Release Notes

Compliant Kubernetes

Note

For a more detailed look check out the full changelog.

v0.24.1

Released 2022-08-01

  • Required patch to be able to use release v0.24.0

Fixed

  • Fixed a formatting issue with harbor s3 configuration.

v0.24.0

Released 2022-07-25

Updated

  • Upgraded Helm stack
    Upgrades for Helm, Helmfile and Helm-secrets.

  • Image upgrade to node-local-dns

Changed

  • Improved stability to automatic node reboots

Added

  • Further configurability to ingress-nginx

v0.23.0

Released 2022-07-06

Updated

  • Updated the ingress controller ingress-nginx to image version v1.2.1
  • You can find the changelog here.

Changed

  • Added support for accessing Alertmanager via port-forward

Added

  • Backups can now be encrypted before they are replicated to an off-site S3 service.
  • Improved metrics and alerting for OpenSearch.

Fixed

  • The deployment of Dex is now properly configured to be HA, ensuring that the Dex instances are placed on different Kubernetes worker nodes.

v0.22.0

Released 2022-06-01

Added

  • Added support for Elastx and UpCloud!

  • New 'Welcoming' dashboard in OpenSearch and Grafana.
    Users can now access public docs and different urls to the services provided by Compliant Kubernetes.

  • Improved availability of metrics and alerting.
    Alertmanager now runs with two replicas by default, Prometheus can now be run in HA mode.

  • Added Falco rules to reduce alerts for services in Compliant Kubernetes.
    Falco now alerts less on operations that are expected out of these services.

Fixed

  • Fixed a bug where users couldn't silence alerts when portforwarding to alertmanager.

  • Improved logging stack and fixed a number of issues to ensure reliability.

v0.21.0

Released 2022-05-04

Changed

  • Users can now view ClusterIssuers.

  • User admins can now add users to the ClusterRole user-view.
    This is done by adding users to the ClusterRoleBinding extra-user-view.

  • User can now get ClusterIssuers.

  • Ensured all CISO dashboards are available to users.
    All the grafana dashboards in our CISO docs are now available.

  • Better stability for dex
    Dex now runs with two replicas and has been updated.

Updated

  • Image upgrades to reduce number of vulnerabilities
    Upgrades for fluentd, grafana, and harbor chartmuseum.

v0.20.0

Released 2022-03-21

Added

  • Added kured - Kubernetes Reboot Daemon.
    This enables automatic node reboots and security patching of the underlying base Operating System image, container runtime and Kubernetes cluster components.

  • Added fluentd grafana dashboard and alerts.

  • Added RBAC for admin users.
    Admin users can now list pods cluster wide and run the kubectl top command.

  • Added containerd support for fluentd.

Changed

  • Added the new OPA policy.
    To disallow the latest image tag.

  • Persist Dex state in Kubernetes.
    This ensure the JWT token received from an OpenID provider is valid even after security patching of Kubernetes cluster components.

  • Add ingressClassName in ingresses where that configuration option is available.

  • Thanos is now enabled by default.

Updated

  • Upgraded nginx-ingress helm chart to v4.0.17
    This upgrades nginx-ingress to v1.1.1. When upgrading an ingressClass object called nginx will be installed, this class has been set as the default class in Kubernetes. Ingress-nginx has been configured to still handle existing ingress objects that do not specify any ingressClassName.

  • Upgraded starboard-operator helm chart to v0.9.1
    This is upgrading starboard-operator to v0.14.1

Removed

  • Removed influxDB and dependent helm charts.

v0.19.1

Released 2022-03-01

Fixed

  • Fixed critical stability issue related to Prometheus rules being evaluated without metrics.

v0.19.0

Released 2022-02-01

Added

  • Added Thanos as a new metrics backend.
    Provides a much more efficient and reliable platform for long-term metrics, with the capabilities to keep metrics for much longer time periods than previously possible.
    InfluxDB will still be supported in this release.

