Skip to content

Latest commit

 

History

History
1603 lines (1067 loc) · 143 KB

CHANGELOG.md

File metadata and controls

1603 lines (1067 loc) · 143 KB
Raw

[v2.14.0]

Supported Kubernetes versions:

  • 1.15.5
  • 1.15.6
  • 1.15.7
  • 1.15.9
  • 1.15.10
  • 1.15.11
  • 1.16.2
  • 1.16.3
  • 1.16.4
  • 1.16.6
  • 1.16.7
  • 1.16.9
  • 1.17.0
  • 1.17.2
  • 1.17.3
  • 1.17.5
  • 1.18.2

Misc:

  • ACTION REQUIRED: The most recent backup for user clusters is kept when the cluster is deleted. Adjust the cleanup-container to get the old behaviour (delete all backups) back. #5262 (xrstf)
  • ACTION REQUIRED: Addon manifest templating is now a stable API, but different to the old implicit data. Custom addons might need to be adjusted. #5275 (xrstf)
  • Added Flatcar Linux as an Operating System option
  • Added SLES as an Operating System option #5040 (kgroschoff)
  • Audit logging can now be enforced in all clusters within a Datacenter. #5045 (kdomanski)
  • Added support for Kubernetes 1.18, drop support for Kubernetes < 1.15. #5325 (xrstf)
  • Administrators can now manage all projects and clusters
  • Added admission plugins CRD support #5047 (zreigz)
  • Added configurable time window for coreos-operator node reboots #5318 (kdomanski)
  • Created an hourly schedule Velero backup for all namespaces and cluster resources #5327 (scheeles)
  • Added support for creating RBAC bindings to group subjects #5237 (bashofmann)
  • Added a configuration flag for seed-controller-manager to enforce default addons on userclusters. Enabled by default. #5193 (moelsayed)
  • TLS certificates for Kubermatic/IAP are now not managed by a shared certs chart anymore, but handled individually for each Ingress. #5163 (xrstf)
  • kubelet sets intial machine taints via --register-with-taints #664 (multi-io)
  • Implement the NodeCSRApprover controller for automatically approving node serving certificates #705 (xmudrii)
  • Updated blackbox-exporter to v0.16.0 #5083 (youssefazrak)
  • Updated cert-manager to 0.13.0 #5068 (youssefazrak)
  • Updated coredns to v1.3.1 #5145 (youssefazrak)
  • Updated Dex to v2.22.0 #5092 (youssefazrak)
  • Updated Elastic Stack to 6.8.5 and mark it as deprecated. #5085 (xrstf)
  • Updated Envoy in nodeport-proxy to v1.13.0 #5135 (youssefazrak)
  • Updated go-swagger to support go v1.14 #5247 (zreigz)
  • Updated Grafana to v6.7.1 #5254 (youssefazrak)
  • Updated helm-exporter to v0.4.3 #5113 (youssefazrak)
  • Updated karma to v0.55 #5084 (youssefazrak)
  • Updated Keycloak to v7.0.0 #5128 (youssefazrak)
  • Updated Kube-state-metrics to v1.9.5 #5139 (youssefazrak)
  • Updated Loki to v1.3.0 #5081 (youssefazrak)
  • Updated machine-controller to v1.13.2 #5349 (kdomanski)
  • Updated metrics-server to v0.3.6 #5140 (youssefazrak)
  • Updated nginx-ingress-controller to v0.29 #5134 (youssefazrak)
  • Updated openvpn to 2.4.8 #5144 (youssefazrak)
  • Updated Prometheus to v2.17.1 on user cluster #5273 (youssefazrak)
  • Updated Thanos to v0.11.0 #5176 (youssefazrak)
  • Updated Velero to v1.3.2 #5326 (scheeles)

Dashboard:

  • Added a dark theme and a selector to the user settings. #1867 (maciaszczykm)
  • Added possibility to define a default project in user settings. When a default project is choosen, the user will be automatically redirected to this project after login. Attention: One initial log in might be needed for the feature to take effect. #1895 (kgroschoff)
  • Added UI support for dynamic kubelet config option #1923 (floreks)
  • Added paginators to all tables #1932 (kgroschoff)
  • Added cluster metrics. #1940 (maciaszczykm)
  • Increased cpu & memory defaults on vSphere #1952 (kgroschoff)
  • Custom Presets are filtered by datacenter now #1955 (kgroschoff)
  • Added notification panel. #1957 (maciaszczykm)
  • Added Pod Node Selector field. #1968 (maciaszczykm)
  • Operation Systems on VSphere for which no template is specified in datacenters are now hidden. #1981 (kgroschoff)
  • Fixes issue that prevented creating Addons which had no AddonConfig deployed. #1985 (maciaszczykm)
  • Added possibility to collapse the sidenav. #2004 (kgroschoff)
  • We now use WebSocket to get global settings. #2008 (maciaszczykm)
  • We now use SameSite=Lax #2046 (kgroschoff)
  • AddonConfig's shortDescription field is now used in the accessible addons overview. #2050 (maciaszczykm)
  • Audit Logging will be enforced when specified in the datacenter. #2070 (kgroschoff)
  • Added the option to use an OIDC provider for the kubeconfig download. #2076 (floreks)
  • Added support for creating RBAC bindings to group subjects #2123 (bashofmann)
  • Fixed custom links display on the frontpage. #2134 (maciaszczykm)
  • Moved project selector to the navigation bar. Redesigned the sidebar menu. #2144 (maciaszczykm)
  • Fixed missing pagination issue in the project list view. #2177 (maciaszczykm)
  • Added possibility to specify imageID for Azure node deployments (required for RHEL).
  • Added possibility to specify customImage for GCP node deployments (required for RHEL). #2190 (maciaszczykm)
  • Fixed user settings layout on the smaller screens. #2209 (maciaszczykm)
  • Fixed loading Openstack flavors in add/edit node deployment dialog #2222 (floreks)
  • Fixed filter in combo dropdown #2238 (kgroschoff)
  • Fixed node data dialog for vSphere clusters. #2251 (maciaszczykm)
  • Cluster creation time is now visible in the UI. #2253 (maciaszczykm)
  • Added info about end-of-life of Container Linux #2264 (kgroschoff)
  • Enforcing pod security policy by the datacenter is now allowed. #2270 (maciaszczykm)
  • Introduced a number of responsiveness fixes to improve user experience on the smaller screens. #2279 (maciaszczykm)

Cloud providers:

  • Added Alibaba cloud #5107 (kgroschoff)
  • Azure: Added image ID property to clusters. #5315 (maciaszczykm)
  • Azure: Added multiple availability zones support #2280 (kgroschoff)
  • Azure: Added support for configurable OS and Data disk sizes #5156 (moelsayed)
  • Digitalocean: Fixed and issue when there are more than 200 droplets in the same account. #692 (xrstf)
  • GCP: Added custom image property to clusters.
  • GCP: Subnetworks are now fetched from API #1950 (kgroschoff)
  • Openstack: fixed a bug preventing the usage of pre-existing subnets connected to distributed routers #5334 (kdomanski)
  • vSphere: datastore clusters can now be specified for VMs instead of singular datastores #671 (irozzo-1A)
  • vSphere: Added ResourcePool support #726 (maxilampert)

Monitoring:

  • Grafana Loki replaces the ELK logging stack. #5164 (xrstf)

Bugfixes:

  • Fix bad apiserver Deployments when no Dex CA was configured. #5087 (xrstf)
  • Fixed cluster credential Secrets not being reconciled properly. #5197 (xrstf)
  • Fixed swagger and API client for ssh key creation. #5069 (kdomanski)
  • Fixed seed-proxy controller not being triggered. #5101 (xrstf)
  • Fixed a bug in Kubernetes 1.17 on CoreOS that prevented the Kubelet from starting #658 (alvaroaleman)

v2.13.5

  • Updated machine-controller to v1.10.4 to address issue in CNI plugins #5443 (kdomanski)

v2.13.4

  • ACTION REQUIRED: The most recent backup for user clusters is kept when the cluster is deleted. Adjust the cleanup-container to get the old behaviour (delete all backups) back. #5262 (xrstf)
  • Updated machine-controller to v1.10.3 to fix the Docker daemon/CLI version incompatibility #5427 (xmudrii)

v2.13.3

This release contains only improvement to the image build process.

v2.13.2

  • Openstack: include distributed routers in existing router search #5334 (kdomanski)

v2.13.1

  • Fixed swagger and API client for ssh key creation. #5069 (kdomanski)
  • Added Kubernetes v1.15.10, v1.16.7, v1.17.3 #5102 (kdomanski)
  • AddonConfig's shortDescription field is now used in the accessible addons overview. #2050 (maciaszczykm)

v2.13.0

Supported Kubernetes versions:

