Once again, we’re excited to announce a new release of Acorn, packed with new features, enhancements, and bug fixes. Let’s jump right into what this release has to offer.

Let’s Encrypt Certificates for Custom Domains

In our last release, we introduced turnkey TLS certs, backed by Let’s Encrypt for endpoints generated through our on-acorn.io service. With this release, we’re taking that a step further and giving you certs for your custom domains as well. Now, if you enable Let’s Encrypt integration and create an Acorn app with a custom domain like so:

acorn run --publish mysite.mydomain.com:webapp ghcr.io/acorn-io/library/hello-world

Acorn will automatically provision a certificate for mysite.mydomain.com for you.

For more on this feature, check out the docs.

Automated Application Upgrades

With this feature, managing an application’s lifecycle has never been easier. Now you can configure your acorn applications to automatically upgrade when a new version of your acorn image is published. The feature is powerful and flexible. Here’s a few examples:

Configure you application to upgrade every time a new version is pushed to the latest tag:

acorn run --auto-upgrade myorg/myimage:latest

We also support pattern matching. In this example, you can configure your app to upgrade when a new tag matching a semver pattern is pushed (no auto-upgrade flag needed in this case):

acorn run myorg/myimage:v#.#.#

And finally, if you want to control exactly when you upgrade, you can still have acorn watch for new tags and notify you in the cli when they’re available, but require that you confirm the upgrade:

acorn run --notify-upgrade --name myapp myorg/myimage:v#.#.#

When you run acorn ps, the output will tell you if a new image is available and you can confirm via:

acorn upgade --confirm-upgrade myapp

For more on this feature, go here.

Custom Identity and Permissions per Container

This feature was a popular request amongst our growing user base and in our own internal usecases, so we’re very excited to deliver it. Now, each acorn container will receive its own unique identity and permissions (backed by Kubernetes RBAC and service accounts). Here’s a quick example of what that looks like in an Acornfile:

{
  containers: {
    webapp: {
      permissions: {
        rules: [
          {verbs: ["get", "list", "watch"], apiGroups: [""], resources: ["pods"]}
        ]
      }
    }
  }
}

You can read more about this feature here.

Other improvements

Beyond these features, we’ve landed many improvements to Acorn since our last release. We’ve enhance the capabilities and UX of the run, rm, and logs commands, we’ve consolidated our control-plane images into a single image for easier airgap installation, and we’ve introduced a VSCode plugin to enable you to run and manage acorn apps right from your IDE. Checkout these improvements and others in our release notes.

As always, you can reach us on Github, Slack, Twitter, and LinkedIn with feedback or questions! Please join us for one of our live trainings if you’d like to get a hands-on overview of Acorn.