Skip to content
This repository has been archived by the owner on Feb 10, 2022. It is now read-only.

kubo-release 0.14.0
Compare
Choose a tag to compare
@cf-london cf-london released this 20 Feb 14:52
· 477 commits to master since this release
v0.14.0
5fd5b71
  • Kubernetes v1.9.3 -- cloudfoundry-incubator/kubo-release#176.
  • Flannel v0.10.0 -- cloudfoundry-incubator/kubo-release#169.
  • BOSH DNS v0.2.0 -- cloudfoundry-incubator/kubo-deployment#261.
  • GOVC v0.16.0.
  • Golang v1.9.4.
  • BOSH Stemcell v3541.4.
  • CFCR can now be deployed on an environment paved by BBL -- story.
  • Exposed OpenID authentication properties -- cloudfoundry-incubator/kubo-release#101.
  • logging-level BOSH property can be used to control the logging level of kube-proxy -- cloudfoundry-incubator/kubo-release#163.
  • HTTP(s) Proxy BOSH properties will be used for Kubernetes interactions with the IaaS -- cloudfoundry-incubator/kubo-release#130.
  • Nodes can now be deployed across multiple AZs on GCP -- story.
    • Nodes get tagged appropriately by Kubernetes to ensure that workloads are properly spread across AZs.
  • System workloads are now applied as part of the apply-addons BOSH errand -- story.
    • System workloads have been a cause of many deployment issues.
  • Enabled the API server audit logs -- story.
    • Audit logs can be disabled if the kube-apiserver.enable_audit_logs BOSH property is set to false.
  • Disabled the read-only port in the Kubelet -- story.
  • Disabled cAdvisor in Kubelet -- story.
  • Disabled the security context manipulation when privileged containers are off -- story.
  • The API server will not try to fix malformed requests anymore for security reasons -- story.
  • The API Server will clean up terminated pods more often to avoid running out of disk space -- story.
  • The API server will unmount volumes of terminated pods for security reasons -- story.
  • Most BOSH jobs switched to use BPM -- story.
    • From the BPM readme: "[BPM] crucially provides a security barrier such that if one of the jobs on your machine is compromised then the incident is limited to just that job rather than all jobs on the same machine".
  • OpenStack: Exposed cloud-provider.openstack.ignore-volume-az BOSH property for the OpenStack Cloud Provider -- cloudfoundry-incubator/kubo-release#166.
  • OpenStack: Exposed region BOSH variable for the OpenStack Cloud Provider -- cloudfoundry-incubator/kubo-deployment#262.
  • Fix: UAA credentials and vCenter passwords are now redacted in BOSH logs -- story.
  • Fix: to ensure that workers will pick the correct node name during rolling upgrades -- cloudfoundry-incubator/kubo-release#170.
  • Fix: to ensure that nodes get properly drained before they stop, in order to minimize workload downtime during a rolling upgrade -- story.
  • vSphere Fix: vCenter password with special characters (&, #, etc) can now be used with CFCR without breaking the deployment -- story.
  • Experimental: An ops-file can now be used in conjunction to the kubo-deployment in order to experiment with the multi-master setup -- story.
Assets 3
Loading