03-28
Added
Added support for the registry hooks execution.
To minimize excessive image polling, we have introduced a golden image approach. Instead of pulling multiple images,
we now pull a single runner image and bind it into binaries for multiple software types (e.g., Terragrunt, OpenTofu, Checkov, OPA).
Since this feature is currently in beta, it is disabled by default.
The scalr admin can enable it by setting the account option settings.agent_software_binaries_enabled
to 1
.
Important: Customers using private registries with the container_task_image_registry
option must upload the runner (golden) image
to their private registry. The runner image is available at scalr/runner.
[0.41.0] - 2025-03-21
Changes
The backup HTTP polling acquisition task interval in Private Relay mode changed from 40 seconds to 15 seconds. This helps the agent acquire tasks with minimal delays when the Public Relay fails to deliver a message to the Private Relay. Once the Public Relay stabilizes, the timeout will be increased again.
[0.40.0] - 2025-03-07
Fixed
Checkov: multiple instances of Checkov for run lead to error
[0.39.0] - 2025-02-21
[0.38.1] - 2025-02-14
Fixed
Implemented automatic refresh for short-lived Kubernetes service account tokens mounted via a file path (e.g., /var/run/secrets/kubernetes.io/serviceaccount/token
). This change resolves an issue where services would encounter authentication errors when accessing the Kubernetes API after the token expired (typically 1 hour).
[0.38.0] - 2025-02-07
Added
Added single mode that can be activated by using --single
option. In the single mode the agent runs only one task and terminates. When no acquired task to run, it terminates with exit code 2 (requires Scalr >= 8.174.0).
Added supporting aliases in Google OIDC Provider (requires Scalr >= 8.171.0).
Added support for the TERRAGRUNT_INCLUDE_EXTERNAL_DEPENDENCIES environment variable (requires Scalr >= 8.174.0).
Fixed
Environment variables declared in pre-plan are now available in plan and post-plan stages. Handling of env vars is now consistent with Scalr hosted worker.
[0.37.1] - 2025-01-16
Added
Added SCALR_CONTAINER_TASK_PIDS_LIMIT
option to controll the maxi
mum number of process IDs (PIDs) a container can spawn.
Bump default PIDs limit from 4096 to 8192.
[0.37.0] - 2025-01-15
[0.36.0] - 2025-01-10
Fixed
Terragrunt: run all not working if workdir not have tf or hcl files
[0.35.0] - 2025-01-03
Added
Support for the terragrunt run-all command.
Fixed
Kubernetes Agent: pod not being deleted after the task is completed.
Fixed
KeyError when sending a relay command result.
[0.34.0] - 2024-12-20
Fixed
Policy checks with rules that evaluate to a non-string result caused the task to fail.
[0.33.0] - 2024-12-16
Added
The ca_cert
configuration option to configure a custom SSL certificate bundle.
The HTTP proxy is configured using the HTTP_PROXY
/HTTPS_PROXY
environment variables.
Changed
Updated container_task_image_registry
behavior. If the repository path ends with a trailing slash, the original repository will be included in the resulting image path.
Example:
mirror.io/myproject
combined withscalr/opentofu:1.0.0
→mirror.io/myproject/opentofu:1.0.0
mirror.io/myproject/
combined withscalr/opentofu:1.0.0
→mirror.io/myproject/scalr/opentofu:1.0.0
[0.32.0] - 2024-12-12
Added
Support the Agent Pool relay
feature to enable HTTP Relay for Scalr-to-Agent communication. This feature maintains a persistent channel via an HTTP long-polling connection, allowing agent tasks and cancellation commands to be delivered almost instantly. HTTP Relay was already used for proxying VCS agent requests and has now been extended to the new command interface for all Agents. The feature is controlled by the Scalr Account settings and will be rolled out to all agents gradually.
Added
Support for Checkov tasks.
Fixed
Fix iptables link for the DEB/RPM packages.
