Releases: flexkube/libflexkube
Releases · flexkube/libflexkube
v0.4.0
Changed
- e2e: Updated used sonobuoy version to v0.19.0.
- e2e/local-testing: use Terraform 0.13.
- Default Kubernetes version is now v1.19.0.
- As upstream Kubernetes deprecated hyperkube image, now each controlplane component
use individual images. As upstream does not publish kubelet images yet, new default kubelet image
is build from kubelet repository and available for pulling
fromquay.io/flexkube/kubelet
registry. - controlplane: static kube-apiserver now runs on host network and with
--permit-port-sharing=true
flag set to make use of binding with SO_REUSEPORT option, which eliminates the need of bootstrap
HAProxy and HAProxy container on self-hosted kube-apiserver pods. - e2e: use Helm v3.3.0.
- Updated Go dependencies to latest versions.
Removed
- e2e: Remove bootstrap API Load Balancer - it is no longer needed as since Kubernetes v1.19.0,
kube-apiserver is able to bind with SO_REUSEPORT, if--permit-port-sharing=true
flag is set.
v0.3.3
Fixed
- Fixed kubelet applying process panicking, when
WaitForNodeReady
istrue
andAdminConfig
is not specified. NowWaitForNodeReady
requiresAdminConfig
, as waiting action is executed
on the client side, similar to applying privileged labels to the node.
Changed
- Updated Calico to v3.16.0.
v0.3.2
Fixed
Version
parameter is now respected when managing Helm releases.- Helm release now exposes Helm's --wait option via
Wait
field. - Improved reliability of running conformance tests in e2e environment.
Changed
- Default Kubernetes version is now v1.18.8.
- Default HAProxy version is now v2.2.2.
- Default etcd version is now v3.4.13.
- linter: Updated golangci-lint to v1.30.0.
- conformance: Dpdated sonobuoy version to v0.18.5.
- e2e: Pinned Terraform version to allow running conformance tests on old versions
in the future. - e2e: pinned Kubernetes version and Helm charts versions to allow running conformance
tests on old version in the future. - Updated Golang version used on CI to 1.15.
v0.3.1
Added
flexkube
CLI will now print colored diff when configuration changes are detected.flexkube
CLI will now ask user for confirmation before deploying the resources, unless--yes
flag is set.flexkube
CLI now supports--noop
flag, which allows only checking if the configuration is up to date, without triggering the deployment.flexkube
CLI now supportsconatiners
sub-command for managing arbitrary groups of containers. This allows to also manage some extra containers not provided bylibflexkube
.pkg/kubelet
now supports waiting until node gets into ready state, ifWaitForNodeReady
flag is set totrue
.kube-apiserver
from static controlplane now use--target-ram-mb
flag to limit memory usage of bootstrap controlplane.
Fixed
- controlplane configuration won't be now validated, when
destroy: true
is specified. That allows removing entire configuration and running the deployment, which will then only validate the state of the deployment and remove all managed containers. This allows easy way of cleaning up when usingflexkube controlplane
command. - All certificates generated by PKI has now
SubjectKeyID
set. PeerCertAllowedCN
is now correctly used inetcd
when it's explicitly defined, which should fix TLS connectivity issues in some setups.- Fixed Helm release resource creating resources in the wrong namespace.
flexkube_helm_release
no longer leaks kubeconfig and values into plan, as they may contain sensitive information.
Changed
- New website with user documentation is now available at flexkube.github.io. The documentation is not complete yet, but it's already better than existing documentation.
kube-proxy
and TLS bootstrapping rules are now installed using separate Helm Charts. This is because in case of managed cluster, those components must be installed on the target cluster, not on management cluster. It also allows specifying multiple bootstrap tokens, for example per kubelet pool.- Improved the documentation of all Go packages.
- Updated Helm binary in
e2e
tests tov3.2.3
andsonobuoy
binary tov0.18.4
. - Updated all Go dependencies to latest versions.
- Updated default Kubernetes version to
1.18.6
. - Updated default HAProxy version to
2.2.0
. - Updated default etcd version to
3.4.10
. - Mountpoints for containers are now created with
0700
permissions by default to increase security and satisfy etcd requirements. Existing users should make sure that/var/lib/etcd/*
directories has0700
permissions, otherwise etcd won't start after the upgrade.
v0.3.0
Added
- Added new
flexkube
CLI binary, which allows to manage multiple resources with the same configuration file. It replaces oldetcd-cluster
,controlplane
,api-loadbalancers
,kubelet-pool
andpki-generator
binaries. - Added
PKI
resource, which allows generating all certificates required for cluster using Go API, as Terraformflexkube_pki
resource or usingflexkube pki
command. This replaces terraform-root-pki, terraform-etcd-pki and terraform-kubernetes-pki Terraform modules. - Controlplane, etcd and kubelet-pool resources have now PKI resource integration with extra PKI field, so certificates no longer need to be generated externally and provided in configuration. This should simplify the use of CLI tools and Go API.
- SSH transport method now automatically integrates with
ssh-agent
ifSSH_AUTH_SOCK
environment variable is set. This allows using this transport method without any credentials configured.
Fixed
- Constant diff in
containers-runner
andflexkube_containers
resources caused by wrong JSON struct tags. - When removing containers in
restarting
state, they will also be stopped before removing. Before, restarting containers requires manual stop to be removed. - Bunch of typos.
