1.18+ck2 Bugfix release
August 12, 2020 - charmed-kubernetes-485
Bug fixes included in this release can be found at https://launchpad.net/charmed-kubernetes/+milestone/1.18+ck2.
1.18+ck1 Bugfix release
June 11, 2020 - charmed-kubernetes-464
Before upgrading from 1.17 or earlier, please read the upgrade notes.
- New options for custom TLS data in container runtime charms
All container runtime subordinate charms now support a
option that can be used to specify a
base64 encoded Certificate Authority
(CA) certificate. The value set here will be installed as a system-wide
trusted CA. See the
for more details.
For users that require custom TLS configuration per registry, the
subordinate charm has expanded the
custom_registries config option to
cert_key. These can be set for each
custom registry to enable TLS without altering the system-wide trusted CAs.
for more details.
Both of the above options allow the container runtime located on
kubernetes-worker units to pull containers from a registry that utilizes
custom TLS certificates.
- New memory constraint for
Deploying Charmed Kubernetes now requires a minimum of 4GB of RAM for the
kubeapi-load-balancer. This addresses OOM errors reported in the
- Updated profile when deploying to LXD
An updated LXD profile has been included in
kubernetes-worker charms. This resolves an
where containers would fail to start in a LXD environment.
Bug fixes included in this release can be found at https://launchpad.net/charmed-kubernetes/+milestone/1.18+ck1.
April 13th, 2020 - charmed-kubernetes-430
Before upgrading, please read the upgrade notes.
New SSL options for default ingress controller
This release of Charmed Kubernetes introduces support for Multus, a CNI provider that makes it possible to attach multiple network interfaces to your pods.
Along the way, we've also updated existing charms to make it possible for multiple CNI providers to be deployed together in the same cluster.
Please note that while we are making Multus support available today, it is dependent on functionality in Juju that is not yet considered stable. For more details on the current state of Multus support in Charmed Kubernetes and how to get started, please refer to the Multus documentation page.
- CIS Benchmark 1.5.0
cis-benchmark action now supports version 1.5.0 of the CIS Kubernetes Benchmark.
See the CIS compliance page for information on
running this action on Charmed Kubernetes components.
- Containerd version hold
The version of containerd will now be held. This means that the version of containerd will not be upgraded along with the charm. To update containerd to the latest stable, currently 1.3.3, you can call the
upgrade-containerd action. For example:
juju run-action --wait containerd/0 upgrade-containerd
After completion, the results of the upgrade will be returned. Run this for each instance of the
containerd charm. The upgrades can be staggered to avoid downtime.
Many of the components in Charmed Kubernetes 1.18 have been upgraded. The following list highlights some of the more notable version changes:
- containerd 1.3.3 (see above
- coredns 1.6.7
- dashboard 2.0.0-rc5
- etcd 3.3.15
- openstack-provider 1.17
A list of bug fixes and other minor feature updates in this release can be found at https://launchpad.net/charmed-kubernetes/+milestone/1.18.
Notes / Known Issues
- Heapster, InfluxDB, Grafana addons have been removed from
Heapster was initially [deprecated][heapster-deprecation] in 1.11; users
were encouraged to move to the
metrics-server for similar functionality.
With 1.18, the
cluster-monitoring addons (Heapster, InfluxDB, and Grafana)
have been removed from the Kubernetes source tree and therefore removed from
cdk-addons snap as well. Customers relying on these addons should
migrate to a
metrics-server solution prior to upgrading. Note: these
removals do not affect the Kubernetes Dashboard nor the methods described in
Monitoring Charmed Kubernetes.
- Containerd cannot pull images from a registry with TLS mutual authentication
An issue with the
containerd charm prevents pulling images from a private
container registry when TLS mutual authentication is enabled. Where possible,
users can workaround this issue by disabling mutual authentication on the
registry. More details can be found in the following bug:
- New provisioner value for Cinder storage classes
The new version of the openstack-provisioner includes an upstream change
provisioner field for storage classes using Cinder. The
storage class will be automatically updated, but any manually created storage
classes will need to be edited and the
provisioner field changed to
cinder.csi.openstack.org. Existing volumes will be unaffected, but new
PVCs using those storage classes will hang until the storage class is updated.
Please see this page for release notes of earlier versions.