  • 1.15.5
  • 1.15.6
  • 1.15.7
  • 1.15.9
  • 1.16.2
  • 1.16.3
  • 1.16.4
  • 1.16.6
  • 1.17.0
  • 1.17.2
  • Openshift v4.1.18

Major changes:

  • End-of-Life Kubernetes v1.14 is no longer supported. #4987 (kdomanski)
  • The authorized_keys files on nodes are now updated whenever the SSH keys for a cluster are changed #4531 (moadqassem)
  • Added support for custom CA for OpenID provider in Kubermatic API. #4994 (xrstf)
  • Added user settings panel. #1738 (maciaszczykm)
  • Added cluster addon UI
  • MachineDeployments can now be configured to enable dynamic kubelet config #4946 (kdomanski)
  • Added RBAC management functionality to UI #1815 (kgroschoff)
  • Added RedHat Enterprise Linux as an OS option (#669)
  • Added SUSE Linux Enterprise Server as an OS option (#659)

Cloud providers:

  • Openstack: A bug that caused cluster reconciliation to fail if the controller crashed at the wrong time was fixed #4754 (alvaroaleman)
  • Openstack: New Kubernetes 1.16+ clusters use the external Cloud Controller Manager and CSI by default #4756 (alvaroaleman)
  • vSphere: Fixed a bug that resulted in a faulty cloud config when using a non-default port #4562 (alvaroaleman)
  • vSphere: Fixed a bug which cased custom VM folder paths not to be put in cloud-configs #4737 (kdomanski)
  • vSphere: The robustness of machine reconciliation has been improved. #4651 (alvaroaleman)
  • vSphere: Added support for datastore clusters (#671)
  • Azure: Node sizes are displayed in size dropdown when creating/updating a node deployment #1908 (bashofmann)
  • GCP: Networks are fetched from API now #1913 (kgroschoff)

Bugfixes:

  • Fixed parsing Kibana's logs in Fluent-Bit #4544 (xrstf)
  • Fixed master-controller failing to create project-label-synchronizer controllers. #4577 (xrstf)
  • Fixed broken NodePort-Proxy for user clusters with LoadBalancer expose strategy. #4590 (xrstf)
  • Fixed cluster namespaces being stuck in Terminating state when deleting a cluster. #4619 (xrstf)
  • Fixed Seed Validation Webhook rejecting new Seeds in certain situations #4662 (xrstf)
  • A panic that could occur on clusters that lack both credentials and a credentialsSecret was fixed. #4742 (alvaroaleman)
  • A bug that occasionally resulted in a Error: no matches for kind "MachineDeployment" in version "cluster.k8s.io/v1alpha1" visible in the UI was fixed. #4870 (alvaroaleman)
  • A memory leak in the port-forwarding of the Kubernetes dashboard and Openshift console endpoints was fixed #4879 (alvaroaleman)
  • Fixed a bug that could result in 403 errors during cluster creation when using the BringYourOwn provider #4892 (alvaroaleman)
  • Fixed a bug that prevented clusters in working seeds from being listed in the dashboard if any other seed was unreachable. #4961 (xrstf)
  • Prevented removing system labels during cluster edit #4986 (zreigz)
  • Fixed FluentbitManyRetries Prometheus alert being too sensitive to harmless backpressure. #5011 (xrstf)
  • Fixed deleting user-selectable addons from clusters. #5022 (xrstf)
  • Fixed node name validation while creating clusters and node deployments #1783 (chrkl)

UI:

  • ACTION REQUIRED: Added logos and descriptions for the addons. In order to see the logos and descriptions addons have to be configured with AddonConfig CRDs with the same names as addons. #1824 (maciaszczykm)
  • ACTION REQUIRED: Added application settings view. Some of the settings were moved from config map to the KubermaticSettings CRD. In order to use them in the UI it is required to manually update the CRD or do it from newly added UI. #1772 (maciaszczykm)
  • Fixed label form validator. #1710 (maciaszczykm)
  • Removed Edit Settings option from cluster detail view and instead combine everything under Edit Cluster. #1718 (kgroschoff)
  • Enabled edit options for kubeAdm #1735 (kgroschoff)
  • Switched flag proportions to 4:3. #1742 (maciaszczykm)
  • Added new project view #1766 (kgroschoff)
  • Added custom links to admin settings. #1800 (maciaszczykm)
  • Blocked option to edit cluster labels inherited from the project. #1801 (floreks)
  • Moved pod security policy configuration to the edit cluster dialog. #1837 (maciaszczykm)
  • Restyled some elements in the admin panel. #1850 (maciaszczykm)
  • Added separate save indicators for custom links in the admin panel. #1862 (maciaszczykm)

Addons:

Misc:

  • ACTION REQUIRED: Updated cert-manager to 0.12.0. This requires a full reinstall of the chart. See https://cert-manager.io/docs/installation/upgrading/upgrading-0.10-0.11/ #4857 (xrstf)
  • Updated Alertmanager to 0.20.0 #4864 (xrstf)
  • Update Kubernetes Dashboard to v2.0.0-rc3 #5015 (floreks)
  • Updated Dex to v2.12.0 #4869 (xrstf)
  • The envoy version used by the nodeport-proxy was updated to v1.12.2 #4865 (alvaroaleman)
  • Etcd was upgraded to 3.4 for 1.17+ clusters #4856 (alvaroaleman)
  • Updated Grafana to 6.5.2 #4858 (xrstf)
  • Updated karma to 0.52 #4859 (xrstf)
  • Updated kube-state-metrics to 1.8.0 #4860 (xrstf)
  • Updated machine-controller to v1.10.0 #5070 (kdomanski)
    • Added support for EBS volume encryption (#663)
    • kubelet sets intial machine taints via --register-with-taints (#664)
    • Moved deprecated kubelet flags into config file (#667)
    • Enabled swap accounting for Ubuntu deployments (#666)
  • Updated nginx-ingress-controller to v0.28.0 #4999 (kdomanski)
  • Updated Minio to RELEASE.2019-10-12T01-39-57Z #4868 (xrstf)
  • Updated Prometheus to 2.14 in Seed and User clusters #4684 (xrstf)
  • Updated Thanos to 0.8.1 #4549 (xrstf)
  • An email-restricted Datacenter can now have multiple email domains specified. #4643 (kdomanski)
  • Add fluent-bit Grafana dashboard #4545 (xrstf)
  • Updated Dex page styling. #4632 (maciaszczykm)
  • Openshift: added metrics-server #4671 (kron4eg)
  • For new clusters, the Kubelet port 12050 is not exposed publicly anymore #4703 (bashofmann)
  • The cert-manager Helm chart now creates global ClusterIssuers for Let'''s Encrypt. #4732 (xrstf)
  • Added migration for cluster user labels #4744 (zreigz)
  • Fixed seed-proxy controller not working in namespaces other than kubermatic. #4775 (xrstf)
  • The docker logs on the nodes now get rotated via the new logrotate addon #4813 (moadqassem)
  • Made node-exporter an optional addon. #4832 (maciaszczykm)
  • Added parent cluster readable name to default worker names. #4839 (maciaszczykm)
  • The QPS settings of Kubeletes can now be configured per-cluster using addon Variables #4854 (kdomanski)
  • Access to Kubernetes Dashboard can be now enabled/disabled by the global settings. #4889 (floreks)
  • Added support for dynamic presets #4903 (zreigz)
  • Presets can now be filtered by datacenter #4991 (zreigz)
  • Revoking the viewer token is possible via UI now. #1708 (kgroschoff)

v2.12.8

  • Updated machine-controller to v1.8.4 to address issue in CNI plugins #5442 (kdomanski)

v2.12.7

  • Openstack: fixed a bug preventing the usage of pre-existing subnets connected to distributed routers #5334 (kdomanski)
  • Update machine-controller to v1.8.2 to fix the Docker daemon/CLI version incompatibility #5426 (xmudrii)

v2.12.6

Misc:

  • System labels can no longer be removed by the user. #4983 (zreigz)
  • End-of-Life Kubernetes v1.14 is no longer supported. #4988 (kdomanski)
  • Added Kubernetes v1.15.7, v1.15.9, v1.16.4, v1.16.6 #4995 (kdomanski)

v2.12.5

  • A bug that occasionally resulted in a Error: no matches for kind "MachineDeployment" in version "cluster.k8s.io/v1alpha1" visible in the UI was fixed. #4870 (alvaroaleman)
  • A memory leak in the port-forwarding of the Kubernetes dashboard and Openshift console endpoints was fixed #4879 (alvaroaleman)
  • Enabled edit options for kubeAdm #1873 (kgroschoff)

v2.12.4

  • Fixed an issue with adding new node deployments on Openstack #1836 (floreks)
  • Added migration for cluster user labels #4744 (zreigz)
  • Added Kubernetes v1.14.9, v1.15.6 and v1.16.3 #4752 (kdomanski)
  • Openstack: A bug that caused cluster reconciliation to fail if the controller crashed at the wrong time was fixed #4754 (alvaroaleman)

v2.12.3

  • Fixed extended cluster options not being properly applied #1812 (kgroschoff)
  • A panic that could occur on clusters that lack both credentials and a credentialsSecret was fixed. #4742 (alvaroaleman)

v2.12.2

  • The robustness of vSphere machine reconciliation has been improved. #4651 (alvaroaleman)
  • Fixe Seed Validation Webhook rejecting new Seeds in certain situations #4662 (xrstf)
  • Rolled nginx-ingress-controller back to 0.25.1 to fix SSL redirect issues. #4693 (xrstf)

v2.12.1

  • VSphere: Fixed a bug that resulted in a faulty cloud config when using a non-default port #4562 (alvaroaleman)
  • Fixed master-controller failing to create project-label-synchronizer controllers. #4577 (xrstf)
  • Fixed broken NodePort-Proxy for user clusters with LoadBalancer expose strategy. #4590 (xrstf)

v2.12.0

Supported Kubernetes versions:

  • 1.14.8
  • 1.15.5
  • 1.16.2
  • Openshift v4.1.18 preview

Major new features:

  • Kubernetes 1.16 support was added #4313 (alvaroaleman)
  • It is now possible to also configure automatic node updates by setting automaticNodeUpdate: true in the updates.yaml. This option implies automatic: true as node versions must not be newer than the version of the corresponding controlplane. #4258 (alvaroaleman)
  • Cloud credentials can now be configured as presets #3723 (zreigz)
  • Access to datacenters can now be restricted based on the user's email domain. #4470 (kdomanski)
  • It is now possible to open the Kubernetes Dashboard from the Kubermatic UI. #4460 (floreks)
  • An option to use AWS Route53 DNS validation was added to the certs chart. #4397 (alvaroaleman)
  • Added possibility to add labels to projects and clusters and have these labels inherited by node objects.
  • Added support for Kubernetes audit logging #4151 (eqrx)
  • Connect button on cluster details will now open Kubernetes Dashboard/Openshift Console #1667 (floreks)
  • Pod Security Policies can now be enabled #4062 (bashofmann)
  • Added support for optional cluster addons #1683 (maciaszczykm)

Installation and updating:

  • ACTION REQUIRED: the zone_character field must be removed from all AWS datacenters in datacenters.yaml #3986 (kdomanski)
  • ACTION REQUIRED: The default number of apiserver replicas was increased to 2. You can revert to the old behavior by setting .Kubermatic.apiserverDefaultReplicas in the values.yaml #3885 (alvaroaleman)
  • ACTION REQUIRED: The literal credentials on the Cluster object are being deprecated in favor of storing them in a secret. If you have addons that use credentials, replace .Cluster.Spec.Cloud with .Credentials. #4463 (alvaroaleman)
  • ACTION REQUIRED: Kubermatic now doesn't accept unknown keys in its config files anymore and will crash if an unknown key is present
  • ACTION REQUIRED: BYO datacenters now need to be specific in the datacenters.yaml with a value of {}, e.G bringyourown: {} #3794 (alvaroaleman)
  • ACTION REQUIRED: Velero does not backup Prometheus, Elasticsearch and Minio by default anymore. #4482 (xrstf)
  • ACTION REQUIRED: On AWS, the nodeport-proxy will be recreated as NLB. DNS entries must be updated to point to the new LB. #3840 (mrIncompetent)
  • The deprecated nodePortPoxy key for Helm values has been removed. #3830 (xrstf)
  • Support setting oidc authentication settings on cluster #3751 (bashofmann)
  • The worker-count of controller-manager and master-controller are now configurable #3918 (bashofmann)
  • master-controller-manager can now be deployed with multiple replicas #4307 (xrstf)
  • It is now possible to configure an http proxy on a Seed. This will result in the proxy being used for all control plane pods in that seed that talk to a cloudprovider and for all machines in that Seed, unless its overriden on Datacenter level. #4459 (alvaroaleman)
  • The cert-manager Helm chart now allows configuring extra values for its controllers args and env vars. #4398 (alvaroaleman)
  • A fix for CVE-2019-11253 for clusters that were created with a Kubernetes version < 1.14 was deployed #4520 (alvaroaleman)

Monitoring and logging:

  • Alertmanager's inhibition feature is now used to hide consequential alerts. #3833 (xrstf)
  • Removed cluster owner name and email labels from kubermatic_cluster_info metric to prevent leaking PII #3854 (xrstf)
  • New Prometheus metrics kubermatic_addon_created kubermatic_addon_deleted
  • New alert KubermaticAddonDeletionTakesTooLong #3941 (bashofmann)
  • FluentBit will now collect the journald logs #4001 (mrIncompetent)
  • FluentBit can now collect the kernel messages #4007 (mrIncompetent)
  • FluentBit now always sets the node name in logs #4010 (mrIncompetent)
  • Added new KubermaticClusterPaused alert with "none" severity for inhibiting alerts from paused clusters #3846 (xrstf)
  • Removed Helm-based templating in Grafana dashboards #4475 (xrstf)
  • Added type label (kubernetes/openshift) to kubermatic_cluster_info metric. #4452 (xrstf)
  • Added metrics endpoint for cluster control plane:GET /api/v1/projects/{project_id}/dc/{dc}/clusters/{cluster_id}/metrics #4208 (zreigz)
  • Added a new endpoint for node deployment metrics:GET /api/v1/projects/{project_id}/dc/{dc}/clusters/{cluster_id}/nodedeployments/{nodedeployment_id}/metrics #4176 (zreigz)

Cloud providers:

  • Openstack: A bug that could result in many securtiy groups being created when the creation of security group rules failed was fixed #3848 (alvaroaleman)
  • Openstack: Fixed a bug preventing an interrupted cluster creation from being resumed. #4476 (kdomanski)
  • Openstack: Disk size of nodes is now configurable #4153 (bashofmann)
  • Openstack: Added a security group API compatibility workaround for very old versions of Openstack. #4479 (kdomanski)
  • Openstack: Fixed fetching the list of tenants on some OpenStack configurations with one region #4182 (zreigz)
  • Openstack: Added support for Project ID to the wizard #1386 (floreks)
  • Openstack: The project name can now be provided manually #1423 (floreks)
  • Openstack: Fixed API usage for datacenters with only one region #4538 (zreigz)
  • Openstack: Fixed a bug that resulted in the router not being attached to the subnet when the subnet was manually created #4521 (alvaroaleman)
  • AWS: MachineDeployments can now be created in any availability zone of the cluster's region #3870 (kdomanski)
  • AWS: Reduced the role permissions for the control-plane & worker role to the minimum #3995 (mrIncompetent)
  • AWS: The subnet can now be selected #1499 (kgroschoff)
  • AWS: Setting Control plane role (ARN) now is possible #1512 (kgroschoff)
  • AWS: VM sizes are fetched from the API now. #1513 (maciaszczykm)
  • AWS: Worker nodes can now be provisioned without a public IP. #1591 (maciaszczykm)
  • GCP: machine and disk types are now fetched from GCP. #1363 (maciaszczykm)
  • vSphere: the VM folder can now be configured
  • Added support for KubeVirt provider. #1608 (maciaszczykm)

Bugfixes:

  • A bug that sometimes resulted in the creation of the initial NodeDeployment failing was fixed #3894 (alvaroaleman)
  • kubeadm join has been fixed for v1.15 clusters #4161 (kdomanski)
  • Fixed a bug that could cause intermittent delays when using kubectl logs/exec with exposeStrategy: LoadBalancer #4278 (alvaroaleman)
  • A bug that prevented node Labels, Taints and Annotations from getting applied correctly was fixed. #4368 (alvaroaleman)
  • Fixed worker nodes provisioning for instances with a Kernel >= 4.19 #4178 (alvaroaleman)
  • Fixed an issue that kept clusters stuck if their creation didn't succeed and they got deleted with LB and/or PV cleanup enabled #3973 (alvaroaleman)
  • Fixed an issue where deleted project owners would come back after a while #4025 (zreigz)
  • Enabling the OIDC feature flag in clusters has been fixed. #4127 (zreigz)

Misc:

  • The share cluster feature now allows to use groups, if passed by the IDP. All groups are prefixed with oidc: #4244 (alvaroaleman)
  • The kube-proxy mode (ipvs/iptables) can now be configured. If not specified, it defaults to ipvs. #4247 (nikhita)
  • Addons can now read the AWS region from the kubermatic.io/aws-region annotation on the cluster #4434 (alvaroaleman)
  • Allow disabling of apiserver endpoint reconciling. #4396 (thz)
  • Allow cluster owner to manage RBACs from Kubermatic API #4321 (zreigz)
  • The default service CIDR for new clusters was increased and changed from 10.10.10.0/24 to 10.240.16.0/20 #4227 (alvaroaleman)
  • Retries of the initial node deployment creation do not create an event anymore but continue to be logged at debug level. #4226 (alvaroaleman)
  • Added option to enforce cluster cleanup in UI #3966 (kgroschoff)
  • Support PodSecurityPolicies in addons #4174 (bashofmann)
  • Kubernetes versions affected by CVE-2019-9512 and CVE-2019-9514 have been dropped #4113 (kdomanski)
  • Kubernetes versions affected by CVE-2019-11247 and CVE-2019-11249 have been dropped #4066 (kdomanski)
  • Kubernetes 1.13 which is end-of-life has been removed. #4327 (kdomanski)
  • Updated Alertmanager to 0.19 #4340 (xrstf)
  • Updated blackbox-exporter to 0.15.1 #4341 (xrstf)
  • Updated Canal to v3.8 #3791 (mrIncompetent)
  • Updated cert-manager to 0.10.1 #4407 (xrstf)
  • Updated Dex to 2.19 #4343 (xrstf)
  • Updated Envoy to 1.11.1 #4075 (xrstf)
  • Updated etcd to 3.3.15 #4199 (bashofmann)
  • Updated FluentBit to v1.2.2 #4022 (mrIncompetent)
  • Updated Grafana to 6.3.5 #4342 (xrstf)
  • Updated helm-exporter to 0.4.2 #4124 (xrstf)
  • Updated kube-state-metrics to 1.7.2 #4129 (xrstf)
  • Updated Minio to 2019-09-18T21-55-05Z #4339 (xrstf)
  • Updated machine-controller to v1.5.6 #4310 (kdomanski)
  • Updated nginx-ingress-controller to 0.26.1 #4400 (xrstf)
  • Updated Prometheus to 2.12.0 #4131 (xrstf)
  • Updated Velero to v1.1.0 #4468 (kron4eg)

Dashboard:

v2.11.8

v2.11.7

  • Kubernetes 1.13 which is end-of-life has been removed. #4327 (kdomanski)
  • Added Kubernetes v1.15.4 #4329 (kdomanski)
  • Added Kubernetes v1.14.7 #4330 (kdomanski)
  • A bug that prevented node Labels, Taints and Annotations from getting applied correctly was fixed. #4368 (alvaroaleman)
  • Removed K8S releases affected by CVE-2019-11253 #4515 (kdomanski)
  • A fix for CVE-2019-11253 for clusters that were created with a Kubernetes version < 1.14 was deployed #4520 (alvaroaleman)
  • Openstack: fixed API usage for datacenters with only one region #4536 (zreigz)

v2.11.6

  • Fixed a bug that could cause intermittent delays when using kubectl logs/exec with exposeStrategy: LoadBalancer #4279 (kubermatic-bot)

v2.11.5

  • Fix a bug that caused setup on nodes with a Kernel > 4.18 to fail #4180 (alvaroaleman)
  • Fixed fetching the list of tenants on some OpenStack configurations with one region #4185 (kubermatic-bot)
  • Fixed a bug that could result in the clusterdeletion sometimes getting stuck #4202 (alvaroaleman)

v2.11.4

v2.11.3

v2.10.3

  • Kubernetes 1.11 which is end-of-life has been removed. #4031 (kubermatic-bot)
  • Kubernetes 1.12 which is end-of-life has been removed. #4065 (kdomanski)
  • Kubernetes versions affected by CVE-2019-11247 and CVE-2019-11249 have been dropped #4066 (kdomanski)
  • Kubernetes versions affected by CVE-2019-9512 and CVE-2019-9514 have been dropped #4113 (kdomanski)
  • updated Envoy to 1.11.1 #4075 (xrstf)

v2.11.2

  • Fixed an issue where deleted project owners would come back after a while #4020 (mrIncompetent)
  • Kubernetes versions affected by CVE-2019-11247 and CVE-2019-11249 have been dropped #4066 (kdomanski)
  • Kubernetes 1.11 which is end-of-life has been removed. #4030 (kubermatic-bot)
  • Kubernetes 1.12 which is end-of-life has been removed. #4067 (kubermatic-bot)

v2.11.1

Misc:

  • Openstack: A bug that could result in many securtiy groups being created when the creation of security group rules failed was fixed #3848 (alvaroaleman)
  • Added Kubernetes v1.15.1 #3859 (kubermatic-bot)
  • Updated machine controller to v1.5.1 #3883 (kdomanski)
  • A bug that sometimes resulted in the creation of the initial NodeDeployment failing was fixed #3894 (alvaroaleman)
  • Fixed an issue that kept clusters stuck if their creation didn't succeed and they got deleted with LB and/or PV cleanup enabled #3973 (alvaroaleman)
  • Fixed joining nodes to Bring Your Own clusters running Kubernetes 1.14 #3976 (kubermatic-bot)

Dashboard:

  • Fixed an issue with handling resources refresh on error conditions #1452 (floreks)
  • Openstack: the project name can now be provided manually #1426 (floreks)
  • JS dependencies have been updated to address potential vulnerabilities in some of them. #1388 (kgroschoff

v2.11.0

Supported Kubernetes versions:

  • 1.11.5-10
  • 1.12.3-10
  • 1.13.0-5
  • 1.13.7
  • 1.14.0-1
  • 1.14.3-4
  • 1.15.0

Cloud providers:

  • It is now possible to create Kubermatic-managed clusters on Packet. #3419 (nikhita)
  • It is now possible to create Kubermatic-managed clusters on GCP. #3350 (nikhita)
  • the API stops creating an initial node deployment for new cluster for KubeAdm providers. #3346 (p0lyn0mial)
  • Openstack: datacenter can be configured with minimum required CPU and memory for nodes #3487 (bashofmann)
  • vsphere: root disk size is now configurable #3629 (kgroschoff)
  • Azure: fixed failure to provision on new regions due to lower number of fault domains #3584 (kdomanski)

Monitoring:

  • [ACTION REQUIRED] refactored Alertmanager Helm chart for master-cluster monitoring, see documentation for migration notes #3448 (xrstf)
  • cAdvisor metrics are now being scraped for user clusters #3390 (mrIncompetent)
  • fixed kube-state-metrics in user-clusters not being scraped #3427 (xrstf)
  • Improved debugging of resource leftovers through new etcd Object Count dashboard #3508 (xrstf)
  • New Grafana dashboards for monitoring Elasticsearch #3516 (xrstf)
  • Added optional Thanos integration to Prometheus for better long-term metrics storage #3531 (xrstf)

Misc:

  • [ACTION REQUIRED] nodePortPoxy Helm values has been renamed to nodePortProxy, old root key is now deprecated; please update your Helm values #3418 (xrstf)
  • Service accounts have been implemented.
  • Support for Kubernetes 1.15 was added #3579 (alvaroaleman)
  • More details are shown when using kubectl get machine/machineset/machinedeployment #3364 (alvaroaleman)
  • The resiliency of in-cluster DNS was greatly improved by adding the nodelocal-dns-cache addon, which runs a DNS cache on each node, avoiding the need to use NAT for DNS queries #3369 (alvaroaleman)
  • Added containerRuntimeVersion and kernelVersion to NodeInfo #3381 (bashofmann)
  • It is now possible to configure Kubermatic to create one service of type LoadBalancer per user cluster instead of exposing all of them via the nodeport-proxy on one central LoadBalancer service #3387 (alvaroaleman)
  • Pod AntiAffinity and PDBs were added to the Kubermatic control plane components,the monitoring stack and the logging stack to spread them out if possible and reduce the chance of unavailability #3393 (alvaroaleman)
  • Reduced API latency for loading Nodes & NodeDeployments #3405 (mrIncompetent)
  • replace gambol99/keycloak-proxy 2.3.0 with official keycloak-gatekeeper 6.0.1 #3411 (xrstf)
  • More additional printer columns for kubermatic crds #3542 (bashofmann)
  • Insecure Kubernetes versions v1.13.6 and v1.14.2 have been disabled. #3554 (mrIncompetent)
  • Kubermatic now supports running in environments where the Internet can only be accessed via a http proxy #3615 (mrIncompetent)
  • ICMP traffic to clusters is now always permitted to allow MTU discovery #3618 (kdomanski)
  • A bug that caused errors on very big addon manifests was fixed #3366 (alvaroaleman)
  • Updated Prometheus to 2.10.0 #3612 (xrstf)
  • Updated cert-manager to 0.8.0 #3525 (xrstf)
  • Updated Minio to RELEASE.2019-06-11T00-44-33Z #3614 (xrstf)
  • Updated Grafana to 6.2.1 #3528 (xrstf)
  • Updated kube-state-metrics to 1.6.0 #3420 (xrstf)
  • Updated Dex to 2.16.0 #3361 (xrstf)
  • Updated Alertmanager to 0.17.0, deprecate version field in favor of image.tag in Helm values.yaml #3410 (xrstf)
  • Updated machine-controller to v1.4.2. #3778 (alvaroaleman)
  • Updated node-exporter to 0.18.1 #3613 (xrstf)
  • Updated fluent-bit to 1.1.2 #3561 (xrstf)
  • Updated Velero to 1.0 #3527 (xrstf)