  • Added a new feature to enable off-site replication of backups.
    Synchronizes S3 buckets across regions or clouds to keep an off-site backup.

  • Added a new feature to create and log into separate indices per namespace.
    Currently considered to be an alpha feature.

Changed

  • Replacing Open Distro for Elasticsearch with OpenSearch.
    In this release, since the Open Distro project has reached end of life, Elasticsearch is replaced with OpenSearch and Kibana with OpenSearch Dashboards. OpenSearch is a fully open source fork of Elasticsearch with a compatible API and familiar User Experience.
    Note that recent versions of official Elasticsearch clients and tools will not work with OpenSearch as they employ a product check, compatible versions can be found here.

  • Enforcing OPA policies by default.
    Provides strict safeguards by default.

  • Allowing viewers to inspect and temporarily edit panels in Grafana.
    Gives more insight to the metrics and data shown.

  • Setting Fluentd to log the reason why when it can't push logs to OpenSearch.

Updated

  • Large number of application and service updates, keeping up to date with new security fixes and changes.

v0.18.2

Released 2021-12-16.

Changes:

v0.17.2

Released 2021-12-16.

Changes:

v0.18.1

Released 2021-12-08.

Changes:

v0.17.1

Released 2021-12-08.

Changes:

v0.18.0

Released 2021-11-04.

Changes:

  • Ingress-nginx-controller has been updated from v0.28.0 to v0.49.3, bringing various updates.
    • Additionally, the configuration option allow-snippet-annotations has been set to false to mitigate known security issue CVE-2021-25742
  • Fixes, minor version upgrades, improvements to resource requests and limits for applications, improvements to stability.

v0.17.0

Released 2021-06-29.

Changes:

  • The dashboard tool Grafana has been updated to a new major version of 8.x.x. This introduces new features and fixes, as well as some possibly breaking changes. See their release notes for more information.
  • The single-sign-on service Dex has been updated, bringing small changes and better consistency to the UI.
  • Fixes, improvements to resource limits, resource usage, and stability.

v0.16.0

Released 2021-05-27.

Changes:

  • The default retention values have been changed and streamlined for authlog* and other*. The former will be kept for a longer period of time while the latter for shorter, both have reduced sized according to their actual usage.
  • Updates, fixes, and features to improve the security of the platform.

Compliant Kubernetes Kubespray

Note

For a more detailed look check out the full changelog.

v2.19.0-ck8s2

Released 2022-07-22

Changes:

  • Added option to clusteradmin kubeconfigs to use OIDC for authentication.
  • New ansible playbooks to manage kubeconfigs and some RBAC.

v2.19.0-ck8s1

Released 2022-06-27.

Changes:

  • Kubespray updated to v2.19.0
  • Kubernetes version upgrade to version 1.23.7.

v2.18.1-ck8s1

Released 2022-04-26.

Changes:

  • Kubespray updated to v2.18.1 This introduces some fixes for cluster using containerd as container manager.
  • Changed default etcd version to 3.5.3 This fixes an issue where etcd data might get corrupted

v2.18.0-ck8s1

Released 2022-02-18.

Changes:

  • Kubespray updated, including a new Kubernetes version upgrade to version 1.22.5. This introduces new features and fixes, including security updates. There's also a lot of deprecated API's that were removed in this version so take a good look at these notes before upgrading.

v2.17.1-ck8s1

Released 2021-11-11.

Changes:

  • Kubespray updated, including a new Kubernetes version upgrade to version 1.21.6. This patch is mostly minor fixes.

v2.17.0-ck8s1

Released 2021-10-21.

Changes:

  • Kubespray updated, including a new Kubernetes version upgrade to version 1.21.5. This introduces new features and fixes, including security updates and storage capacity tracking.

v2.16.0-ck8s1

Released 2021-07-02.

Changes:

  • Kubespray updated, including Kubernetes upgrade to version 1.20.7. This introduces new features and fixes, including API and component updates.

v2.15.0-ck8s1

Released 2021-05-27.

First stable release!