Release notes
1.19+ck2 Bugfix release
November 27th, 2020 - charmed-kubernetes-545
Fixes
A list of bug fixes and other minor feature updates in this release can be found at https://launchpad.net/charmed-kubernetes/+milestone/1.19+ck2.
1.19+ck1 Bugfix release
November 20th, 2020 - charmed-kubernetes-541
Fixes
A list of bug fixes and other minor feature updates in this release can be found at https://launchpad.net/charmed-kubernetes/+milestone/1.19+ck1.
1.19
September 30th, 2020 - charmed-kubernetes-519
Before upgrading, please read the upgrade notes.
What's new
- IPv6 support
This release of Charmed Kubernetes can now enable the alpha IPv6 dual-stack or
beta IPv6-only support in Kubernetes by using IPv6 CIDRs in addition to or
instead of IPv4 CIDRs in the Kubernetes Master charm's service-cidr
and the
Calico charm's cidr
charm config.
More information can be found in Using IPv6 with Charmed Kubernetes, including limitations and known issues.
- CIS benchmark compliance
Charmed Kubernetes is now compliant with the Center for Internet Security (CIS)
benchmark for Kubernetes. Significant changes to the kubernetes-master
and
kubernetes-worker
charms have been made to achieve this. Find more information
about these changes, running the benchmark, and analyzing test results in the
CIS compliance for Charmed Kubernetes documentation.
- Authentication changes
File-based authentication is not compliant with the CIS benchmark. Charmed Kubernetes
now deploys a webhook authentication service that compares API requests to Kubernetes
secrets. If needed, any existing entries in previous authentication files
(basic_auth.csv
and known_tokens.csv
) are migrated to secrets during the
kubernetes-master
charm upgrade.
More information about this new service can be found in the Authorisation and Authentication documentation.
- New Calico configuration options
The new veth-mtu
setting allows fine tuning of the MTU setting for optimum
performance on the underlying network. See the
Calico documentation for more details and recommendations, and
the Calico charm docs for information on how to set this
configuration.
Calico and related charms (Canal, Tigera Secure EE) also have a new
ignore-loose-rpf
configuration option. By default, for security, these charms check
that the kernel has strict reverse path forwarding set (net.ipv4.conf.all.rp_filter
set to 0
or 1
). In some circumstances you may need to set this to 2, in which case
you can now set ignore-loose-rpf=true
to ignore the check.
- Ubuntu 20.04
The default operating system for deployed machines is now Ubuntu 20.04 (Focal). Ubuntu 18.04 (Bionic) and 16.04 (Xenial) are still supported.
- MetalLB Operator
MetalLB offers a software network load balancing implementation that allows for LoadBalancing services in Kubernetes. This bundle has been made available in the Charm Store to be deployed along Charmed Kubernetes, MicroK8s, or any Kubernetes supported by Juju. This operator deploys upstream MetalLB in layer 2 mode. The BGP mode of upstream MetalLB is not supported yet. For more information about deploying and operating MetalLB, please see the MetalLB documentation.
- SR-IOV CNI
A new SR-IOV CNI addon has been made available for Charmed Kubernetes. Using SR-IOV CNI, it is now possible to take network interfaces that are SR-IOV Virtual Functions and attach them directly to pods. For more information, see the new SR-IOV CNI documentation.
For a full list of the changes introduced in Kubernetes 1.19, please see the upstream release notes
Component upgrades
- addon-resizer 1.8.9
- ceph-csi 2.1.2
- cloud-provider-openstack 1.18.0
- coredns 1.6.7
- kube-state-metrics 1.9.7
- kubernetes-dashboard 2.0.1
- nginx-ingress 0.31.1
Fixes
A list of bug fixes and other minor feature updates in this release can be found at https://launchpad.net/charmed-kubernetes/+milestone/1.19.
Notes / Known Issues
The
insecure-bind-address
andinsecure-port
options tokube-apiserver
have been removed in this release. Usingjuju run
withkubectl
to interact with the cluster now requires an explicit--kubeconfig <file>
option:```bash juju run --unit kubernetes-master/0 'kubectl --kubeconfig /root/.kube/config get nodes' NAME STATUS ROLES AGE VERSION ip-172-31-10-19 Ready <none> 71m v1.19.0 ```
The webhook authentication service included in this release runs on port 5000 of each kubernetes-master unit. Ensure this port is available prior to upgrading.
Additional known issues scheduled for the first 1.19 bugfix release can be found at https://launchpad.net/charmed-kubernetes/+milestone/1.19+ck1
Deprecations and API changes
For details of deprecation notices and API changes for Kubernetes 1.19, please see the relevant sections of the upstream release notes
Previous releases
Please see this page for release notes of earlier versions.
See the guide to contributing or discuss these docs in our public Mattermost channel.