Current Series Release Notes¶

New Features¶

• Add coredns_tag label to control the tag of the coredns container in k8s_fedora_atomic. Taken from https://hub.docker.com/r/coredns/coredns/tags/ Since stein default to 1.3.1

• Add nginx as an additional Ingress controller option for Kubernetes. Installation is done via the upstream nginx-ingress helm chart, and selection can be done via label ingress_controller=nginx.

• Now the fedora atomic Kubernetes driver can support rolling upgrade for k8s version change or the image change. User can call command openstack coe cluster upgrade <cluster ID> <new cluster template ID> to upgrade current cluster to the new version defined in the new cluster template. At this moment, only the image change and the kube_tag change are supported.

• Added label traefik_ingress_controller_tag to enable specifying traefik container version.

• Using Node Problem Detector, Draino and AutoScaler to support auto healing for K8s cluster, user can use a new label “auto_healing_enabled’ to turn on/off it.

  Meanwhile, a new label “auto_scaling_enabled” is also introduced to enable the capability to let the k8s cluster auto scale based its workload.

• Support multi DNS server when creating template. User can use a comma delimited ipv4 address list to specify multi dns server, for example “8.8.8.8,114.114.114.114”

• A new API endpoint <ClusterID>/actions/upgrade is added to support rolling upgrade the base OS of nodes and the version of Kubernetes. More details please refer the API Refreence document.

Known Issues¶

• With the new config option keystone_auth_default_policy, cloud admin can set a default keystone auth policy for k8s cluster when the keystone auth is enabled. As a result, user can use their current keystone user to access k8s cluster as long as they’re assigned correct roles, and they will get the pre-defined permissions defined by the cloud provider.

• There is a known issue when doing image(operating system) upgrade for k8s cluster. Because when doing image change for a server resource, Heat will trigger the Nova rebuild to rebuild the instnace and there is no chance to call kubectl drain to drain the node, so there could be a very minior downtime when doing(starting to do) the rebuild and meanwhile a request is routed to that node.

• Minion is not a good name for k8s worker node anymore, now it has been replaced in the fedora atomic driver with ‘node’ to align with the k8s terminologies. So the server name of a worker will be something like k8s-1-lnveovyzpreg-node-0 instead of k8s-1-lnveovyzpreg-worker-0.

Bug Fixes¶

• The coe_version was out of sync with the k8s version deployed for the cluster. Now it is fixed by making sure the kube_version is consistent with the kube_tag when creating the cluster and upgrading the cluster.

• Fixed an issue that applications running on master nodes which rely on network connection keep restarting because of timeout or connection lost, by making calico devices unmanaged in NetworkManager config on master nodes.

• Traefik container now defaults to a fixed tag (v1.7.10) instead of tag (latest)

New Features¶

• Added monitoring_enabled to install prometheus-operator monitoring solution by means of helm stable/prometheus-operator public chart. Defaults to false. grafana_admin_passwd label can be used to set grafana dashboard admin access password. If grafana_admin_passwd is not set the password defaults to prom_operator.