Release Notes

Compliant Kubernetes

Note

For a more detailed look check out the full changelog.

V0.26.0

Released 2022-09-19

Updated

  • Harbor upgraded to v2.6.0
  • Upgraded Opensearch helm chart to 2.6.0, this upgrades Opensearch to 2.3.0. For more information about the upgrade, check out their 2.3 Launch Announcement.

Fixed

  • Fixed the welcome dashboard template for OpenSearch Dashboards

Added

  • Option to create custom solvers for letsencrypt issuers, including a simple way to add secrets
  • Kube-bench runs on every node Automated CIS tests are performed on each node using kube-bench Added a CIS kube-bench Grafana dashboard
  • Added option for kured to notify to slack when draning and rebooting nodes
  • Allow users to proxy and port-forward to prometheus running in the workload cluster

v0.25.0

Released 2022-08-25

Added

  • Added Hierarchical Namespace Controller
    Allowing users to create and manage subnamespaces, namespaces within namespaces. You can read more about this in our FAQ.
  • Added support for custom solvers in cluster issuers
    Allowing DNS01 challenges for certificate requests.
  • Added support for running Harbor in High Availability

Updated

  • Updated cert-manager from v1.6.1 to v1.8.2
    API versions v1alpha2, v1alpha3, and v1beta1 have been removed from the custom resource definitions (CRDs), certificate rotation policy will now be validated. See their changelog for more details.

  • Updated OpenSearch with new usability improvements and features
    Checkout their launch announcement.

Changed

  • New additions to the Kubernetes cluster status Grafana dashboard
    It now shows information about resource requests and limits per node, and resource usage vs request per pod.

v0.24.1

Released 2022-08-01

  • Required patch to be able to use release v0.24.0

Fixed

  • Fixed a formatting issue with harbor s3 configuration.

v0.24.0

Released 2022-07-25

Updated

  • Upgraded Helm stack
    Upgrades for Helm, Helmfile and Helm-secrets.

  • Image upgrade to node-local-dns

Changed

  • Improved stability to automatic node reboots

Added

  • Further configurability to ingress-nginx

v0.23.0

Released 2022-07-06

Updated

  • Updated the ingress controller ingress-nginx to image version v1.2.1
  • You can find the changelog here.

Changed

  • Added support for accessing Alertmanager via port-forward

Added

  • Backups can now be encrypted before they are replicated to an off-site S3 service.
  • Improved metrics and alerting for OpenSearch.

Fixed

  • The deployment of Dex is now properly configured to be HA, ensuring that the Dex instances are placed on different Kubernetes worker nodes.

v0.22.0

Released 2022-06-01

Added

  • Added support for Elastx and UpCloud!

  • New 'Welcoming' dashboard in OpenSearch and Grafana.
    Users can now access public docs and different urls to the services provided by Compliant Kubernetes.

  • Improved availability of metrics and alerting.
    Alertmanager now runs with two replicas by default, Prometheus can now be run in HA mode.

  • Added Falco rules to reduce alerts for services in Compliant Kubernetes.
    Falco now alerts less on operations that are expected out of these services.

Fixed

  • Fixed a bug where users couldn't silence alerts when portforwarding to alertmanager.

  • Improved logging stack and fixed a number of issues to ensure reliability.

v0.21.0

Released 2022-05-04

Changed

  • Users can now view ClusterIssuers.

  • User admins can now add users to the ClusterRole user-view.
    This is done by adding users to the ClusterRoleBinding extra-user-view.

  • User can now get ClusterIssuers.

  • Ensured all CISO dashboards are available to users.
    All the grafana dashboards in our CISO docs are now available.

  • Better stability for dex
    Dex now runs with two replicas and has been updated.

