KubeCF Release v2.2.1
WARNING: only sequential upgrades are supported.
Enhancement(s)
- New
sample-values.yamlwith only REQUIRED values uncommented #857
Bug Fix(es)
- Using correct prefix for encryption key labels #853 (please read Upgrade Instructions below before upgrading from v2.2.0)
- Bumped nginx proxy-body-size to 64M #833
- Autoscaler now uses internal URL for cloud controller #870
- Ensure patches are applied when pods or containers unexpectedly go away #873
Dependencies
| Name | Version | Description |
|---|---|---|
| cf-operator | 4.5.6+.gffc6f942 | Processes BOSH deployments. Maps them to kube objects |
Upgrading from KubeCF v2.2.0
Warning: KubeCF will no longer prefix encryption key labels with the ccdb_key_label_. This has no impact on new installations, but upgrades from v2.2.0 will require matching references to the encryption key labels (pre and post-upgrade).
For example, the default values for ccdb.encryption.rotation in v2.2.0 are:
ccdb:
encryption:
rotation:
# Key labels must be <= 240 characters long. Each label will be prepended with the
# "ccdb_key_label_" value.
key_labels:
- encryption_key_0
current_key_label: encryption_key_0
The key_label was transformed to ccdb_key_label_encryption_key_0 during installation, so upgrades from v2.2.0 will require the following settings in your helm values:
ccdb:
encryption:
rotation:
key_labels:
- ccdb_key_label_encryption_key_0
current_key_label: ccdb_key_label_encryption_key_0
These matching values for key_labels and current_key_label must be kept for all subsequent upgrades. Without them, the cloud controller will not be able to decrypt its database after upgrade.
If you have manually rotated the encryption keys in KubeCF, use the key_labels value that is currently set for current_key_label during the upgrade and for subsequent upgrades.