Platform9 3.10 release notes
Platform9 Managed Kubernetes
1. Kubernetes version upgrade to 1.12
Platform9 Managed Kubernetes has upgraded the Kubernetes version from 1.11.7 to 1.12.6. You can find more info on this version, along with its various features, in the Kubernetes 1.12 CHANGELOG.
Clusters can be upgraded to this version by using the “Upgrade Cluster” button in the Clusters view of the Infrastructure page of the Platform9 Clarity UI.
We highly recommend administrators upgrade their clusters at the earliest convenience and within 15 days of the release of new Platform9 Managed Kubernetes versions.
Note: The patched runc requires a newer kernel with O_TMPFILE flag to work. We have verified that the patched runc binary works with CentOS Releases 7.4 and above. For more information see https://github.com/opencontainers/runc/issues/1979.
2. VMware Cloud Provider for Managed Kubernetes
This release introduces support for VMware as a Managed Kubernetes Cloud Provider. This enables administrators to deliver an enterprise-grade Kubernetes service on VMware with zero-touch upgrades, multi-cluster operations, monitoring, RBAC, and much more.
You can find more info on our VMware support, along with its various features, here: The Industry’s First Managed Kubernetes Service on VMware.
3. Support for Dynamic Kubelet Configuration
This feature enables administrators to configure kubelet options dynamically via the Kubernetes API server. This adds flexibility and accountability to configuration of kubelet on nodes.
In lieu of an out of the box solution for this, these are the required steps to enable this manually: Kubelet Reconfiguration Steps. Platform9 automates this configuration when creating a cluster on supported cloud providers, from bootstrapping the kubelet with a config file, to patching the node object in Kubernetes to reference the associated ConfigMap.
4. Token-based Authentication support for UI and CLI
Platform9 has added support for token-based authentication in Managed Kubernetes. Token-based authentication offers an alternative, secure method for authenticating to Kubernetes clusters, in addition to the current user/password authentication method.
5. Deprecation of Heapster
Kubernetes 1.12 removes the option to install Heapster via the Kubernetes setup script. The Kubernetes community plans to fully deprecate Heapster by version 1.13. In preparation for this change, Platform9 Managed Kubernetes has removed Heapster in accordance with upstream developments and the move towards deprecation in version 1.13.
See the Heapster Deprecation Timeline for more information regarding upstream Kubernetes’ deprecation and removal plans.
6. Support for Metrics Server 0.3.1
As part of the Kubernetes 1.12 upstream release, users are now able to leverage a newer version of Metrics Server that has become GA. With the new version, installation scripts are now able to take advantage of the newer templating feature for command options that can be specified during installation (as opposed to hard coded values).
7. Bug fixes and Improvements
This release contains several performance optimizations, and bug fixes, which should result in a better user experience for your Platform9 cloud platform. Some significant ones are listed below.
Disabled the read-only port on kubelets in accordance with best practices for securing clusters. See https://github.com/kubernetes/kubernetes/pull/59666 for more details.
Removed issues with gathering metrics from kubelets that have anonymous access.
Boot from Volume enhancements on OpenStack Cloud providers to ensure the OpenStack Cloud Provider reliably boots Instances from volumes during Kubernetes cluster creation. This improves how Instances are handled and managed by the underlying OpenStack provider, offering better flexibility for Instance migration and high availability.
Platform9 Managed OpenStack
1. Heat and Murano projects upgraded to Pike release
The OpenStack Orchestration (Heat) and Application Catalog (Murano) projects have been upgraded to the Pike release. These updates bring a number of new features, critical bug fixes, and stability enhancements.
Refer to Heat or Murano’s release notes for more information.
2. Security Group improvements for OpenStack Omni with AWS
The 3.9 release notes highlighted several limitations pertaining to the discovery and management of Neutron security group with OpenStack Omni on AWS.
Those issues have been resolved as of this 3.10 release.
Omni now correctly discovers security groups assigned to an Instance.
Changing a Security Group of an instance after it has been created from OpenStack now propagates the change to EC2.
AWS allows associating multiple CIDR address ranges with a single security group rule. In contrast, OpenStack only permits associating a single CIDR with a given security group rule. This release improves support in Omni for discovering and managing AWS security group rules from OpenStack by better accommodating the implementation differences between the two platforms.
3. Enhancements to Virtual Machine High Availability (VM HA)
VM HA now utilizes secure communication between Consul cluster members by encrypting network traffic.
In addition, VM HA will now automatically reconcile changes between Host Aggregates in Nova and the Consul cluster. Previously, if a host was added or removed from a Host Aggregate it was necessary to disable and then re-enable VM HA on the Host Aggregate in order to reconcile the change within the cluster. This process is now handled automatically by the VM HA service.
4. CentOS 7.6 support
Platform9 3.10 has been validated on and fully supports CentOS 7.6. It is recommended to upgrade to this CentOS release only after updating Platform9 Managed OpenStack to version 3.10. With this update, we are discontinuing support for KVM hypervisors with Libvirt version older than 1.2.1 and Qemu version older than 1.5.3. Please upgrade these packages on your hypervisor after the Platform9 upgrade to 3.10. The recommended package versions for these are: Libvirt >= 1.2.9 and Qemu >= 2.1.0.
5. Bug fixes
This release also contains a number of bug fixes which should result in a better user experience for your Platform9 cloud platform! Some significant ones are listed below.
- The pf9-imagelibrary service reports the Ceph RBD image scheme as an unrecognized file location.
- Omni does not propagate Instance name changes from AWS to OpenStack.
- Clarity UI does not allow assigning floating IP addresses to load balancers or unbound Neutron ports.
- OpenStack Designate does not support more than one DNS server pool.
- Fixed issue with ceilometer agent consuming a high amount of memory on VMware appliances.
4. Known limitations
The stack update API in Heat may reset some of the properties on existing resources when the converge parameter is set to True in the request.
Creating a network from OpenStack containing URL unsafe characters e.g. ‘/’ in the network name will result in duplicate networks getting populated in OpenStack. Only one port group is created on vCenter.
March 14, 2019