[0.31.0] - 2024-11-29
Changed
Include iptables in the DEB/RPM packages to fix package installation on distributions without system-provided iptables.
Updated the private pool idle timeout from 20 to 40 seconds. Now the agent will reestablish the pool connection every 40 seconds.
Updated container_task_image_registry
behavior. If the repository path ends with a trailing slash, the original repository will be included in the resulting image path.
Example:
mirror.io/myproject
combined withscalr/opentofu:1.0.0
→mirror.io/myproject/opentofu:1.0.0
mirror.io/myproject/
combined withscalr/opentofu:1.0.0
→mirror.io/myproject/scalr/opentofu:1.0.0
Fixed
Improve handling of “no space left on device” errors raised by the local-exec TF provider.
[0.30.0] - 2024-11-27
Added
The container_task_image_registry
option to enforce the use of a custom image registry to pull all container task images. All images must be preemptively pushed to this registry for the agent to work
with this option. The registry path may include a repository to be replaced. Example: 'mirror.io' or 'mirror.io/myproject'.
[0.29.0] - 2024-11-20
Added
Support for SSH key usage during job execution on agents (requires Scalr >= 8.154.0)
Fixed
Kubernetes Agent: unable to create a policy pod with a large payload (requires Scalr >= 8.154.0)
[0.28.0] - 2024-11-12
Changed
Updated Python requirements to the latest versions (pip, gevent, greenlet, requests, cryptography, orjson, pydantic).
[0.27.0] - 2024-11-05
Changed
Kubernetes Agent: Add acknowledgment mechanism for delegating Pods from the controller to a worker.
Remove unused libraries from DEB/RPM packages (e.g., git, ruby, curl, cmake, pkg-config, and some minor libraries) to minimize package size and address security-related issues.
Remove unused libraries from the Docker package (e.g., git, ca-certificates, curl, openssl, python3.11, and various minor libraries) to minimize package size and address security-related issues.
Updated base Docker image from Debian Bookworm to Debian Trixie.
Bump Python version to 3.12.7. The OS-provided package has been replaced with a standalone build. The Python distribution’s path has changed from /usr/local/lib/python3.12
to /usr/lib/python3.12
.
Fixed
Kubernetes Agent: Fixed "Container not found" error during the Cost Estimate Run stage.
[0.26.1] - 2024-10-25
[0.26.0] - 2024-10-25
Added
Support OPA policies with common funclitions
Removed
Remove support for Ubuntu 18.04
[0.25.0] - 2024-10-11
Added
Support for the Cost Estimate Run stage. If the Agent version 0.25.0 or later is attached to the Agent Pool, it will automatically pick up the Cost Estimate. The Infracost integration is required to execute cost estimates on the Agent. Added support for Amazon EFS storage on Kubernetes (EKS). Allow users to disable state storage managed by Scalr
Changed
The new agent installation on Kubernetes will use unique names for *.state files to avoid collisions when using shared filesystems. Updated docker dependency
[0.24.0] - 2024-09-13
Support for the Policy Checks Run phase. If the Agent version 0.22.0 or later is attached to the Agent Pool, it will automatically pick up the Policy Check.
[0.21.0] - 2024-07-17
Added
Added the container_task_preserve
configuration option to help debug issues with containers.
[0.20.0] - 2024-06-27
Added
Support Ubuntu 24.04
[0.19.0] - 2024-06-13
Changed
Terraform runs:
- The
validate
check is now performed conditionally based on the Terraform integration settings. Enabled by default. - Introduced new
fmt
check: ensure the configuration files are canonically formatted. Disabled by default.
Both checks can be configured in the Terraform integration settings.
OpenTofu runs are not affected.
Bump security related libs (jwcrypto, cryptography, requests) and pygohcl to the latest versions.
[0.18.0] - 2024-05-17
Changed
The internal Scalr API client has been replaced with a new autogenerated client.
Removed
Support for Scalr versions older than 8.94.0 has been removed.
