2022
v1.13¶
29 April, 2022
Important
Customers need upgrade to the latest version of the base blueprint (v1.13) with their cluster blueprints to be able to use many of the new features described below.
Upstream Kubernetes¶
Windows Worker Nodes¶
Support for seamless addition/removal of Windows worker nodes. Support for hitless, in-place Kubernetes upgrades for Windows worker nodes. With this enhancement, users can now provision and operate Upstream Kubernetes clusters with worker nodes based on multiple architectures.
- Linux/amd64 and/or
- Linux/arm64 and/or
- Windows/amd64 architectures
This allows for deployment and operations of heterogeneous application types on the same Kubernetes cluster enabling "consolidation of infrastructure". Users can containerize legacy Windows applications and deploy them to Kubernetes clusters enabling "acceleration of migration of legacy applications" to Kubernetes.
Click here for more details.
Watch a video showcasing the experience of adding a Windows Worker node to an existing cluster. You will also see what the user experience is to deploy and operate a Windows workload to the remote windows worker node.
Amazon EKS¶
CNI Custom Networking¶
Turnkey support for CNI custom networking for the AWS VPC CNI plugin enabling large enterprises to address CIDR block availability related issues for their AWS VPCs. More here and here.
Watch a video showcasing how to configure and provision an EKS cluster with custom networking.
Cluster Templates Enhancements¶
Cluster templates can now be shared across projects. Templates have been enhanced to support overrides for complex objects. Administrators can also now identify and list clusters based on a specific cluster template. More here
k8s 1.22¶
New Amazon EKS clusters can be provisioned based on Kubernetes 1.22. Existing clusters can be upgraded in-place to Kubernetes 1.22.
Watch a video showcasing the user experience of performing in-place upgrades of Amazon EKS clusters from k8s 1.21.x to 1.22.x
Clusters and Node Groups by AMI ID¶
Organizations can now use a Swagger API to quickly identify EKS clusters and node groups based on a specified "AMI ID" across all projects spanning multiple AWS accounts. Click here for more details.
Blueprints¶
Minimal Blueprint¶
The AWS node termination handler is no longer automatically deployed to EKS clusters when the "Minimal Blueprint" is used as the base blueprint. This allows organizations to bring their own customized versions of the AWS node termination handler as part of their cluster blueprints.
Disable Versions¶
Administrators can now enable/disable specific versions of a cluster blueprint. This prevents users from accidentally using outdated/deprecated versions of a blueprint. When a specific blueprint version is disabled, a visible warning and upgrade prompt is displayed on the cluster card for cluster administrators.
Dashboards¶
Create k8s Resources¶
Administrators are now provided with intuitive workflows to quickly and efficiently "create" ConfigMaps and Secret type of Kubernetes resources directly from the inline Kubernetes resources dashboard.
Click here to learn more.
Zero Trust Kubectl¶
Users are now shown connection establishment status on the web shell to the remote Kubernetes cluster (a) when they open it for the first time and (b) when the session expires.
GitOps¶
GitOps support has been added for the following resources: Role, Group and Cluster Overrides.
Bug Fixes¶
| Bug ID | Description |
|---|---|
| RC-14431 | RCTL CLI: Add node pool to AKS cluster having a custom Identity is showing as failure but node created |
| RC-14351 | Expose flags related to private GKE Cluster |
| RC-14428 | When creating new nodegroups in EKS, nodes are joining the cluster as aws-auth configmap is not updated with the IAM role |
| RC-14400 | Namespace admin user with “Infra ReadOnly” and/or “Cluster Admin” not able to exec to the pod |
| RC-14270 | When cloud watch logging is configured for EKS control plane in the spec, it's not getting enabled on the EKS |
| RC-13660 | Labels not showing on dashboard for some clusters |
Known Issues¶
Known issues are typically ephemeral and should be resolved in an upcoming patch.
| # | Description |
|---|---|
| RC-14769 | UI:Disabled BP version should not be there in the drop down list on update BP ->clusters |
| RC-14768 | Backend validation is not proper if enable/disable the BP version on shared BP |
| RC-14767 | UI: Enable/disable BP version option should not be there for shared BP |
| RC-14492 | Upstream k8s upgrade failed from v1.21.8 to v1.22.5 |
v1.12¶
01 April, 2022
Important
Customers need upgrade to the latest version of the base blueprint (v1.12) with their cluster blueprints to be able to use many of the new features described below.
