@riverzhang riverzhang released this Aug 10, 2018 · 456 commits to master since this release

Assets 2

This release includes the following changes.

Major changes:

  • Refactored vault to use hashivault module
  • OpenSUSE support

Component versions:

  • Kubernetes 1.10.4
  • Etcd 3.2.18
  • Flannel 0.10.0
  • Cilium 1.1.2
  • contiv 1.1.7
  • Weave 2.4.0
  • Calico 2.6.8
  • Docker 17.03
  • Kube-dns 1.14.10
  • Coredns 1.1.2
  • Helm 2.9.1

@Atoms Atoms released this Apr 16, 2018 · 770 commits to master since this release

Assets 2

This release includes the following changes.

Major changes:

  • Switched to Google's hyperkube docker container (was CoreOS) due to glusterfs support
  • New addon: ingress-nginx
  • New addon: registry
  • Added support for ipvs kube-proxy mode
  • Added remove-node.yml playbook (taint and remove node from cluster)
  • Credentials are now stored in inventory directory
  • Added experimental support for OpenSuse
  • Added experimental CoreDNS support
  • Added experimental support for Cilium as network provider
  • Deprecated kubespray-cli

Component versions:

  • Kubernetes 1.9.5
  • Etcd 3.2.4
  • Flannel 0.10.0
  • Cilium 1.0.0-rc8
  • contiv 1.1.7
  • Weave 2.2.1
  • Calico 2.6.8
  • Docker 17.03
  • Istio 0.2.6
  • Kube-dns 1.14.8
  • Coredns 1.1.0
  • Helm 2.8.1

@mattymo mattymo released this Feb 1, 2018 · 1238 commits to master since this release

Assets 2

This release includes the following changes.

Major changes:

  • Add flexibility for alt_names for certificates
  • Support for local_volume_provisioner

Component versions:

  • Kubernetes 1.9.2
  • Flannel 0.9.1
  • Weave 2.1.3
  • Calico 2.6.2
  • helm 2.7.2
  • kube-dns 1.14.8

@mattymo mattymo released this Oct 26, 2017 · 1471 commits to master since this release

Assets 2

This release includes the following changes.

Major changes:

  • Full RBAC support
  • New addon: istio
  • etcd scaling
  • All network plugins are deployed with CNI as daemonsets
  • Experimental kubeadm support
  • Container and file downloads are consolidated

Component versions:

  • Kubernetes v1.8.1
  • Docker 1.13.1
  • etcd v3.2.4
  • Rkt v1.21.0 (optional)
  • Calico v2.5.0
  • Weave 2.0.4
  • Flannel v0.8.0

Security

  • RBAC is enabled and may affect upgrades.

Known issues

  • CoreOS with Canal on GCE does not work. It works fine on any other platform.
  • Vault deployment mode does not work with kubeadm (but can still be used for etcd certificates).

Action items for users upgrading to v2.3.0

  • If you switch to kubeadm deployment mode, all pods in kube-system namespace will get restarted. All other pods will have their service account tokens reset because of the necessary certificate regeneration. Delete the relevant secret for the ServiceAccount and restart the pods to restore functionality.

Additional notes

  • Kubeadm can be enabled by setting kubeadm_enabled: true. Both new and existing clusters can be switched to kubeadm mode.
Sep 27, 2017
fix graceful upgrade (#1704)
Fix system namespace creation
Only rotate tokens when necessary

@mattymo mattymo released this Aug 30, 2017 · 1670 commits to master since this release

Assets 2

This release includes the following changes.

Major changes:

  • RBAC support for core components (optional add-ons are not included)
  • Reintroduced Vault support
  • Masters are now marked unschedulable via taints
  • Flannel is now setup with CNI

Component versions:

  • Kubernetes v1.7.3
  • Docker 1.13.1
  • etcd v3.2.4
  • Rkt v1.21.0 (optional)
  • Calico v2.4.1
  • Weave 2.0.1
  • Flannel v0.8.0

Security

  • It is now possible to enable RBAC upon upgrade.