Changed
- Improved error messages when resource has no instances configured.
- Updated all dependencies to latest versions to fix installing using
go get
. - Updated
sonobuoy
to0.18.1
. - State files are now created with
0600
permissions. - Updated
golangci-lint
to1.27.0
. - Kubelet now use structured configuration instead of kubeconfig-like string field for bootstrap and administrator kubeconfig fields.
e2e
testing environment now use new PKI resource.- Terraform provider unit tests no longer requires
tls
provider and all run in parallel, so they should be a bit faster to execute. - Updated default
etcd
version to3.4.9
. VolumePluginDir
andNetworkPlugin
fields now use default values for Kubelet and Controlplane resources, to minimize the default configuration required from the user.
Removed
- Removed
etcd-cluster
,controlplane
,api-loadbalancers
,kubelet-pool
andpki-generator
binaries, replaced byflexkube
.
v0.2.2
Added
- It is now possible to configure extra mounts for kubelet container via extraMounts/extra_mount parameters
- etcd is now ready for enabling RBAC
- local-testing environment now generates script for enabling etcd RBAC
Fixed
- HAProxy now use HTTPS for probing kube-apiserver to avoid extensive logging of TLS handshake errors
- HAProxy configuration no longer generates warnings
- Fixed destroying flexkube_controlplane resource
- It is now possible to add and remove nodes in local-testing environment
Changed
- Default Kubernetes version is now 1.18.2
- Default HAProxy version is now 2.1.4
- Default etcd version is now 3.4.7
- Improved validation rules of controlplane. Now state from previous deployments will be validated as well.
v0.2.1
Fixed
- libvirt worker nodes now use correct ignition config, not controller ones
- e2e/libvirt - reduce reserved RAM on worker nodes to 100Mi
- terraform: fix reporting inconsistent plan when config files changes
- adding and removing etcd members
- adding and removing controller nodes in e2e environment does not cause inconsistent plan anymore
v0.2.0
Changelog
Added
- Support for adding and removing etcd members (#28)
- libvirt as local testing environment (#34)
- Project logo and Certified Kubernetes logo (#36)
- Enabled NodeRestriction admission plugin (#35)
- Added support for specifing user and group when running containers (#57)
- Self-hosted and bootstrap kube-apiserver instances can now run in parallel, by adding a HAProxy load balancer
in front of them, which use SO_REUSEPORT socket option. This also allows to do graceful upgrades of self-hosted
kube-apiserver pod, as more than 1 instance can run in parallel on a single controller node. This prevents self-hosted
instance from crashing until bootstrap one is stopped. (#59) - Show diff when applying changed from CLI tool (#65)
- Support for running mutationt tests
- Enabled PSP admission and added policies for all controlplane workloads
- Deploy metrics-server for local-testing and e2e environments
- hosts can now forward TCP connections
Changed
- Updated golangci-lint to 1.23.8 (#31, #32, #68)
- Fixed all code smells reported by Code climate (#50)
- Re-enabled dupl and golint linters (#76, #69)
- Migrated Terraform resources to use native schema, show nice diffs to the users and trigger resource updates
if configuration or conditions changes. - Terraform provider now can correctly destroy all the resources (#78, #82)
- Improved idempotency of both CLI tools and Terraform provider. Now if any action fails, all already build state
will be persisted, so once configuration or external conditions are fixed, user can proceed with the deployment (#42) - Splitted README.md into smaller documents and added ToC for all of them (#87)
- Updated default Kubernetes version to 1.17.4
- Improved overall unit test coverage
- Improved quality of unit tests for some packages with mutation testing
- Updated default HAProxy version to 2.1.3
- Migrated Terraform provider to use terraform-plugin-sdk
- Bootstrap controlplane and API load balancers now run as unprivileged users
- Updated default etcd version to 3.4.4
- Kubelet now creates cgroup per QOS
- Kubelet now registers system reserved and kube reserved resources
- Kubelet now shares /run/xtables.lock with host to prevent races with kube-proxy
- All CLI tools now use generic code
- Re-enabled all linter warnings, which are disabled by default in golangci-lint and fixed found warnings
- update sonobuoy binary to 0.17.2 when running conformance tests in e2e environment
- Terraform code is now shared between local-testing and e2e environments when possible
- kube-apiserver will now validate kubelet's serving certificate
- Updated used Go version to 1.14
Removed
- .gitlab-ci.yml file, as it was added only experimentally and it was not used
- Image and Name fields from ContainerStatus, as they were not used
Fixed
- When creating configuration files with Docker, they will have correct modification time now (#55)
- Trigger container updates when runtime configuration changes (#70)
- Removing containes will now properly remove all of them, not just first one (#75)
- Before doing actions on Helm releases, we will now make sure that API is reachable and ready. That fixes
flaky cluster deployments (#84) - Etcd cluster now properly handles members with specified manual names
- containers won't be started, if they do not exist
- Docker runtime now properly finds if the image is pulled, even if image is not tagged
- containers will now be removed before they are upgraded to avoid conflicts
- containers which has updates pending will no longer be started, this allows to update containers with bad configuration
- Fixed reading status of config files to prevent unnecessary updates
- containers which are stopped won't be stopped before removing