Dashboard:

v2.10.2

Misc:

v2.10.1

Bugfix:

Misc:

  • updated Prometheus to v2.9.2 #3348 (kubermatic-bot)
  • Draining of nodes now times out after 2h #3354 (kubermatic-bot)
  • the API stops creating an initial node deployment for new cluster for KubeAdm providers. #3373 (kubermatic-bot)
  • More details are shown when using kubectl get machine/machineset/machinedeployment #3377 (kubermatic-bot)
  • Pod AntiAffinity and PDBs were added to the Kubermatic control plane components and the monitoring stack to spread them out if possible and reduce the chance of unavailability #3400 (kubermatic-bot)
  • Support for Kubernetes 1.11.10 was added #3429 (kubermatic-bot)

v2.10.0

Features

Kubermatic core

  • ACTION REQUIRED: The config option Values.kubermatic.rbac changed to Values.kubermatic.masterController #3051 (@zreigz)
  • The user cluster controller manager was added. It is deployed within the cluster namespace in the seed and takes care of reconciling all resources that are inside the user cluster
  • Add feature gate to enable etcd corruption check #2460 (@mrIncompetent)
  • Kubernetes 1.10 was removed as officially supported version from Kubermatic as it's EOL #2712 (@alvaroaleman)
  • Add short names to the ClusterAPI CRDs to allow using kubectl get md for machinedeployments, kubectl get ms for machinesets and kubectl get ma to get machines #2718 (@toschneck)
  • Update canal to v2.6.12, Kubernetes Dashboard to v1.10.1 and replace kube-dns with CoreDNS 1.3.1 #2985 (@mrIncompetent)
  • Update Vertical Pod Autoscaler to 0.5 #3143 (@xrstf)
  • Avoid the name "kubermatic" for cloud provider resources visible by end users #3152 (@mrIncompetent)
  • In order to provide Grafana dashboards for user cluster resource usage, the node-exporter is now deployed by default as an addon into user clusters. #3089 (@xrstf)
  • Make the default AMI's for AWS instances configurable via the datacenters.yaml #3169 (@mrIncompetent)
  • Vertical Pod Autoscaler is not deployed by default anymore #2805 (@xrstf)
  • Initial node deployments are now created inside the same API call as the cluster, fixing spurious issues where the creation didn't happen #2989 (@maciaszczykm)
  • Errors when reconciling MachineDeployments and MachineSets will now result in an event on the object #2923 (@alvaroaleman)
  • Filter out not valid VM types for azure provider #2736 (@zreigz)
  • Mark cluster upgrades as restricted if kubelet version is incompatible. #2976 (@maciaszczykm)
  • Enable automatic detection of the OpenStack BlockStorage API version within the cloud config #3112 (@mrIncompetent)
  • Add the ContainerLinuxUpdateOperator to all clusters that use ContainerLinux nodes #3239 (@mrIncompetent)
  • The trust-device-path cloud config property of Openstack clusters can be configured via datacenters.yaml. #3265 (@nikhita)
  • Set AntiAffinity for pods to prevent situations where the API servers of all clusters got scheduled on a single node #3269 (@mrIncompetent)
  • Set resource requests & limits for all addons #3270 (@mrIncompetent)
  • Add Kubernetes v1.14.1 to the list of supported versions #3273 (@mrIncompetent)
  • A small amount of resources gets reserved on each node for the Kubelet and system services #3298 (@alvaroaleman)
  • Update etcd to v3.3.12 #3288 (@mrIncompetent)
  • Update the metrics-server to v0.3.2 #3289 (@mrIncompetent)
  • Update the user cluster Prometheus to v2.9.1 #3287 (@mrIncompetent)
  • It is now possible to scale MachineDeployments and MachineSets via kubectl scale #3277 (@alvaroaleman)

Dashboard

Logging & Monitoring stack

  • Update fluent-bit to 1.0.6 #3222 (@xrstf)
  • Add elasticsearch-exporter to logging stack to improve monitoring #2773 (@xrstf)
  • New alerts for cert-manager created certificates about to expire #2787 (@xrstf)
  • Add blackbox-exporter chart #2954 (@xrstf)
  • Update Elasticsearch to 6.6.2 #3062 (@xrstf)
  • Add Grafana dashboards for kubelet metrics #3081 (@xrstf)
  • Prometheus was updated to 2.8.1 (Alertmanager 0.16.2), Grafana was updated to 6.1.3 #3163 (@xrstf)
  • Alertmanager PVC size is configurable #3199 (@kron4eg)
  • Add lifecycle hooks to the Elasticsearch StatefulSet to make starting/stopping more graceful #2933 (@mrIncompetent)
  • Pod annotations are no longer logged in Elasticsearch #2959 (@xrstf)
  • Improve Prometheus backups in high traffic environments #3047 (@xrstf)
  • Fix VolumeSnapshotLocations for Ark configuration #3076 (@xrstf)
  • node-exporter is not exposed on all host interfaces anymore #3085 (@xrstf)
  • Improve Kibana usability by auto-provisioning index patterns #3099 (@xrstf)
  • Configurable Prometheus backup timeout to accomodate larger seed clusters #3223 (@xrstf)

Other

  • ACTION REQUIRED: update from Ark 0.10 to Velero 0.11 #3077 (@xrstf)
  • Replace hand written go tcp proxy with Envoy within the nodeport-proxy #2916 (@mrIncompetent)
  • cert-manager was updated to 0.7.0, Dex was updated to 2.15.0,Minio was updated to RELEASE.2019-04-09T01-22-30Z #3163 (@xrstf)
  • update nginx-ingress-controller to 0.24.1 #3200 (@xrstf)
  • Allow scheduling Helm charts using affinities, node selectors and tolerations for more stable clusters #3155 (@xrstf)
  • Helm charts: Define configurable resource constraints #3012 (@xrstf)
  • improve Helm charts metadata to make Helm-based workflows easier and aid in cluster updates #3221 (@xrstf)
  • dex keys expirations can now be configured in helm chart #3301 (@kron4eg)
  • Update the nodeport-proxy Envoy to v1.10 #3274 (@mrIncompetent)

Bugfixes

  • Fixed invalid variable caching in Grafana dashboards #2792 (@xrstf)
  • Migrations are now executed only after the leader lease was acquired #3276 (@alvaroaleman)

v2.9.3

v2.9.2

v2.9.1

  • The Docker version used for all new machines with CoreOS or Ubuntu has a fix for CVE-2019-573. It s advised to roll over all your worker nodes to make sure that new version is used
  • It is now possible to name NodeDeployments
  • A bug that caused duplicate top level keys in the values.example.yaml got fixed
  • A bug that made it impossible to choose a subnet on Openstack after a network was choosen got fixed
  • Scraping of 1.13 user cluster Schedulers and Controller manager now works
  • Scraping of the seed clusters Scheduler and Controller manager now works
  • A bug that caused spurious failures when appplying the cert-manager chart was resolved
  • NodeDeployment events are now shown in the UI
  • It is now possible to configure the Kubernetes version of a NodeDeployment in the UI

v2.9.0

Supported Kubernetes versions:

  • 1.11.5-7
  • 1.12.3-5
  • 1.13.0-2

Cloud Provider:

  • Added support for PersistentVolumes on Hetzner Cloud #2613 (alvaroaleman)
  • Openstack Floating IPs will now be de-allocated from your project if they were allocated during node creation #2675 (alvaroaleman)

Misc:

  • Added support for Kubernetes v1.13
  • Kubermatic now supports Kubernetes 1.12 #2132 (alvaroaleman)
  • The startup time for new clusters was improved #2148 (alvaroaleman)
  • The EOL Kubernetes 1.9 is no longer supported #2252 (kdomanski)
  • S3 metrics exporter has been moved out of the kubermatic chart into its own chart #2256 (xrstf)
  • Displaying the terms of service can now be toggled in values.yaml #2277 (kgroschoff)
  • [ACTION REQUIRED] added a new command line flag to API server that accepts a set of key=value pairs that enables/disables various features. Existing enable-prometheus-endpoint flag is deprecated, the users should use -feature-gates=PrometheusEndpoint=true instead. #2278 ([p0lyn0mial](https://github .com/p0lyn0mial))
  • etcd readiness check timeouts have been increased #2312 (mrIncompetent)
  • Removed unused fields from cloud specs exposed in the API #2314 (maciaszczykm)
  • Kubermatic now validates nodes synchronously #2340 (alvaroaleman)
  • Kubermatic now manages Nodes as group via the NodeGroup feature #2357 (maciaszczykm)
  • Components will no longer be shown as as unhealthy when only some replicas are up #2358 (mrIncompetent)
  • Kubernetes API servers can now be used with OpenID authentication
    • [ACTION REQUIRED] to enable the OpenID for kubernetes API server the users must set -feature-gates=OpenIDConnectTokens=true and provide -oidc-issuer-url, -oidc-issuer-client-id when running the controller. #2370 ([zreigz](https://git hub.com/zreigz))
  • [ACTION REQUIRED] Resource limits for control plane containers have been increased. This might require additional resources for the seed cluster #2395 (mrIncompetent)
    • Kubernetes API server: 4Gi RAM, 2 CPU
    • Kubernetes Controller Manager: 2Gi RAM, 2 CPU
    • Kubernetes scheduler: 512Mi RAM, 1 CPU
    • CoreDNS: 128Mi RAM, 0.1 CPU
    • etcd: 2Gi RAM, 2 CPU
    • kube state metrics: 1Gi, 0.1 CPU
    • OpenVPN: 128Mi RAM, 0.1 CPU
    • Prometheus: 1Gi RAM, 0.1 CPU
  • [ACTION_REQUIRED] Kubermatic CustomResourceDefinitions have been extracted out of the helm chart. This requires the execution of the charts/kubermatic/migrate/migrate-kubermatic-chart.sh script in case the CRD's where installed without the &#34;helm.sh/resource-policy&#34;: keep annotation. #2459 (mrIncompetent)
  • Control plane components are no longer logging at debug level #2471 (mrIncompetent)
  • Experimantal support for VerticalPodAutoscaler has been added. The VPA resources use the PodUpdatePolicy=initial #2505 (mrIncompetent)
  • Added 1.11.6 & 1.12.4 to supported Kubernetes versions #2537 (mrIncompetent)
  • It's now possible to rename a project #2588 (glower)
  • It is now possible for a user to select whether PVCs/PVs and/or LBs should be cleaned up when deleting the cluster. #2604 ([zreigz](https:// github.com/zreigz))
  • Credentials for Docker Hub are no longer necessary. #2605 (kdomanski)
  • Added support for Heptio Ark-based backups #2617 (xrstf)
  • Running kubectl get cluster in a seed now shows some more details #2622 (alvaroaleman)
  • Kubernetes 1.10 was removed as officially supported version from Kubermatic as its EOL #2712 (alvaroaleman)
  • Updated machine controller to v0.10.5 #2490 (mrIncompetent)
  • Updated dex to 2.12.0 #2318 (bashofmann)
  • Updated nginx-ingress-controller to v0.22.0 #2668 (xrstf)
  • [ACTION REQUIRED] Updated cert-manager to v0.6.0 (see https://cert-manager.readthedocs.io/en/latest/admin/upgrading/index.html) #2674 (xrstf)

Dashboard:

  • It is now possible to edit the project name in UI. #1003 (kgroschoff)
  • Machine Networks for VSphere can now be set in the UI #829 (kgroschoff)
  • VSphere: Setting a dedicated VSphere user for cloud provider functionalities is now possible. #834 (kgroschoff)
  • Fixed that the cluster upgrade link did not appear directly when the details page is loaded #836 (bashofmann)
  • Kubeconfig can now be shared via a generated link from the UI #857 (kgroschoff)
  • Fixed duplicated SSH keys in summary view during cluster creation. #879 (kgroschoff)
  • On project change, the user will stay on the same page, if he has the corresponding rights. #889 (kgroschoff)
  • Fixed issues with caching the main page. #893 (maciaszczykm)
  • Nodes are now being managed as NodeDeployments, this allows to easily change settings for a group of Nodes. #949 (maciaszczykm)
  • Removed Container Runtime selection, which is no longer supported. #828 (bashofmann)
  • Menu entries will be disabled as long as selected project is not in active state.
  • Selected project state icon was added in the project selector and in the list view.
  • Input field inside add project dialog will be automatically focused after opening dialog.
  • After adding new project user will be redirected to project list #808 (maciaszczykm)
  • Notifications timeout is now 10s.
  • Close and copy to clipboard actions are available on notifications. #798 (maciaszczykm)
  • Provider-specific data will now be fetched without re-sending credentials. #814 (maciaszczykm)
  • Various minor visual improvements

Monitoring:

  • Version v1.11.0 - 1.11.3 Clusters will no longer gather rest_* metrics from the controller-manager due to a bug in kubernetes #2020 (cbeneke)
  • Enabled scraping of user cluster resources #2149 (thetechnick)
  • Prometheus is now scraping user clustersNew kubermatic-controller-manager flag monitoring-scrape-annotation-prefix #2219 (thetechnick)
  • UserCluster Prometheus: decreased storage.tsdb.retention to 1h #2246 (thetechnick)
  • Add datacenter label to kubermatic_cluster_info metric #2248 (kron4eg)
  • Fixed the trigger condition for EtcdInsufficientMembers alert #2262 (cbeneke)
  • [ACTION REQUIRED] move the metrics-server into the seed cluster. The metrics-server addon must be removed from the list of addons to install. #2320 (mrIncompetent)
  • ArkNoRecentBackup alert does not trigger on backups that are not part of a schedule #2351 (bashofmann)
  • fluentd has been replaced with fluentbit #2469 (mrIncompetent)
  • Cluster Prometheus resource requests and limits are now configurable in cluster resource #2576 (bashofmann)
  • Alerts for for control-plane components now reside in cluster namespaces #2583 (xrstf)
  • Updated kube-state-metrics to 1.5.0 #2627 (xrstf)
  • Updated Prometheus to v2.6.0 #2597 (xrstf)
  • Updated alertmanager to v0.16 #2661 (xrstf)
  • Updated Grafana to v5.4.3 #2662 (xrstf)
  • Updated node-exporter to v0.17 (note: breaking changes to metric names might require updates to customized dashboards) #2666 (xrstf)
  • Updated Minio to RELEASE.2019-01-16T21-44-08Z #2667 (xrstf)
  • metrics-server will use 2 replicas #2707 (mrIncompetent)

Security:

  • The admin token can no longer be read through the Kubermatic API. #2105 (p0lyn0mial)
  • Communicating with cloud providers through the project APIs no longer requires providing additional credentials. #2180 (p0lyn0mial)
  • Kubernetes will be automatically updated to versions that contain a fix for CVE-2018-1002105 #2478 (alvaroaleman)

Bugfix:

  • Missing upgrade paths for K8S 1.10 and 1.11 have been addded. #2159 (mrIncompetent)
  • Fixed migration of users from older versions of Kubermatic #2294 (mrIncompetent)
  • Updated machine-controller to v0.9.9Fixed a bug in the machine-migration that caused cloud provider instances to not be properly identified anymore #2307 (alvaroaleman)
  • Fixd missing permissions in kube-state-metrics ClusterRole #2366 (bashofmann)
  • Missing ca-certificates have been added to s3-exporter image #2464 (bashofmann)
  • Adedd missing configmap checksums to kubermatic-controller-manager chart #2492 (bashofmann)
  • cloud-config files are now properly escaped #2498 (alvaroaleman)
  • SSH keys can no longer be added with duplicate names #2499 (kgroschoff)
  • Fixed an issue with kubelets being unreachable by the apiserver on some OS configurations. #2522 (mrIncompetent)
  • Timestamp format has been unified throughout the Kubermatic API. #2534 (zreigz)
  • Updated cert-manager to fix an issue which caused re-issuing of a certficate via the http01 challenge to fail #2658 (alvaroaleman)
  • Nodes and NodeDeployments can no longer be configured to provision kubelets at versions incompatible with the control plane. #2665 (kdomanski)

v2.8.6

v2.8.5

v2.8.4

  • Fixed an issue with kubelets being unreachable by the apiserver on some OS configurations. #2522 (mrIncompetent)

v2.8.3

Supported Kubernetes versions:

  • 1.10.11
  • 1.11.5
  • 1.12.3

Misc:

Bugfix:

  • Fixed missing permissions in kube-state-metrics ClusterRole #2366 (bashofmann)

v2.7.8

Supported Kubernetes versions:

  • 1.10.11
  • 1.11.5

Major changes:

  • Communicating with cloud providers APIs no longer requires providing additional credentials. #2151 (p0lyn0mial)
  • Updated the kubermatic dashboard to v0.38.0 #2165 (mrIncompetent)
    • Provider-specific data will now be fetched without re-sending credentials. #806 (maciaszczykm)
  • Kubernetes will be automatically updated to versions that contain a fix for CVE-2018-1002105 and v1.8, v1.9 cluster creation is now dropped #2487 (kdomanski)

v2.6.17

Supported Kubernetes versions:

  • 1.10.11

Bugfix:

Misc:

  • Enabled the usage of Heapster for the HorizontalPodAutoscaler #2199 (mrIncompetent)
  • Kubernetes will be automatically updated to versions that contain a fix for CVE-2018-1002105 and v1.8, v1.9 cluster creation is now dropped #2497 (kdomanski)

v2.8.2

  • Fixed migration of users from older versions of Kubermatic #2294 (mrIncompetent)
  • Fixed a bug in the machine-migration that caused cloud provider instances to not be properly identified anymore #2307 (alvaroaleman)
  • Increased etcd readiness check timeout #2312 (mrIncompetent)
  • Updated machine-controller to v0.9.9

v2.8.1

Misc:

Dashboard:

  • Removed Container Runtime selection, which is no longer supported. #828 (bashofmann)
  • Various minor visual improvements

v2.8.0

Supported Kubernetes versions:

  • 1.9.0 - 1.9.10
  • 1.10.0 - 1.10.8
  • 1.11.0 - 1.11.3
  • 1.12.0 - 1.12.1

Major changes:

  • Implemented user/project management
  • Old clusters will be automatically migrated to each user's default project #1829 (p0lyn0mial)
  • Kubermatic now supports Kubernetes 1.12 #2132 (alvaroaleman)

Dashboard:

  • The UI has been reworked for the new user/project management
  • Fixed error appearing when trying to change selected OS #699 (kgroschoff)
  • Openstack: fixed an issue, where list of tenants wouldn't get loaded when returning from summary page #705 (kgroschoff)
  • Fixed confirmation of cluster deletion #718 (kgroschoff)
  • Fixed the link to Kubernetes dashboard #740 (guusvw)
  • Openstack: show selected image in cluster creation summary #698 (bashofmann)
  • vSphere: custom cluster vnet can now be selected #708 (kgroschoff)
  • Openstack: the list of available networks and floating IP pools will be loaded from the API #737 (j3ank)
  • Dashboard metrics can now be collected by Prometheus #678 (pkavajin)
  • Redesigned cluster creation summary page #688 (kgroschoff)
  • Default template images for Openstack and vSphere are now taken from datacenter configuration #689 (kgroschoff)
  • Fixed cluster settings view for Openstack #746 (kgroschoff)
  • "Upgrade Cluster" link is no longer available for clusters that have no updates available or are not ready #750 (bashofmann)
  • Fixed initial nodes data being lost when the browser tab was closed right after cluster creation #796 (kgroschoff)
  • Google Analytics code can now be optionally added by the administrator #742 (bashofmann)
  • OpenStack tenant can now be either chosen from dropdown or typed in by hand #759 (kgroschoff)
  • vSphere: Network can now be selected from a list #771 (kgroschoff)
  • Login token is now removed from URL for security reasons #790 (bashofmann)
  • Admin button has been removed from Certificates and Keys panel as it allowed to copy the admin token into the clipboard. Since this is a security concern we decided to remove this functionality. #800 (p0lyn0mial)
  • Notifications timeout is now 10s
  • Close and copy to clipboard actions are available on notifications. #798 (maciaszczykm)
  • Provider-specific data will now be fetched without re-sending credentials. #814 (maciaszczykm)
  • Various minor fixes and improvements

Bugfix:

Misc:

  • Added a controller for static ip address management #1616 (pkavajin)
  • Activated kubelet certificate rotation feature flags #1771 (mrIncompetent)
  • Made s3-exporter endpoint configurable #1772 (bashofmann)
  • etcd StatefulSet uses default timings again #1776 (mrIncompetent)
  • Breaking change: basic auth for kibana/grafana/prometheus/alertmanager has been replaced with oAuth #1808 (kron4eg)
  • Added a controller which steers control plane traffic to the kubelets via VPN. #1817 (thz)
  • Fixed a memory leak which occurs when using credentials for a container registry. #1850 (thz)
  • Combined ImagePullSecrets im the Kubermatic chart #1877 (mrIncompetent)
  • Include cluster name as label on each pod #1891 (mrIncompetent)
  • Ark-based seed-cluster backup infrastructure #1894 (xrstf)
  • Add AntiAffinity to the control plane pods to prevent scheduling of the same kind pod on the same node. #1895 (mrIncompetent)
  • Enabled etcd auto-compaction #1932 (mrIncompetent)
  • etcd in user cluser namespaces is defragmented every 3 hours #1935 (xrstf)
  • DNS names are now used inside the cluster namespaces, Scoped to the cluster namespace #1959 (mrIncompetent)
  • Increased kubectl timeouts on AWS #1983 (pkavajin)
  • Support for Kubernetes v1.8 has been dropped. The control planes of all clusters running 1.8 will be automatically updated #2013 (mrIncompetent)
  • OpenVPN status is now a part of cluster health #2038 (mrIncompetent)
  • Improved detection of user-cluster apiserver health on startup #2052 (thz)
  • Kubermatic now uses the types from the cluster api project to manage nodes #2056 (alvaroaleman)
  • CPU&Memory limit for the Kubermatic controller manager deployment has been increased #2081 (mrIncompetent)
  • controller-manager and its controllers will no longer run with cluster-admin permissions #2096 (alvaroaleman)
  • PodDisruptionBudget is now configured for the API server deployment #2098 (mrIncompetent)
  • The kubermatic-master chart has been merged into the main kubermatic chart #2103 (alvaroaleman)
  • Version v1.11.0 - 1.11.3 Clusters will no longer gather rest_* metrics from the controller-manager due to a bug in kubernetes #2020 ([cbeneke](https://github. com/cbeneke))
  • Communicating with cloud providers through the non-project APIs no longer requires providing additional credentials. #2156 (p0lyn0mial)
  • Communicating with cloud providers through the project APIs no longer requires providing additional credentials. #2227 (p0lyn0mial)
  • Updated dashboard to v1.0.1 #2228 (mrIncompetent)
  • Updated kubernetes-dashboard addon to 1.10.0 #1874 (bashofmann)
  • Updated nginx ingress controller to 0.18.0 #1800 (bashofmann)
  • Updated etcd to v3.3.9 #1961 (mrIncompetent)
  • Updated machine-controller to v0.9.5 #2224 (mrIncompetent)
  • updated cert-manager to 0.4.1 #1925 (xrstf)
  • Updated Prometheus to v2.3.2 #1830 (mrIncompetent)
  • Updated dex to 2.11.0 #1986 (bashofmann)
  • Updated kube-proxy addon to match the cluster version #2017 (mrIncompetent)

Monitoring:

  • Grafana dashboards now use the latest kubernetes-mixin dashboards. #1705 (metalmatze)
  • nginx ingress controller metrics are now scraped #1777 (bashofmann)
  • annotations will be used instead of labels for the nginx-ingress Prometheus configuration #1823 (xrstf)
  • KubePersistentVolumeFullInFourDays will only be predicted when there is at least 6h of historical data available #1862 (cbeneke)
  • reorganized Grafana dashboards, including etcd dashboard #1775 (xrstf)
  • customizations of Grafana dashboard providers, datasources and dashboards themselves are now easier #1812 (xrstf)
  • new Prometheus and Kubernetes Volumes dashboards #1838 (xrstf)
  • Prometheus in the seed cluster can now be customized by extending the Helm chart's values.yaml #1801 (xrstf)
  • Prometheus alerts can now be customized in cluster namespaces #1831 (pkavajin)
  • Added a way to customize scraping configs for in-cluster-namespace-prometheuses #1837 (pkavajin)

v2.7.7

Misc:

v2.7.6

Misc:

  • Various minor fixes and improvements

v2.7.5

Bugfix:

v2.7.4

Bugfix:

  • Updated machine controller to v0.7.23: write permissions on vSphere datacenters are no longer needed. #2069 (pkavajin)

v2.7.3

Misc:

v2.7.2

Monitoring:

  • KubePersistentVolumeFullInFourDays will only be predicted when there is at least 6h of historical data available #1862 (cbeneke)

Misc:

v2.7.1

Bugfix:

  • fixed DNS/scheduler/controller-manager alerts in Prometheus #1908 (xrstf)
  • fix bad rules.yaml format for Prometheus #1924 (xrstf)
  • Add missing RoleBinding for bootstrap tokens created with kubeadm token create #1943 (mrIncompetent)
  • Fix bug with endless resource updates being triggered due to a wrong comparison #1964 (mrIncompetent)
  • Fix escaping of special characters in the cloud-config #1976 (mrIncompetent)

Misc:

v2.7.0

Bugfix:

Cloud Provider:

  • Non-ESXi vsphere hosts are now supported #1306 (alvaroaleman)
  • VSphere target folder will be properly cleaned up on cluster deletion. #1314 (alvaroaleman)
  • Fixed floating IP defaulting on openstack #1332 (mrIncompetent)
  • Azure: added multi-AZ node support #1354 (mrIncompetent)
  • Fixed premature logout from vsphere API #1373 (alvaroaleman)
  • Image templates can now be configured in datacenter.yaml for Openstack and vSphere #1397 (mrIncompetent)
  • AWS: allow multiple clusters per subnet/VPC #1481 (mrIncompetent)
  • In a VSphere DC is is now possible to set a infra_management_user which when set will automatically be used for everything except the cloud provider functionality for all VSphere clusters in that DC. #1592 (alvaroaleman)
  • Always allocate public IP on new machines when using Azure #1644 (mrIncompetent)
  • Add missing cloud provider flags on the apiserver and controller-manager for azure #1646 (mrIncompetent)
  • Azure: fixed minor issue with seed clusters running on Azure #1657 (thz)
  • Create AvailabilitySet for Azure clusters and set it for each machine #1661 (mrIncompetent)
  • OpenStack LoadBalancer manage-security-groups setting is set into cluster's cloud-config for Kubernetes versions where kubernetes/kubernetes#58145 is fixed. #1720 (bashofmann)

Misc:

  • Control plane can now reach the nodes via VPN #1234 (thz)
  • Addons in kubermatic charts can now be specified as a list #1304 (guusvw)
  • Added support for Kubernetes 1.8.14, 1.9.8, 1.9.9, 1.10.4 and 1.10.5 #1348 (mrIncompetent)
  • Enabled Mutating/Validating Admission Webhooks for K8S 1.9+ #1352 (alvaroaleman)
  • Update addon manager to v0.1.0 #1363 (thz)
  • Master components can now talk to cluster DNS #1379 (thz)
  • Non-default IP can now be used for cluster DNS #1393 (glower)
  • SSH keypair can now be detached from a cluster #1395 (p0lyn0mial)
  • Removed Kubermatic API v2 #1409 (p0lyn0mial)
  • Added EFK stack in seed clusters #1430 (pkavajin)
  • Fixed some issues with eleasticsearch #1484 (pkavajin)
  • Master components will now talk to the apiserver over secure port #1486 (thz)
  • Added support for Kubernetes version 1.11.0 #1493 (alvaroaleman)
  • Clients will now talk to etcd over TLS #1495 (mrIncompetent)
  • Communication between apiserver and etcd is now encrypted #1496 (mrIncompetent)
  • With the introduction of Kubermatic's addon manager, the K8S addon manager's deployments will be automatically cleaned up on old setups #1513 (mrIncompetent)
  • controller-manager will now automatically restart on backup config change #1548 (bashofmann)
  • The control plane now has its own DNS resolver #1549 (alvaroaleman)
  • apiserver will now automatically restart on master-files change #1552 (cbeneke)
  • Add missing reconciling of the OpenVPN config inside the user cluster #1605 (mrIncompetent)
  • Add pod anti-affinity for the etcd StatefulSet #1607 (mrIncompetent)
  • Add PodDisruptionBudget for the etcd StatefulSet #1608 (mrIncompetent)
  • Add support for configuring component settings(Replicas & Resources) via the cluster object #1636 (mrIncompetent)
  • Update nodeport-proxy to v1.2 #1640 (mrIncompetent)
  • Added access to the private quay.io repos from the kubermatic helm template #1652 (glower)
  • the correct default StorageClass is now installed into the user cluster via an extra addon #1670 (glower)
  • Update machine-controller to v0.7.18 #1708 (mrIncompetent)
  • Add support for Kubernetes 1.9.10, 1.10.6 and 1.11.1 #1712 (mrIncompetent)
  • Add possibility to override the seed DNS name for a given node datacenter via the datacenters.yaml #1715 (mrIncompetent)
  • Heapster is replaced by metrics-server. #1730 (glower)
  • Combine the two existing CA secrets into a single one #1732 (mrIncompetent)
  • It is now possible to customize user cluster configmaps/secrets via a MutatingAdmissionWebhook #1740 (alvaroaleman)
  • Make s3-exporter endpoint configurable #1772 (bashofmann)
  • Update nginx ingress controller to 0.18.0 #1800 (bashofmann)

Monitoring:

Dashboard:

  • Fixed cluster settings view for Openstack #746 (kgroschoff)
  • Fixed error appearing when trying to change selected OS #699 (kgroschoff)
  • Openstack: fixed an issue, where list of tenants wouldn't get loaded when returning from summary page #705 (kgroschoff)
  • Fixed confirmation of cluster deletion #718 (kgroschoff)
  • Fixed the link to Kubernetes dashboard #740 (guusvw)
  • vSphere: custom cluster vnet can now be selected #708 (kgroschoff)
  • Openstack: the list of available networks and floating IP pools will be loaded from the API #737 (j3ank)
  • Dashboard metrics can now be collected by Prometheus #678 (pkavajin)
  • Redesigned cluster creation summary page #688 (kgroschoff)
  • Default template images for Openstack and vSphere are now taken from datacenter configuration #689 (kgroschoff)
  • Various minor fixes and improvements

v2.6.16

v2.6.15

  • Added addon for default StorageClass depending on a cloud provider #1697 (glower)

v2.6.14

Cloud Provider:

  • Azure: fixed minor issue with seed clusters running on Azure #1657 (thz)

Misc:

  • Updated machine-controller to v0.7.17 #1677 (thz)

v2.6.13

v2.6.11

Cloud Provider:

Misc:

v2.6.10

v2.6.9

  • controller-manager will now automatically restart on backup config change #1548 (bashofmann)
  • apiserver will now automatically restart on master-files change #1552 (cbeneke)

v2.6.8

  • Minor fixes and improvements

v2.6.7

Misc:

  • With the introduction of Kubermatic's addon manager, the K8S addon manager's deployments will be automatically cleaned up on old setups #1513 (mrIncompetent)

v2.6.6

v2.6.5

Bugfix:

Cloud Provider:

  • Image templates can now be configured in datacenter.yaml for Openstack and vSphere #1397 (mrIncompetent)

Misc:

  • Non-default IP can now be used for cluster DNS #1393 (glower)

Monitoring:

  • Error metrics are now collected for Kubermatic API endpoints #1376 (pkavajin)

Dashboard:

  • Minor visual improvements #684 (kgroschoff)
  • The node list will no longer be expanded when clicking on an IP #676 (kgroschoff)
  • Openstack: the tenant can now be picked from a list loaded from the API #679 (kgroschoff)
  • Added a button to easily duplicate an existing node #675 (kgroschoff)
  • A note has been added to the footer identifying whether the dashboard is a part of a demo system #682 (kgroschoff)
  • Enabled CoreOS on Openstack #673 (kgroschoff)
  • cri-o has been disabled #670 (kgroschoff)
  • Node deletion can now be confirmed by pressing enter #672 (kgroschoff)

v2.6.3

Cloud Provider:

Misc:

v2.6.2

  • Minor fixes and improvements for Openstack support

v2.6.1

Cloud Provider:

Misc:

Monitoring:

v2.6.0

Bugfix:

  • Cluster IPv6 addresses will be ignored on systems on which they are available #1017 (mrIncompetent)
  • Fixed an issue with duplicate users being sometimes created #990 (mrIncompetent)

Cloud Provider:

Misc:

Monitoring:

  • Added alerts for kubermatic master components being down #1031 (metalmatze)
  • Massive amount of general improvements to alerting