[0.17.0] - 2024-05-02
Added
Support Opentofu 1.7.x version
[0.16.0] - 2024-04-19
Changed
Make the log sanitization less strict by ignoring values that are six characters or fewer.
Added
The container_task_ca_cert
configuration option for installing the CA bundle into a task container.
Fixed
Allow leading slash for the working directory path. Improved the JSON log parsing when decoding doubly escaped quotation marks. The workspace directory GC cannot process directories containing a large number of Runs.
Removed
Support agent for Centos 7 and Centos 8.
[0.15.0] - 2024-03-15
Added
Added handling for OOM errors in the runs; the OOM error message will now be displayed instead of the 137 exit code.
Improved handling for pre-post hooks; the hooks are now written to a .sh file before execution.
Kubernetes Agent: Added "cluster-autoscaler.kubernetes.io/safe-to-evict": "false"
label to ensure that the Kubernetes autoscaler does not evict the Pod with the running tf operation.
Fixed
Fixed insufficient filesystem permission errors that occurred while installing software via package managers in the pre/post hooks. Error messages of failed runs are shown in the middle of console output.
[0.14.1] - 2024-03-04
Fixed
Remove the Linux Capabilities restrictions to allow the installation of software via package managers in the pre/post hooks.
[0.14.0] - 2024-02-20
Added
Kubernetes Agent: Added SCALR_CONTAINER_TASK_ACQUIRE_TIMEOUT
option to set a timeout for the agent worker to acquire the agent task.
Changed
Kubernetes Agent: The imagePullSecrets
and serviceAccountName
settings will be inherited by the agent task pods from the agent controller pod.
Eliminate the use of the -chdir
option with OpenTofu/Terraform commands to ensure the ${path.pwd}
variable remains consistent with the default Scalr runner and previous versions of the agents.
Increased PID limits for Docker containers from 1000 to 4096.
[0.13.0] - 2024-02-02
Fixed
Fixed issues related to parsing run inputs in the plan operation.
[0.12.0] - 2024-01-05
Added
Changed
Kubernetes Agent: Define sensitive environment variables via Secret.
Fixed
Fixed an issue with decoding non-UTF-8 output for the Kubernetes agent.
[0.11.0] - 2023-12-15
Added
Added support for Debian 11 and 12. Added support for OpenTofu plugins cache.
Changed
Updated the base Docker image from Debian 10 to Debian 12. Bumped the cryptography version from 41.0.3 to 41.0.7 to address CVE-2023-4807 in the bundled OpenSSL. Ignored the security.selinux filesystem attribute while cloning Terraform plugins to resolve caching issues on SELinux-secured operating systems.
[0.10.1] - 2023-11-29
Fixes
Kubernetes Agent: Enhance the reconnection process when watching the Kubernetes Pod events to avoid connection errors caused by low network TTLs on the Azure Kubernetes Service.
[0.10.0] - 2023-11-27
Added
Export the SCALR_RUN_PHASE
environment variable into the run pipeline.
[0.9.1] - 2023-11-24
Changed
The blob service's authorization model has changed from the blob secure tokens to bearer tokens. The blob secure tokens have a limited expiration time, which can cause issues when the agent's run exceeds this limit. The bearer token, linked to the agent's session, grants access for the duration of the active run associated with the blob.
Fixes
Dry runs will not lock the state.
[0.9.0] - 2023-11-10
Changed
The agent's Docker backend is now integrated with the Kubernetes implementation. This brings about some changes in how the Docker implementation functions:
- The updated Docker backend now generates a singular container to execute all command sequences, replacing the previous method of operating each Terraform command within separate containers.
- Enhancements to the Docker backend have improved the logging for Terraform runs. Now, comprehensive logs for the entire terraform operation (plan or apply) can be collected in JSON format.
- The cleanup process for working directories and post-processing of the Terraform plugins cache following each run is now asynchronous and doesn't detain the run completion.