Updated

  • Image upgrades to reduce number of vulnerabilities
    Upgrades for fluentd, grafana, and harbor chartmuseum.

v0.20.0

Released 2022-03-21

Added

  • Added kured - Kubernetes Reboot Daemon.
    This enables automatic node reboots and security patching of the underlying base Operating System image, container runtime and Kubernetes cluster components.

  • Added fluentd grafana dashboard and alerts.

  • Added RBAC for admin users.
    Admin users can now list pods cluster wide and run the kubectl top command.

  • Added containerd support for fluentd.

Changed

  • Added the new OPA policy.
    To disallow the latest image tag.

  • Persist Dex state in Kubernetes.
    This ensure the JWT token received from an OpenID provider is valid even after security patching of Kubernetes cluster components.

  • Add ingressClassName in ingresses where that configuration option is available.

  • Thanos is now enabled by default.

Updated

  • Upgraded nginx-ingress helm chart to v4.0.17
    This upgrades nginx-ingress to v1.1.1. When upgrading an ingressClass object called nginx will be installed, this class has been set as the default class in Kubernetes. Ingress-nginx has been configured to still handle existing ingress objects that do not specify any ingressClassName.

  • Upgraded starboard-operator helm chart to v0.9.1
    This is upgrading starboard-operator to v0.14.1

Removed

  • Removed influxDB and dependent helm charts.

v0.19.1

Released 2022-03-01

Fixed

  • Fixed critical stability issue related to Prometheus rules being evaluated without metrics.

v0.19.0

Released 2022-02-01

Added

  • Added Thanos as a new metrics backend.
    Provides a much more efficient and reliable platform for long-term metrics, with the capabilities to keep metrics for much longer time periods than previously possible.
    InfluxDB will still be supported in this release.

  • Added a new feature to enable off-site replication of backups.
    Synchronizes S3 buckets across regions or clouds to keep an off-site backup.

  • Added a new feature to create and log into separate indices per namespace.
    Currently considered to be an alpha feature.

Changed

  • Replacing Open Distro for Elasticsearch with OpenSearch.
    In this release, since the Open Distro project has reached end of life, Elasticsearch is replaced with OpenSearch and Kibana with OpenSearch Dashboards. OpenSearch is a fully open source fork of Elasticsearch with a compatible API and familiar User Experience.
    Note that recent versions of official Elasticsearch clients and tools will not work with OpenSearch as they employ a product check, compatible versions can be found here.

  • Enforcing OPA policies by default.
    Provides strict safeguards by default.

  • Allowing viewers to inspect and temporarily edit panels in Grafana.
    Gives more insight to the metrics and data shown.

  • Setting Fluentd to log the reason why when it can't push logs to OpenSearch.

Updated

  • Large number of application and service updates, keeping up to date with new security fixes and changes.

v0.18.2

Released 2021-12-16.

Changes:

v0.17.2

Released 2021-12-16.

Changes:

v0.18.1

Released 2021-12-08.

Changes:

v0.17.1

Released 2021-12-08.

Changes:

v0.18.0

Released 2021-11-04.

Changes:

  • Ingress-nginx-controller has been updated from v0.28.0 to v0.49.3, bringing various updates.
    • Additionally, the configuration option allow-snippet-annotations has been set to false to mitigate known security issue CVE-2021-25742
  • Fixes, minor version upgrades, improvements to resource requests and limits for applications, improvements to stability.

v0.17.0

Released 2021-06-29.

Changes:

  • The dashboard tool Grafana has been updated to a new major version of 8.x.x. This introduces new features and fixes, as well as some possibly breaking changes. See their release notes for more information.
  • The single-sign-on service Dex has been updated, bringing small changes and better consistency to the UI.
  • Fixes, improvements to resource limits, resource usage, and stability.

v0.16.0

Released 2021-05-27.

Changes:

  • The default retention values have been changed and streamlined for authlog* and other*. The former will be kept for a longer period of time while the latter for shorter, both have reduced sized according to their actual usage.
  • Updates, fixes, and features to improve the security of the platform.