- Added Kubernetes v1.16.13, and removed v1.16.2-7 (#5662)
- Updated machine-controller to v1.8.4 to address issue in CNI plugins (#5442)
- Openstack: fixed a bug preventing the usage of pre-existing subnets connected to distributed routers (#5334)
- Update machine-controller to v1.8.2 to fix the Docker daemon/CLI version incompatibility (#5426)
- System labels can no longer be removed by the user. (#4983)
- End-of-Life Kubernetes v1.14 is no longer supported. (#4988)
- Added Kubernetes v1.15.7, v1.15.9, v1.16.4, v1.16.6 (#4995)
- A bug that occasionally resulted in a
Error: no matches for kind "MachineDeployment" in version "cluster.k8s.io/v1alpha1"
visible in the UI was fixed. (#4870) - A memory leak in the port-forwarding of the Kubernetes dashboard and Openshift console endpoints was fixed (#4879)
- Enabled edit options for kubeAdm (#1873)
- Fixed an issue with adding new node deployments on Openstack (#1836)
- Added migration for cluster user labels (#4744)
- Added Kubernetes v1.14.9, v1.15.6 and v1.16.3 (#4752)
- Openstack: A bug that caused cluster reconciliation to fail if the controller crashed at the wrong time was fixed (#4754)
- Fixed extended cluster options not being properly applied (#1812)
- A panic that could occur on clusters that lack both credentials and a credentialsSecret was fixed. (#4742)
- The robustness of vSphere machine reconciliation has been improved. (#4651)
- Fixed Seed Validation Webhook rejecting new Seeds in certain situations (#4662)
- Rolled nginx-ingress-controller back to 0.25.1 to fix SSL redirect issues. (#4693)
- VSphere: Fixed a bug that resulted in a faulty cloud config when using a non-default port (#4562)
- Fixed master-controller failing to create project-label-synchronizer controllers. (#4577)
- Fixed broken NodePort-Proxy for user clusters with LoadBalancer expose strategy. (#4590)
1.14.8
1.15.5
1.16.2
- Openshift
v4.1.18
preview
- Kubernetes 1.16 support was added (#4313)
- It is now possible to also configure automatic node updates by setting
automaticNodeUpdate: true
in theupdates.yaml
. This option impliesautomatic: true
as node versions must not be newer than the version of the corresponding controlplane. (#4258) - Cloud credentials can now be configured as presets (#3723)
- Access to datacenters can now be restricted based on the user's email domain. (#4470)
- It is now possible to open the Kubernetes Dashboard from the Kubermatic UI. (#4460)
- An option to use AWS Route53 DNS validation was added to the
certs
chart. (#4397) - Added possibility to add labels to projects and clusters and have these labels inherited by node objects.
- Added support for Kubernetes audit logging (#4151)
- Connect button on cluster details will now open Kubernetes Dashboard/Openshift Console (#1667)
- Pod Security Policies can now be enabled (#4062)
- Added support for optional cluster addons (#1683)
- ACTION REQUIRED: the
zone_character
field must be removed from all AWS datacenters indatacenters.yaml
(#3986) - ACTION REQUIRED: The default number of apiserver replicas was increased to 2. You can revert to the old behavior by setting
.Kubermatic.apiserverDefaultReplicas
in thevalues.yaml
(#3885) - ACTION REQUIRED: The literal credentials on the
Cluster
object are being deprecated in favor of storing them in a secret. If you have addons that use credentials, replace.Cluster.Spec.Cloud
with.Credentials
. (#4463) - ACTION REQUIRED: Kubermatic now doesn't accept unknown keys in its config files anymore and will crash if an unknown key is present
- ACTION REQUIRED: BYO datacenters now need to be specific in the
datacenters.yaml
with a value of{}
, e.Gbringyourown: {}
(#3794) - ACTION REQUIRED: Velero does not backup Prometheus, Elasticsearch and Minio by default anymore. (#4482)
- ACTION REQUIRED: On AWS, the nodeport-proxy will be recreated as NLB. DNS entries must be updated to point to the new LB. (#3840)
- The deprecated nodePortPoxy key for Helm values has been removed. (#3830)
- Support setting oidc authentication settings on cluster (#3751)
- The worker-count of controller-manager and master-controller are now configurable (#3918)
- master-controller-manager can now be deployed with multiple replicas (#4307)
- It is now possible to configure an http proxy on a Seed. This will result in the proxy being used for all control plane pods in that seed that talk to a cloudprovider and for all machines in that Seed, unless its overridden on Datacenter level. (#4459)
- The cert-manager Helm chart now allows configuring extra values for its controllers args and env vars. (#4398)
- A fix for CVE-2019-11253 for clusters that were created with a Kubernetes version < 1.14 was deployed (#4520)
- Added Swagger UI for Kubermatic API (#1418)
- Redesign dialog to manage SSH keys on cluster (#1353)
- GCP zones are now fetched from API. (#1379)
- Redesign Wizard: Summary (#1409)
- Cluster type toggle in wizard is now hidden if only one cluster type is active (#1425)
- Disabled the possibility of adding new node deployments until the cluster is fully ready. (#1439)
- The cluster name is now editable from the dashboard (#1455)
- Added warning about node deployment changes that will recreate all nodes. (#1479)