The new backend modifies both the container entrypoint path and the logic behind the entrypoint implementation. Commands will now be sent to the container via a Unix pipe, rather than invoking a separate entrypoint for each command.
To enforce the previous version of the docker backend, you can set the system Scalr shell variable to SCALR_FEATURE_FLAGS=force-atasks-v1
. This option will be removed after 2024-01-30.
[0.8.1] - 2023-10-27
Changed
Added retries for downloading the configuration version or configuration version changes from blob storage.
[0.8.0] - 2023-10-20
Changed
Kubernetes Agents: The agent controller will now wait for the agent task pod for the run job to be delegated to the worker. If the worker doesn't acquire the pod within 120 seconds, it will be terminated. This speeds up troubleshooting when workers are unhealthy or misdeployed.
VCS Agents: The VCS agents now use the /ping
route to maintain itself in "Online" state, replacing the /acquire-tasks
HTTP calls. This change is made because they're not supposed to interact with the task queue.
Fixed
Kubernetes Agent: Ensured the Kubernetes pod watchdog on the agent worker doesn't start until agent authorization is complete. This prevents issues where the worker might delete the agent task pod due to unsuccesfull authorization. VCS Agents: Fixed an issue where VCS agents were executing periodic GC tasks meant for regular agents.
[0.7.0] - 2023-09-21
Added
Add support of the OpenTofu preview versions.
Changed
Enhanced the OS metadata string when connecting to the Scalr agent pool to include the container backend version and differentiate between Docker, native Kubernetes, and DinD.
[0.6.0]
Changed
Compressed JSON plans are now archived in tar.gz format before being uploaded to Scalr blob storage (requires Scalr >= 8.83.1).
[0.5.0]
Added
The worker/controller modes for the Kubernetes backend. More info
[0.4.0] - 2023-08-11
Added
Azure OIDC Provider configurations.
Fixed
Calculated hash:h1 not found in the .terraform.lock.hcl
[0.3.0] - 2023-07-21
Added
Added support for OIDC (OpenID Connect) authentication for AWS Workload Identity Federation to Terraform provider configurations. Added support for BitBucket Server in VCS Agents.
[0.2.1] - 2023-07-14
Added
Added support for OIDC (OpenID Connect) authentication for Google Workload Identity Federation using the Scalr provider configurations.
Fixed
Fixed an issue where packages for Ubuntu 22.04, RedHat 9, and Rocky Linux 9 were not able to be pulled from the repository.
[0.2.0] - 2023-07-07
Added
Native kubernetes support. Sanitize sensitive variables used during the terraform plan phase in the terraform apply logs. Add Ubuntu 22.04, 22.10 support. Add Centos 9, RHEL 9 support. Add Rocky Linux 9 support.
Fixed
Fixed: Agent can't delete working directories when they contain write-only files.
[0.1.36] - 2023-06-23
Fixed
Fixed updating service task status after cancelling a run on agent.
[0.1.35] - 2023-06-16
Added
Added support for Terraform version 1.5.0. Added support for the following operating systems: Ubuntu 22.04, RedHat 9, Rocky Linux 9.
Fixed
Fixed an issue with running the agent on the latest terraform version has been fixed.
[0.1.34] 2023-05-26
Fixed
Fixed: Issue with “SIGTERM kill signal” handling. Fixed: The issue of encountering a “ProxyError” when a user creates multiple polls concurrently after 1 minute of inactivity has been fixed.
[0.1.33] - 2023-05-12
Fixed
Fixed the issue causing occasional Terraform errors during the plan/apply stage. Fixed the issue where the agent was unable to delete working directories containing write-only files. The issue with plugin cleanup has been resolved. Now, the GC (garbage collection) cleanup only removes unused plugins. The issue of secrets being exposed in the inputs and plan-json-output has been fixed.