@mattymo mattymo released this Aug 19, 2017 · 1707 commits to master since this release

Assets 2

This release includes the following changes.

Major changes:

  • Project rename to Kubespray
  • Experimental RBAC support (unsupported)
  • Support for Ansible 2.3.x series

Component versions:

  • Kubernetes v1.6.7
  • Docker 1.13.1
  • etcd v3.2.4
  • Rkt v1.21.0 (optional)
  • Calico v1.1.3
  • Weave 2.0.1
  • Flannel v0.8.0

Security

  • Kubespray now generates ClusterRoles and ClusterRoleBindings for most services. Full RBAC support is not available yet. Upgrades to RBAC are not working.

Breaking changes/Known issues

  • Vault is nonfunctional for this release
  • Versions of Docker above 1.13.x do not work. As a result, newer CoreOS releases will not work.

@mattymo mattymo released this Apr 5, 2017 · 2024 commits to master since this release

Assets 2

This release includes the following changes.

Major changes:

  • EFK logging stack add-on support
  • Helm add-on support
  • Autoscaling for dnsmasq and kubedns
  • Graceful upgrades support (cordon/drain/upgrade/uncordon)
  • Daemonset upgrades
  • Hashicorp Vault as optional certificate backend

Component versions:

  • Kubernetes 1.5.3
  • Docker 1.13.1
  • Rkt v1.21.0 (optional)
  • Calico v1.1.0-rc8
  • Weave 1.8.2
  • Flannel v0.6.2

Security

  • Kargo now generates separate certificates in ETCD and Kubernetes for each host.

Breaking changes

  • Support for etcd3 backend for kube-apiserver. (Note that existing installs will not auto-upgrade.)
  • docker_dns mode is now the default. Hosts cannot resolve pod network domains with this configuration, but it is less vulnerable to outside changes to host /etc/resolv.conf.
  • kube-apiserver now listens on port 6443 by default.
  • This release works only with Ansible version 2.2.1.0. All other versions are unsupported.
  • This release only works with Jinja2 version >=2.8. Earlier versions will have issues rendering templates.

Others

  • Tuning added for ETCD and Kubelet node reporting which performs better at scale.
  • New role kargo-defaults for setting global default variables.
  • Improved performance of certificate generation tasks.
Feb 6, 2017
fix tag push

@bogdando bogdando released this Jan 4, 2017 · 2471 commits to master since this release

Assets 2

This release includes the following changes:

Major changes

  • New container-runtime for control plane ( etcd + kubelet ): Rkt.
    Experimental. If enabled, it only works right now with Flannel/Canal
  • New cloud provider: Azure
  • New network plugin: Canal
  • Etcd with TLS support
  • Nginx proxy to provide k8s apiserver HA for non master nodes

Versions upgrade

  • Kubernetes version 1.5.1
  • Docker 1.12.5
  • Rkt v1.21.0
  • Calico 2.0.0

Network

  • Calico with custom network backends and routereflector supported for large deployments
  • Support for Canal network plugin
  • Pseudo network plugin called "cloud" to use built-in cloud providers' networking
  • Improved DNS stack with host/docker configuration options
  • Network checker application to verify DNS resolve for pods and inter-pods connectivity

Clouds support

  • Azure cloud provider support, improved deployments on terraform/openstack
  • Azure Resource Manager templates, GlusterFS support and ansible inventory generator script as contrib addons

Security

  • TLS support for etcd cluster with individual nodes' certificates
  • Support for bastion hosts, security improvements via explicit cgroups limits for workloads and support of unschedulable standalone master nodes

Breaking

  • Only systemd based Linux OS distributions supported from now on
  • Requires users to sync groups_vars/all.yaml
  • Removed the etcd-proxy

Others

  • Speed up for large deployments when distributing tokens and certs and downloading containers
  • Improved docker container download and sync
  • Dev/QA playbooks for in-place cluster reset
  • Enabled fact caching by default
  • Container Linux by CoreOS added to CI matrix
  • Improved documentation