Upstream Kubernetes¶
EKS-D Provisioning¶
Amazon EKS-D based Kubernetes cluster provisioning workflows have been streamlined and optimized. More here.
Managed Storage¶
In addition to existing Local PV and Distributed Storage (based on GlusterFS), customers can now use CNCF graduated Rook Ceph based distributed storage as a managed storage option. More here.
Important
Support for GlusterFS based distributed storage is now deprecated. It will be removed later in the year and users are encouraged to transition to the new Rook Ceph based managed storage option.
Amazon EKS¶
Wait Option for RCTL CLI based Infra Operations¶
A "blocking" wait option is now available in the RCTL CLI for "long running" infrastructure operations such as cluster provisioning, cluster scaling, addition and removal of nodes etc. More here.
Managed Node Group Upgrades with Custom AMI¶
Admins can now update managed nodegroups by specifying node-ami for custom AMIs.
Dashboards¶
Kubernetes Resources¶
The integrated Kubernetes resources dashboard (available for both cluster administrators and developers) now provides the means for authorized users to perform additional lifecycle operations for all k8s resources (Edit YAML, Download YAML, Describe) on remote clusters directly from the console.
Developers can use the "describe" option for their Ingress and PVCs to quickly verify if there are issues with the underlying Ingress Controller or PVs. More here.
Blueprints¶
Fleet Upgrades¶
Users can now perform controlled and automated upgrades of blueprints on a fleet of clusters. More here.
GitOps¶
Docker Form Factor for Agent¶
A Docker form factor for the agent (CD/Repository) is now available. This provides users the means to deploy the agent in their networks without the need for a k8s cluster. More here.
Policy Management¶
Centralized Aggregation of Violations¶
All policy (Managed OPA Gatekeeper) violations are automatically aggregated centrally at the controller and made available to administrators via intuitive dashboards, workflows and APIs. More here.
RCTL CLI¶
The RCTL CLI has been updated for users to fully automate the entire lifecyle of policy management for the integrated OPA Gatekeeper service. More here.
Important
Ensure the base blueprint for your cluster blueprints are updated to v1.12 or higher to experience the new functionality.
RBAC and SSO¶
Group Assignment for IdP Users¶
Admins can now use the RCTL CLI to progammatically assign IdP users to a Group allowing them to fully automate workflows. More here.
Integrations¶
HashiCorp Vault¶
In addition to using the web console, customers can now automate integration with Vault on managed clusters using the RCTL CLI. More here.
Terraform Provider¶
The terraform provider has been updated with intuitive examples and improved documentation.
Bug Fixes¶
| Bug ID | Description |
|---|---|
| RC-14026 | Modify self heal script on CentOS/RHEL to enforce "nameserver IP" to be present as first nameserver entry in /etc/resolv.conf but do not force it to be first line of the file |
| RC-13755 | Upstream Kubernetes cluster upgrades trying to from pull dev registry |
| RC-13746 | Clusters page in Web Console Fails to load in Safari browser |
| RC-13660 | Labels not showing on dashboard for some clusters |
| RC-13515 | Cannot select a custom AMI from UI |
| RC-11968 | Slack alerts sent from the customized, managed alert manager has the link pointing to localhost |
Known Issues¶
| # | Description |
|---|---|
| 1 | Volume expansion to add an additional storage device is currently not possible without a restart of the VM or the ceph operator |
| 2 | Ensure that all required storage devices are attached to the VM before cluster provisioning to ensure they are discovered and usable |
v1.11¶
25 February, 2022
Upstream Kubernetes¶
Kubernetes Versions¶
New upstream Kubernetes clusters can be provisioned based on Kubernetes v1.23. Existing upstream Kubernetes clusters on older versions can be upgraded to Kubernetes v1.23. Latest patch releases for Kubernetes v1.22, v1.21 and v1.20 are also available.
