Release Notes

Compliant Kubernetes

Note

For a more detailed look check out the full changelog.

v0.21.0

Released 2022-05-04

Changed

  • Users can now view ClusterIssuers.

  • User admins can now add users to the ClusterRole user-view.
    This is done by adding users to the ClusterRoleBinding extra-user-view.

  • User can now get ClusterIssuers.

  • Ensured all CISO dashboards are available to users.
    All the grafana dashboards in our CISO docs are now available.

  • Better stability for dex
    Dex now runs with two replicas and has been updated.

Updated

  • Image upgrades to reduce number of vulnerabilities
    Upgrades for fluentd, grafana, and harbor chartmuseum.

v0.20.0

Released 2022-03-21

Added

  • Added kured - Kubernetes Reboot Daemon.
    This enables automatic node reboots and security patching of the underlying base Operating System image, container runtime and Kubernetes cluster components.

  • Added fluentd grafana dashboard and alerts.

  • Added RBAC for admin users.
    Admin users can now list pods cluster wide and run the kubectl top command.

  • Added containerd support for fluentd.

Changed

  • Added the new OPA policy.
    To disallow the latest image tag.

  • Persist Dex state in Kubernetes.
    This ensure the JWT token received from an OpenID provider is valid even after security patching of Kubernetes cluster components.

  • Add ingressClassName in ingresses where that configuration option is available.

  • Thanos is now enabled by default.

Updated

  • Upgraded nginx-ingress helm chart to v4.0.17
    This upgrades nginx-ingress to v1.1.1. When upgrading an ingressClass object called nginx will be installed, this class has been set as the default class in Kubernetes. Ingress-nginx has been configured to still handle existing ingress objects that do not specify any ingressClassName.

  • Upgraded starboard-operator helm chart to v0.9.1
    This is upgrading starboard-operator to v0.14.1

Removed

  • Removed influxDB and dependent helm charts.

v0.19.1

Released 2022-03-01

Fixed

  • Fixed critical stability issue related to Prometheus rules being evaluated without metrics.

v0.19.0

Released 2022-02-01

Added

  • Added Thanos as a new metrics backend.
    Provides a much more efficient and reliable platform for long-term metrics, with the capabilities to keep metrics for much longer time periods than previously possible.
    InfluxDB will still be supported in this release.

  • Added a new feature to enable off-site replication of backups.
    Synchronizes S3 buckets across regions or clouds to keep an off-site backup.

  • Added a new feature to create and log into separate indices per namespace.
    Currently considered to be an alpha feature.

Changed

  • Replacing Open Distro for Elasticsearch with OpenSearch.
    In this release, since the Open Distro project has reached end of life, Elasticsearch is replaced with OpenSearch and Kibana with OpenSearch Dashboards. OpenSearch is a fully open source fork of Elasticsearch with a compatible API and familiar User Experience.
    Note that recent versions of official Elasticsearch clients and tools will not work with OpenSearch as they employ a product check, compatible versions can be found here.

  • Enforcing OPA policies by default.
    Provides strict safeguards by default.

  • Allowing viewers to inspect and temporarily edit panels in Grafana.
    Gives more insight to the metrics and data shown.

  • Setting Fluentd to log the reason why when it can't push logs to OpenSearch.

Updated

  • Large number of application and service updates, keeping up to date with new security fixes and changes.

v0.18.2

Released 2021-12-16.

Changes:

v0.17.2

Released 2021-12-16.

Changes:

v0.18.1

Released 2021-12-08.

Changes:

v0.17.1

Released 2021-12-08.

Changes:

v0.18.0

Released 2021-11-04.

Changes:

  • Ingress-nginx-controller has been updated from v0.28.0 to v0.49.3, bringing various updates.
    • Additionally, the configuration option allow-snippet-annotations has been set to false to mitigate known security issue CVE-2021-25742
  • Fixes, minor version upgrades, improvements to resource requests and limits for applications, improvements to stability.

v0.17.0

Released 2021-06-29.

Changes:

  • The dashboard tool Grafana has been updated to a new major version of 8.x.x. This introduces new features and fixes, as well as some possibly breaking changes. See their release notes for more information.
  • The single-sign-on service Dex has been updated, bringing small changes and better consistency to the UI.
  • Fixes, improvements to resource limits, resource usage, and stability.

v0.16.0

Released 2021-05-27.

Changes:

  • The default retention values have been changed and streamlined for authlog* and other*. The former will be kept for a longer period of time while the latter for shorter, both have reduced sized according to their actual usage.
  • Updates, fixes, and features to improve the security of the platform.

Compliant Kubernetes Kubespray

Note

For a more detailed look check out the full changelog.

v2.18.1-ck8s1

Released 2022-04-26.

Changes:

  • Kubespray updated to v2.18.1 This introduces some fixes for cluster using containerd as container manager.
  • Changed default etcd version to 3.5.3 This fixes an issue where etcd data might get corrupted

v2.18.0-ck8s1

Released 2022-02-18.

Changes:

  • Kubespray updated, including a new Kubernetes version upgrade to version 1.22.5. This introduces new features and fixes, including security updates. There's also a lot of deprecated API's that were removed in this version so take a good look at these notes before upgrading.

v2.17.1-ck8s1

Released 2021-11-11.

Changes:

  • Kubespray updated, including a new Kubernetes version upgrade to version 1.21.6. This patch is mostly minor fixes.

v2.17.0-ck8s1

Released 2021-10-21.

Changes:

  • Kubespray updated, including a new Kubernetes version upgrade to version 1.21.5. This introduces new features and fixes, including security updates and storage capacity tracking.

v2.16.0-ck8s1

Released 2021-07-02.

Changes:

  • Kubespray updated, including Kubernetes upgrade to version 1.20.7. This introduces new features and fixes, including API and component updates.

v2.15.0-ck8s1

Released 2021-05-27.

First stable release!