[0.1.32] - 2023-03-22
Added
Added support for Terraform 1.4.x
[0.1.30] - 2022-10-20
Added
Added support for Terraform 1.3.x
[0.1.29] - 2022-09-30
Fixed
Fixed: a run would be failed if the workspace has a linked provider configuration and this provider is not a part of the Terraform configuration.
[0.1.28] - 2022-08-19
Fixed
Fixed issue with the pagination of variables if a workspace has more than 20 variables.
[0.1.27] - 2022-08-05
Changed
Update to the AWS provider configuration: Users are now able to track which run has assumed temporary credentials by the session name.
[0.1.26] - 2022-07-22
Fixed
Fixed agents with AWS provider configuration of trusted entity type AWS Service.
[0.1.25] - 2022-07-01
Added
Support for -refresh
, -refresh-only
and -replace
Terraform CLI flags (requires Scalr >= 8.23.0)
Support for pre-init custom hooks.
[0.1.24]
Added
Support for Terraform v1.2.x
[0.1.21]
Added native support for credentials helper of the TFC/E registries. To enable it, TFC users have to create a TFE_TOKEN
shell variable with the permissions to access modules and providers' registry. TFE users have to create a TFE_HOSTNAME
shell variable as well.
[0.1.20]
Some runs would fail with an inconsistent dependency lock file error (21472)
[0.1.19]
Fixed
Failed to install provider
[0.1.18]
Fixed
Delegate all compression operations in tarfile to gevent threadpool
[0.1.17]
Fixed
Locking providers doesn't work with not initialized terraform
[0.1.16]
Fixed
Fix work with exceeded worker limit
[0.1.15]
Fixed
Removed excess retry logic for API requests Periodic tasks lock
[0.1.14]
Fixed
Fix debug logging for internal terraform operations
Added
Support for Terraform v1.1.x
[0.1.13] - 2021-12-22
Fixed
API error when running workspace created from module.
[0.1.12] - 2021-10-22
Added
Agent will now detect the providers lock file in the configuration version and will lock providers automatically for the respective architecture.
[0.1.11] - 2021-10-01
Added
Persist workspace working directory contents between terraform plan and apply phases. Now any file created by a datasource in a plan phase will be available during apply. This is also valid for pre- and post- plan hooks. Show warnings about incompatible plugin binaries on run initialization.
[0.1.10] - 2021-08-26
Added
Support for Docker based installations as of agent version 0.1.10. The Terraform runs can now be executed as root allowing for customization during the runtime
[0.1.9] - 2021-08-19
Added
Add Ubuntu 18.04, 20.04 support. Add Centos 8, RHEL 8 support.
[0.1.8] - 2021-07-29
Added
Add OS compatibility check.
Fixed
Correct filter for workspace variables for agents in account-level agent pool. Fix scope ordering for shell variables
[0.1.7] - 2021-07-22
Added
The Terraform credentials helper support.
[0.1.6] - 2021-07-09
Fixed
The cost estimate failed when starting runs with Terraform 1.0.1.
[0.1.5] - 2021-06-17
Added
Before / after hooks support (requires Scalr >= 8.0.1-beta.20210602) Check the connection to the docker registry on startup.
[0.1.4] - 2021-06-15
Fixed
Private git modules are not retrieved in workspaces created from the module registry.
[0.1.3] - 2021-06-01
Added
Handle 412 HTTP error on connection to the server.
Changed
Agents now use personal per-session API tokens to communicate with Scalr.
[0.1.2] - 2021-05-13
Added
Handle agents restart gracefully. systemctl stop/restart scalr-agent
will cancel running tasks before agent's termination.
The agent will provide it's version in the User-Agent header.
Changed
Adapt post-install script for RHEL packages to work with older versions of systemd.
Fixed
Fix multi-scope variables functionality.
[0.1.1] - 2021-04-22
Added
Allow configuring the agent to run from root using --user option.
[0.1.0] - 2021-04-07
Added
Agent's first release.
Updated 5 days ago