Important
We strongly encourage customers to upgrade their existing clusters to the latest Kubernetes patch releases.
Updated OVA and QCOW Images¶
Refreshed OVA and QCOW2 images for the pre-packaged clusters are now available with security updates and latest software images. More on OVA and on QCOW2.
Amazon EKS¶
Bottlerocket - Managed Node Groups¶
Support for provisioning and ongoing operations of managed node groups based on Bottlerocket AMIs.
List of In-Use AMI ID¶
Across the organization or the projects, authorized users can identify the list of the AMI Images associated with the node groups of EKS clusters. This helps to quickly detect the outdated AMI IDs and prioritize upgrades. More here.
Cluster Blueprints¶
Status and Progress¶
Decoupled status and progress for infrastructure and blueprint/addon during cluster provisioning for Amazon EKS and Azure AKS clusters (coming soon for upstream k8s provisioning!). This provides users with a detailed, fine-grained view into how things are progressing and allows them to quickly zero in on the specific issue causing failures. More here.
Decoupled Lifecycle for Managed Add-ons¶
Customers now have fine-grained control over how/when managed add-ons in custom blueprints are updated.
Change Log for Managed Add-on Versions¶
Customers have visibility into the change log of managed addons in base blueprint versions. This allows them to understand which add-on changed and when.
CLI for Charts and Values from Different Repos¶
The RCTL CLI has been enhanced to support addons with Helm charts and values.yaml files from different repositories. More here.
Important
Download the latest RCTL CLI to use the updated functionality
Dashboards¶
k8s Resource Dashboards¶
The embedded, inline k8s resource dashboards for both clusters (used by Ops/SRE users) and workloads (used by developers) have been streamlined for near real-time retrieval and presentation of data to users. More here and here.
Workloads¶
Status and Progress¶
The RCTL CLI has been enhanced with an “option” to provide detailed "status" and "progress updates" for associated k8s resources associated with a workload. Customers that embed RCTL CLI in their automation pipelines can now retrieve and present detailed workload deployment status and progress updates as part of their pipeline output to developers. More here.
Important
Download the latest RCTL CLI to use the updated functionality
Per Container Resource Sizing in Workload Wizard¶
The workload wizard has been enhanced to provide support for separate sizing options for container requests and limits. More here.
Mount same Volume to Multiple Paths¶
The workload wizard has been enhanced to support mounting the same volume to multiple paths as part of same workload. More here.
CLI for Charts and Values from Different Repos¶
The RCTL CLI has been enhanced to support Helm 3 workloads with charts and values.yaml files from different repositories. More here.
Important
Download the latest RCTL CLI to use the updated functionality
Integrations¶
Self-Signed Cert for Vault Integration¶
Customers can now use self-signed certificates for integration with HashiCorp Vault. More here.
Partner Operations Console¶
Create Org¶
In addition to programmatic ways to create and manage Orgs, Partner Admins can now also create and approve new Orgs directly using a workflow in the Partner Ops Console. More here.
Bug Fixes¶
| Bug ID | Description |
|---|---|
| RC-11020 | Support mounting same volume to multiple paths as part of same workload |
| RC-11968 | Slack alerts sent from the customized alert manager with Slack has the link point to localhost |
| RC-12120 | Swagger API: Add an API to provision nodegroup |
| RC-13229 | Use of keyword "dev" in the cluster name is causing issues with the auto heal script on MKS clusters |
| RC-13277 | Metrics server addon is not compatible with k8s1.22 |
| RC-13370 | Make the client secret in Azure Credentials a protected string |
| RC-13416 | OPA Template is missing when creating constraint |
| RC-13419 | OPA: Not able to upload new Constraint or Template |
| RC-13501 | Not able to add the EKS nodegroup with RCTL |
| RC-13545 | Not able to deploy data agents on an imported EKS clusters with AWS Credentials |
v1.10¶
28 January, 2022
Amazon EKS¶
Cluster Templates¶
For non-production environments, it can be extremely effective to "empower and enable" developers with the ability to provision and use infrastructure resources such as compute, network and clusters for testing and deploying their applications. However, typically Operations and Security teams also need control over "which infrastructure resources are created" and "where they are created" for various reasons like cost management, security policies and governance.
