@dghubble dghubble released this Dec 8, 2018

Assets 2

Addons

  • Update Grafana from v5.3.4 to v5.4.0
  • Disable Grafana login form, since admin user can't be disabled (#352)
    • Example manifests aim to provide a read-only dashboard view

@dghubble dghubble released this Nov 28, 2018 · 5 commits to master since this release

Assets 2
  • Kubernetes v1.12.3
  • Add enable_reporting variable (default "false") to provide upstreams with usage data (#345)
  • Change kube-apiserver --kubelet-preferred-address-types to InternalIP,ExternalIP,Hostname
  • Update Calico from v3.3.0 to v3.3.1
    • Disable Felix usage reporting by default (#345)
  • Improve flannel manifests
    • Rename kube-flannel DaemonSet to flannel and kube-flannel-cfg ConfigMap to flannel-config
    • Drop unused mounts and add a CPU resource request
  • Update CoreDNS from v1.2.4 to v1.2.6
    • Enable CoreDNS loop and loadbalance plugins (#340)
  • Fix pod-checkpointer log noise and checkpointable pods detection (#346)
  • Use kubernetes-incubator/bootkube v0.14.0
  • Recommend switching from ~/.terraformrc to the Terraform third-party plugins directory ~/.terraform.d/plugins/.
    • Allows pinning terraform-provider-ct and terraform-provider-matchbox versions
    • Improves safety of later plugin version migrations

Azure

  • Use eviction policy Delete for Low priority virtual machine scale set workers (#343)
    • Fix issue where Azure defaults to Deallocate eviction policy, which required manually restarting deallocated instances. Delete policy aligns Azure with AWS and GCP behavior.
    • Require terraform-provider-azurerm v1.19+ (action required)

Bare-Metal

  • Add Kubelet /etc/iscsi and iscsadm mounts on bare-metal for iSCSI (#103)

Addons

  • Update nginx-ingress from v0.20.0 to v0.21.0
  • Update Prometheus from v2.4.3 to v2.5.0
  • Update Grafana from v5.3.2 to v5.3.4

@dghubble dghubble released this Oct 29, 2018 · 26 commits to master since this release

Assets 2

v1.12.2

  • Kubernetes v1.12.2
  • Update CoreDNS from 1.2.2 to 1.2.4
  • Update Calico from v3.2.3 to v3.3.0
  • Disable Kubelet read-only port (#324)
  • Fix CoreDNS AntiAffinity spec to prefer spreading replicas
  • Ignore controller node user-data changes (#335)
    • Once all managed clusters use v1.12.2, it is possible to update terraform-provider-ct

AWS

  • Add disk_iops variable for EBS volume IOPS (#314)

Azure

  • Use new azurerm_network_interface_backend_address_pool_association (#332)
    • Require terraform-provider-azurerm v1.17+ (action required)
  • Add primary field to ip_configuration needed by v1.17+ (#331)

DigitalOcean

  • Add AAAA DNS records resolving to worker nodes (#333)
    • Hosting IPv6 apps requires editing nginx-ingress with hostNetwork: true

Google Cloud

  • Add an IPv6 address and IPv6 forwarding rules for load balancing IPv6 Ingress (#334)
    • Add ingress_static_ipv6 output variable for use in AAAA DNS records
    • Allow serving IPv6 applications via Kubernetes Ingress

Addons

  • Configure Heapster to scrape Kubelets with bearer token auth (#323)
  • Update Grafana from v5.3.1 to v5.3.2

@dghubble dghubble released this Oct 17, 2018 · 43 commits to master since this release

Assets 2
  • Kubernetes v1.12.1
  • Update etcd from v3.3.9 to v3.3.10
  • Update CoreDNS from 1.1.3 to 1.2.2
  • Update Calico from v3.2.1 to v3.2.3
  • Raise scheduler and controller-manager replicas to the larger of 2 or number of controller nodes (#312)
    • Single-controller clusters continue to run 2 replicas as before
  • Raise default CoreDNS replicas to the larger of 2 or the number of controller nodes (#313)
    • Add AntiAffinity preferred rule to favor spreading CoreDNS pods
  • Annotate control plane and addon containers to use the Docker runtime seccomp profile (#319)
    • Override Kubernetes default behavior that starts containers with seccomp=unconfined

Azure

  • Remove admin_password field (disabled) since it is now optional
    • Require terraform-provider-azurerm v1.16+ (action required)

Bare-Metal

  • Add support for cached_install mode with Flatcar Linux (#315)

DigitalOcean

  • Require terraform-provider-digitalocean v1.0+ (action required)

Addons

  • Update nginx-ingress from v0.19.0 to v0.20.0
  • Update Prometheus from v2.3.2 to v2.4.3
  • Update Grafana from v5.2.4 to v5.3.1

@dghubble dghubble released this Sep 16, 2018 · 62 commits to master since this release

Assets 2
  • Kubernetes v1.11.3
  • Introduce Typhoon for Azure as alpha (#288)
  • Update Calico from v3.1.3 to v3.2.1 (#278)

AWS

  • Remove firewall rule allowing ICMP packets to nodes (#285)

Bare-Metal

  • Remove controller_networkds and worker_networkds variables. Use Container Linux Config snippets #277

Google Cloud

  • Fix firewall to allow etcd client port 2379 traffic between controller nodes (#287)
    • kube-apiservers were only able to connect to their node's local etcd peer. While master node outages were tolerated, reaching a healthy peer took longer than necessary in some cases
    • Reduce time needed to bootstrap the cluster
  • Remove firewall rule allowing workers to access Nginx Ingress health check (#284)
    • Nginx Ingress addon no longer uses hostNetwork, Prometheus scrapes via CNI network

Addons

  • Update nginx-ingress from 0.17.1 to 0.19.0
  • Update kube-state-metrics from v1.3.1 to v1.4.0
  • Update Grafana from 5.2.2 to 5.2.4

@dghubble dghubble released this Aug 11, 2018 · 85 commits to master since this release

Assets 2
  • Kubernetes v1.11.2
  • Update etcd from v3.3.8 to v3.3.9
  • Use kubernetes-incubator/bootkube v0.13.0
  • Fix Fedora Atomic modules' Kubelet version (#270)

Bare-Metal

  • Introduce Container Linux Config snippets on bare-metal
    • Validate and additively merge custom Container Linux Configs during terraform plan
    • Define files, systemd units, dropins, networkd configs, mounts, users, and more
    • Require terraform-provider-ct plugin v0.2.1 (action required!)

