1.8.7-tectonic.2

Tectonic 1.8.7-tectonic.2 (2018-03-01)

Core Components

• Updates to Kubernetes v1.8.7
• Improved log streaming and exec functionality within non-standard DNS configurations by re-ordering Kubelet kubelet-preferred-address-types flag
• Improved mounting NFS volumes by changing dependency on rpc-statsd
• Enhanced resiliency when triggering a manual node reboot while that node is awaiting an automated update
• Added Metering and Chargeback as an optional add-on
  • Break down resource usage by Namespace, Node, or Pod
  • Access reports via the UI or download a CSV for further processing
  • On AWS, correlate cost with Pod resource usage
  • Available as a public alpha and it's APIs may change

Tectonic Installer

• Improved ability to install through a proxy
• On AWS, a new parameter is available to specify your etcd instance role
• Add ability to configure custom root volume sizes on Azure

Tectonic Open Cloud Services

• Added Subscription resource for controlling automated upgrade policy of Open Cloud Services
• Vault Open Cloud Service
  • Graduated to Beta from Alpha
• etcd Open Cloud Service
  • Graduated to Beta from Alpha
  • Added the ability to trigger automated backups and restore operations
  • Updated initContainer for improved DNS resolution in certain environments

Tectonic Console

• Improved security through redesigned session handling
  • All users will be logged out as part of update process
• Improved the UX for timed out requests
• Lengthened all request timeout durations

Tectonic Monitoring

• Reconfigured for better security
• Enabled TLS on node exporter endpoints
  • Randomized Grafana admin credentials
  • Dashboards managed by Tectonic are now uneditable
• Enhanced monitoring of the cluster's etcd cluster
  • New dashboard dedicated to etcd performance
  • New alerting rules for etcd performance
• Fix issue where the AlertManager address did not contain a custom port in the address. Azure is the only affected platform.

Tectonic Apps

• Added the ability to create user-defined Tectonic Apps
  • Available as a public alpha: APIs may change
• Created the Helm App Operator Kit for packaging Helm Charts as Tectonic Apps

1.8.4-tectonic.3

Tectonic 1.8.4-tectonic.3 (2018-01-04)

Tectonic Console

• Addresses an Information Disclosure Vulnerability (CVE-2018-5256) allowing unauthenticated users to access the list of Namespaces and Custom Resource Definitions (CRDs). See the blog post for more details.

1.7.9-tectonic.4

Tectonic 1.7.9-tectonic.4 (2018-01-04)

Tectonic Console

• Addresses an Information Disclosure Vulnerability (CVE-2018-5256) allowing unauthenticated users to access the list of Namespaces. See the blog post for more details.

1.8.4-tectonic.2

Core Components

• Improve the logic used to sanity check any remaining Third Party Resources (TPRs) in the cluster before upgrade.

Tectonic Installer

• Fix bug related to the default update channel

Upgrading to 1.8.4-tectonic.2

• Review the upgrade notes for 1.8.4-tectonic.1 before upgrading

1.8.4-tectonic.1

Tectonic 1.8.4-tectonic.1 (2017-12-19)

Core Components

• Updates to Kubernetes v1.8.4
• Updates to Docker 17.03
  • With this release and going forward, Tectonic will manage the version of the Docker Engine that's installed on the platform and automatically update it to the most recent validated release. We ship Docker 17.03 with Tectonic 1.8 and it's been fully tested for security and stability.