- OIDC client id is now configurable (#1505)
- Replaced particles with a static background. (#1578)
- Pod Security Policy can now be activated from the wizard. (#1647)
- Redesigned extended options in wizard (#1609)
- Various security improvements in authentication
- Various other visual improvements
- Alertmanager's inhibition feature is now used to hide consequential alerts. (#3833)
- Removed cluster owner name and email labels from kubermatic_cluster_info metric to prevent leaking PII (#3854)
- New Prometheus metrics kubermatic_addon_created kubermatic_addon_deleted
- New alert KubermaticAddonDeletionTakesTooLong (#3941)
- FluentBit will now collect the journald logs (#4001)
- FluentBit can now collect the kernel messages (#4007)
- FluentBit now always sets the node name in logs (#4010)
- Added new KubermaticClusterPaused alert with "none" severity for inhibiting alerts from paused clusters (#3846)
- Removed Helm-based templating in Grafana dashboards (#4475)
- Added type label (kubernetes/openshift) to kubermatic_cluster_info metric. (#4452)
- Added metrics endpoint for cluster control plane:
GET /api/v1/projects/{project_id}/dc/{dc}/clusters/{cluster_id}/metrics
(#4208) - Added a new endpoint for node deployment metrics:
GET /api/v1/projects/{project_id}/dc/{dc}/clusters/{cluster_id}/nodedeployments/{nodedeployment_id}/metrics
(#4176)
- Openstack: A bug that could result in many security groups being created when the creation of security group rules failed was fixed (#3848)
- Openstack: Fixed a bug preventing an interrupted cluster creation from being resumed. (#4476)
- Openstack: Disk size of nodes is now configurable (#4153)
- Openstack: Added a security group API compatibility workaround for very old versions of Openstack. (#4479)
- Openstack: Fixed fetching the list of tenants on some OpenStack configurations with one region (#4182)
- Openstack: Added support for Project ID to the wizard (#1386)
- Openstack: The project name can now be provided manually (#1423)
- Openstack: Fixed API usage for datacenters with only one region (#4538)
- Openstack: Fixed a bug that resulted in the router not being attached to the subnet when the subnet was manually created (#4521)
- AWS: MachineDeployments can now be created in any availability zone of the cluster's region (#3870)
- AWS: Reduced the role permissions for the control-plane & worker role to the minimum (#3995)
- AWS: The subnet can now be selected (#1499)
- AWS: Setting
Control plane role (ARN)
now is possible (#1512) - AWS: VM sizes are fetched from the API now. (#1513)
- AWS: Worker nodes can now be provisioned without a public IP (#1591)
- GCP: machine and disk types are now fetched from GCP.(#1363)
- vSphere: the VM folder can now be configured
- Added support for KubeVirt provider (#1608)
- A bug that sometimes resulted in the creation of the initial NodeDeployment failing was fixed (#3894)
kubeadm join
has been fixed for v1.15 clusters (#4161)- Fixed a bug that could cause intermittent delays when using kubectl logs/exec with
exposeStrategy: LoadBalancer
(#4278) - A bug that prevented node Labels, Taints and Annotations from getting applied correctly was fixed. (#4368)
- Fixed worker nodes provisioning for instances with a Kernel >= 4.19 (#4178)
- Fixed an issue that kept clusters stuck if their creation didn't succeed and they got deleted with LB and/or PV cleanup enabled (#3973)
- Fixed an issue where deleted project owners would come back after a while (#4025)
- Enabling the OIDC feature flag in clusters has been fixed. (#4127)
- The share cluster feature now allows to use groups, if passed by the IDP. All groups are prefixed with
oidc:
(#4244) - The kube-proxy mode (ipvs/iptables) can now be configured. If not specified, it defaults to ipvs. (#4247)
- Addons can now read the AWS region from the
kubermatic.io/aws-region
annotation on the cluster (#4434) - Allow disabling of apiserver endpoint reconciling. (#4396)
- Allow cluster owner to manage RBACs from Kubermatic API (#4321)
- The default service CIDR for new clusters was increased and changed from 10.10.10.0/24 to 10.240.16.0/20 (#4227)
- Retries of the initial node deployment creation do not create an event anymore but continue to be logged at debug level. (#4226)
- Added option to enforce cluster cleanup in UI (#3966)
- Support PodSecurityPolicies in addons (#4174)
- Kubernetes versions affected by CVE-2019-9512 and CVE-2019-9514 have been dropped (#4113)
- Kubernetes versions affected by CVE-2019-11247 and CVE-2019-11249 have been dropped (#4066)
- Kubernetes 1.13 which is end-of-life has been removed. (#4327)
- Updated Alertmanager to 0.19 (#4340)
- Updated blackbox-exporter to 0.15.1 (#4341)
- Updated Canal to v3.8 (#3791)
- Updated cert-manager to 0.10.1 (#4407)
- Updated Dex to 2.19 (#4343)
- Updated Envoy to 1.11.1 (#4075)
- Updated etcd to 3.3.15 (#4199)
- Updated FluentBit to v1.2.2 (#4022)
- Updated Grafana to 6.3.5 (#4342)
- Updated helm-exporter to 0.4.2 (#4124)
- Updated kube-state-metrics to 1.7.2 (#4129)
- Updated Minio to 2019-09-18T21-55-05Z (#4339)
- Updated machine-controller to v1.5.6 (#4310)
- Updated nginx-ingress-controller to 0.26.1 (#4400)
- Updated Prometheus to 2.12.0 (#4131)
- Updated Velero to v1.1.0 (#4468)