A cluster template for Amazon EKS
- Enables Ops/SRE teams to enable "self service" operations for cluster lifecycle operations to developers (cluster admin role) without losing control over governance and policy.
- Allows the Infrastructure admins to specify and ecncapsulate the freedom/restriction for infrastructure resource creation.
- Abstracts the details of the resource creation by exposing limited configuration for the user to deal with.
- Is a preset configuration that can be used to replicate infrastructure resources.
Note
Once a cluster is provisioned, organizations can use cluster blueprints to enforce and govern organizational policies for cluster wide software addons "inside" the Kubernetes cluster.
More here
RCTL for AWS Wavelength¶
The RCTL CLI now supports full lifecycle management of AWS Wavelength node groups using declarative cluster specs.
More here
Upstream Kubernetes¶
Hard Failure for DNS Preflight¶
Conjurer based provisioning will now block provisioning if collisions/conflicts are detected on the node with DNS preflight checks.
Dashboards¶
Cluster Dashboard¶
The cluster card in the web console has been enhanced to also display the number of nodes "by type" (master, worker).
Workloads¶
For Helm 3 workloads, developers can source chart and values.yaml files from different repositories. For example, the chart can be sourced from a public Bitnami repository and the "custom" values.yaml file can be sourced from a private Git repository.
Cluster Blueprints¶
Multiple Repos for Addons¶
For Helm 3 addons in a cluster blueprint, administrators can source the chart and values.yaml files from different repositories. For example, the chart can be sourced from a public Bitnami repository and the "custom" values.yaml file can be sourced from a private Git repository.
Status and Progress Enhancements¶
A significantly enhanced user experience for cluster blueprint updates on all cluster types.
Imported Clusters¶
Admins will have access to rich and detailed status and progress during the initial cluster import process into the controller.
Zero Trust Kubectl¶
Users with API only privileges cannot login into the web console. Currently, they can download their kubeconfig file programmatically using the RCTL CLI. Org Admin privileges can now download the kubeconfig file for users with "API only" privileges from the Web Console as well.
Vault Integration¶
The integration with HashiCorp Vault has been enhanced to support retrieval of "All secrets from the configured path" and (a) Render to a file or (b) Create environment variables. This enhancement enables users to retrieve all secrets in a single pass resulting in dramatically simplified workflows for the developer.
RCTL CLI Enhancements¶
Users of the RCTL CLI now have the option to wait and block for long running operations such as "namespace publish" and "workload publish". The wait and block operational approach can potentially help simplify the logic in a customer's automation pipeline.
Partner Operations Console¶
Disable Self Service Sign Up¶
White labeled partners that do not have an inhouse process to handle self service sign up workflows can now optionally request that self service sign up workflows be disabled.
Bug Fixes¶
| Bug ID | Description |
|---|---|
| RC-12863 | Email notifications are not being sent for approval stage |
| RC-12815 | Use non standard ports other than 8080, 8081 for running with hostNetwork true to avoid port conflict |
| RC-12807 | For EKS Spot nodegroup there is no default instance type specified in the UI |
| RC-12668 | Regression in vault integration with mounting vault-cacert for self-signed TLS vault server |
| RC-12572 | [EKS]:Calico CNI:prometheus: 2 api services rafay-prometheus-adapter and rafay-prometheus-metrics-server failed at discovery check( Need to put hostnetwork:true) |
| RC-11075 | Deploy backup agent fails when same cluster name available in different orgs |
| RC-10838 | For helm3 workload when just values file is modified and uploaded republish button is grayed out |