Tectonic Installer

• Enable flannel hairpin mode

Tectonic Open Cloud Services

• Read the introduction blog post
• New Vault Open Cloud Service
  • Install and manage instances of a highly available secret store
  • Ability to enable specific namespaces to run Vault
• Enhancements to the etcd Open Cloud Service
  • Visualize key etcd metrics
  • Ability to enable specific namespaces to run etcd
  • General user interface improvements
• Enhancements to the Prometheus Open Cloud Service user interface
  • Ability to enable specific namespaces to run Prometheus
  • General user interface improvements

Tectonic Console

• Ability to jump to open alerts from the main dashboard
• Ability to jump to crash looping pods from the main dashboard
• Improves the accuracy of CPU and other cluster health gauges
• Enhanced search page with filtering
• Fixes bug when editing Node labels

Tectonic Monitoring

• Updates to Prometheus 2.0. Read the overview on the CoreOS blog.
• Dramatically reduced resource usage

Known Issues

• The Service endpoint that routes to the API Server(s) may contain stale entries when setting the --apiserver-count flag greater than one. The CoreOS engineering team has merged code to fix this behavior, which will be available in Kubernetes 1.9.
  • Upstream issue: kube-apiserver endpoint cleanup when --apiserver-count>1
  • Upstream issue: add apiserver-count fix proposal
• External etcd clusters using hostnames instead of IPs may be affected by a breaking change in etcd v3.2 flags
• Pods that contain initContainers will have a 300 second grace period upon deletion, which is a new Kubernetes default.

Upgrading to 1.8.4-tectonic.1

Upgrading to 1.8.4-tectonic.1 requires first upgrading to 1.7.9-tectonic.3.

Changes between "minor" (vs "patch") versions of Kubernetes are controlled by the Tectonic update channel. After upgrading to the 1.7.9-tectonic.3 release, select the production or pre-production Tectonic-1.8 channel and then click "Update" to start the rolling, no-downtime upgrade process.

ThirdPartyResources (TPRs) were deprecated in Kubernetes 1.7 and replaced by CustomResourceDefinitions (CRDs). As of 1.8, TPRs have been completely removed from 1.8. Transition all TPRs within your cluster to CRDs before upgrading to Tectonic 1.8.x. If TPRs are present, your upgrade will pause until they are removed.

1.7.9-tectonic.3

Tectonic 1.7.9-tectonic.3 (2017-12-18)

Core Components

• Allow future updates to Tectonic v1.8.x releases

1.7.9-tectonic.2

Tectonic 1.7.9-tectonic.2 (2017-11-20)

Installer

• Improve error handling when an AWS role can't prefill the IAM dropdown with other IAM roles

Console

• Fix bug that caused RoleBinding action cogs to behave incorrectly

1.7.9-tectonic.1

Tectonic 1.7.9-tectonic.1 (2017-11-10)

Core Components

• Updates to Kubernetes v1.7.9

Console

• Ability to download a pre-generated kubeconfig for a Service Account
• Improved performance under the hood
• Improved error and access control messages

Tectonic Installer

• Improved handling of install time secrets using environment variables
• Fixed error in URL validation when using an external etcd cluster

1.7.5-tectonic.1

Tectonic 1.7.5-tectonic.1 (2017-10-11)

Core Components

• Updates to Kubernetes v1.7.5
• Updates the Kubernetes DNS server to address the following vulnerabilities:
  • CVE-2017-14491: DNS - 2 byte heap based overflow
  • CVE-2017-14492: DHCP - heap based overflow
  • CVE-2017-14493: DHCP - stack based overflow
  • CVE-2017-14494: DHCP - info leak
  • CVE-2017-14495: DNS - OOM DoS
  • CVE-2017-14496: DNS - DoS Integer underflow

Console

• Enhanced cluster status page with monitoring overview
• Added ability to link to filtered table
• Fixed bug related to Safari’s handling of authentication headers on redirects
• Fixed a bug related to editing your Tectonic License
• Improvements to RBAC

Tectonic Monitoring

• Includes a Grafana managed with automated operations
• Pre-populated dashboards are behind cluster authentication

Tectonic Installer

• Updated to Terraform 0.10
• Improved error handling and progress output
• Enhancements and improvements for Microsoft Azure

1.7.3-tectonic.4

Merge pull request #2064 from yifan-gu/bump_1734

config.tf: Bump version to 1.7.3-tectonic.4