Addons

  • Update nginx-ingress from 0.16.2 to 0.17.1
  • Add nginx-ingress manifests for bare-metal
  • Update Grafana from 5.2.1 to 5.2.2
  • Update heapster from v1.5.3 to v1.5.4

@dghubble dghubble released this Jul 22, 2018 · 97 commits to master since this release

Assets 2
  • Kubernetes v1.11.1
    • Defaults now enable the pod Priority admission controller

Addons

  • Update Prometheus from v2.3.1 to v2.3.2

Errata

  • Fedora Atomic modules shipped with Kubelet v1.11.0, instead of v1.11.1. Fixed in #270.

@dghubble dghubble released this Jul 4, 2018 · 101 commits to master since this release

Assets 2
  • Kubernetes v1.11.0
  • Force apiserver to stop listening on 127.0.0.1:8080
  • Replace kube-dns with CoreDNS (#261)
    • Edit the coredns ConfigMap to customize
    • CoreDNS doesn't use a resizer. For large clusters, scaling may be required.

AWS

  • Update from Fedora Atomic 27 to 28 (#258)

Bare-Metal

  • Update from Fedora Atomic 27 to 28 (#263)

Google

  • Promote Google Cloud to stable
  • Update from Fedora Atomic 27 to 28 (#259)
  • Remove ingress_static_ip module output. Use ingress_static_ipv4.
  • Remove controllers_ipv4_public module output.

Addons

  • Update nginx-ingress from 0.15.0 to 0.16.2
  • Update Grafana from 5.1.4 to 5.2.1
  • Update heapster from v1.5.2 to v1.5.3

@dghubble dghubble released this Jun 23, 2018 · 114 commits to master since this release

Assets 2

AWS

  • Switch kube-apiserver port from 443 to 6443 (#248)
  • Combine apiserver and ingress NLBs (#249)
    • Reduce cost by ~$18/month per cluster. Typhoon AWS clusters now use one network load balancer.
    • Ingress addon users may keep using CNAME records to the ingress_dns_name module output (few million RPS)
    • Ingress users with heavy traffic (many million RPS) should create a separate NLB(s)
  • Worker pools no longer include an extraneous load balancer. Remove worker module's ingress_dns_name output
  • Disable detailed (paid) monitoring on worker nodes (#251)
    • Favor Prometheus for cloud-agnostic metrics, aggregation, and alerting
  • Add worker_target_group_http and worker_target_group_https module outputs to allow custom load balancing
  • Add target_group_http and target_group_https worker module outputs to allow custom load balancing

Bare-Metal

  • Switch kube-apiserver port from 443 to 6443 (#248)
    • Users who exposed kube-apiserver on a WAN via their router/load-balancer will need to adjust its configuration (e.g. DNAT 6443). Most apiservers are on a LAN (internal, VPN-only, etc) so if you didn't specially configure network gear for 443, no change is needed. (possible action required)
  • Fix possible deadlock when provisioning clusters larger than 10 nodes (#244)

DigitalOcean

  • Switch kube-apiserver port from 443 to 6443 (#248)
    • Update firewall rules and generated kubeconfig's

Google Cloud

  • Use global HTTP and TCP proxy load balancing for Kubernetes Ingress (#252)
    • Switch Ingress from regional network load balancers to global HTTP/TCP Proxy load balancing
    • Reduce cost by ~$19/month per cluster. Google bills the first 5 global and regional forwarding rules separately. Typhoon clusters now use 3 global and 0 regional forwarding rules.
  • Worker pools no longer include an extraneous load balancer. Remove worker module's ingress_static_ip output
  • Allow using nginx-ingress addon on Fedora Atomic clusters (#200)
  • Add worker_instance_group module output to allow custom global load balancing
  • Add instance_group worker module output to allow custom global load balancing
  • Deprecate ingress_static_ip module output. Add ingress_static_ipv4 module output instead.
  • Deprecate controllers_ipv4_public module output

Addons

  • Update CLUO from v0.6.0 to v0.7.0 (#242)
  • Update Prometheus from v2.3.0 to v2.3.1
  • Update Grafana from 5.1.3 to 5.1.4
  • Drop hostNetwork from nginx-ingress addon
    • Both flannel and Calico support host port via portmap
    • Allows writing NetworkPolicies that reference ingress pods in from or to. HostNetwork pods were difficult to write network policy for since they could circumvent the CNI network to communicate with pods on the same node.

@dghubble dghubble released this Jun 10, 2018 · 129 commits to master since this release

Assets 2
  • Kubernetes v1.10.4
  • Update etcd from v3.3.5 to v3.3.6
  • Update Calico from v3.1.2 to v3.1.3

Addons

  • Update Prometheus from v2.2.1 to v2.3.0
  • Add Prometheus liveness and readiness probes
  • Annotate Grafana service so Prometheus scrapes metrics
  • Label namespaces to ease writing Network Policies