1.6.7-tectonic.1

Release tarball is available at https://releases.tectonic.com/tectonic-1.6.7-tectonic.1.tar.gz.
Release signature is available at https://releases.tectonic.com/tectonic-1.6.7-tectonic.1.tar.gz.asc.

Tectonic 1.6.7-tectonic.1 (2017-07-11)

• Updates to Kubernetes v1.6.7.
• Update operators are available to all users to power automated operations
• Reduced flapping of node NotReadystatus
  • Increased controller manager health time out to be greater than the TTL of the load balancer DNS entry
  • Kubernetes default of 40s is below the minimum TTL of 60s for many platforms

Console 1.7.4

• All tables have sortable columns
• Removed broken Horizontal Pod Autoscalers UI
• Adds autocomplete for RBAC binding form dropdowns
• Adds ability to edit and duplicate RBAC bindings
• Adds RBAC edit binding roles dropdown filtering by namespace
• Improved support for valueless labels and annotations

Tectonic Installer

• Installer will generate all TLS certificates for etcd
• Terraform tfvars are now pretty-printed

Upgrade Notes - Changes to affinity

When upgrading to Tectonic-1.6.6, we will make two additional changes to kube-scheduler and kube-controller-manager manifests besides bumping their image versions:

• Change the pod anti-affinity from preferredDuringSchedulingIgnoredDuringExecution to requiredDuringSchedulingIgnoredDuringExecution.
• Make the deployment replica counts = the number of master nodes.

These changes imply that if there is any master node goes down and never comes back during the upgrade,
the upgrade won't complete because there's not enough nodes to land the pods.

For example, if the number of master nodes is 5, and the kube-controller-manager (KCM) replica is 2,
then during the upgrade, the KCM will be scaled up to 5 replicas. In a normal day, they will be distributed to all master nodes. And on each master node, only 1 of them will be running.

However if a master node goes down due to some reason (as a result it will show up as NotReady in kubectl get nodes), then there will be 1 pod that can't be scheduled due to the pod anti-affinity requirement, so it will get stuck in Pending state and prevent upgrade from proceeding.

Luckily, this doesn't mean upgrading to Tectonic-1.6.6 is more fragile than before, because the DaemonSet rolling upgrade faces the same issue in previous versions when some node goes down. For more information and questions, your support team or the Tectonic Forum.

1.6.4-tectonic.1

Release tarball is available at https://releases.tectonic.com/tectonic-1.6.4-tectonic.1.tar.gz.
Release signature is available at https://releases.tectonic.com/tectonic-1.6.4-tectonic.1.tar.gz.asc.

Tectonic 1.6.4-tectonic.1 (2017-06-08)

• Updates to Terraform v0.9.6 (fixes some instances of terraform destroy not working).
• Updates to Kubernetes v1.6.4.
• Many components run as "nobody" instead of root.
• An option has been added to disable the creation of private zones.
• All resources are now tagged in AWS with the cluster id.
• A minimal IAM policy has been created.

Console 1.6.3

• CPU usage graphs now display usage instead of limits.
• Can now Create Role Bindings and many other supported resources.

Tectonic Channel Operator v0.3.4

• Requires signed payloads using the default CoreOS key.
• No longer creates components upon upgrade when they did not previously exist.

NOTES:

Upgrading to v1.6.4 requires that all nodes are running "Container Linux by CoreOS 1353.8.0 (Ladybug)" or greater. To inspect the Container Linux version on all nodes run:

kubectl get nodes -o wide

If any nodes are running older versions a reboot may resolve the issue.

The v1.6.4 upgrade will fail if this condition is not met with an error of the format: 'Updates are not possible : Upgrade is not supported: X of Y nodes' OS version are lower than the minimum required version "1353.8.0"'

If this error occurs:

1. Ensure that all nodes meet the minimum version requirements (see above).
2. Remove the "failureStatus" field and its children from the ThirdPartyResource using the following command:

kubectl edit appversion/tectonic-cluster -n tectonic-system

3. Retry the upgrade from the Tectonic Console.

1.6.2-tectonic.1

Release tarball is available at https://releases.tectonic.com/tectonic-1.6.2-tectonic.1.tar.gz.

Tectonic 1.6.2-tectonic.1 (2017-04-10)

Tectonic now uses Terraform for cluster installation. This supports greater customization of environments, enables scripted installs and generally makes it easier to manage the lifecycle of multiple clusters.

• Switches provisioning methods on AWS & Bare-Metal to Terraform exclusively.
• Adds support for customizing the Tectonic infrastructure via Terraform.
• Introduces experimental support for self-hosted etcd using its operator, and associated UI.
• Adds Container Linux Update Operator(CLUO).
• Updates to Kubernetes v1.6.2.
• Updates to bootkube v0.4.2.
• GUI Installer with Terraform on AWS and bare-metal.
• Segregates control-plane / user workloads to master / worker nodes respectively.
• API server-to-etcd communication is secured over TLS.
• Removes locksmithd, etcd-gateway.
• Enables audit-logs for the API Server.
• Removes final manual installation step of copying over assets folder.

Console

Role-based Access Control screens have been redesigned to make it easier to securely grant access to your clusters.

• Updates to Console v1.5.2.
• Adds binding name column to Role Bindings list pages
• Adds role binding name to fields searched by text filter
• Adds RBAC YAML editor
• Adds etcd cluster management pages

Dex

• Updates to Dex v2.4.1.
• Adds support for login through SAML and GitHub Enterprise.

Bug Fixes

• Fixes an issue where new nodes started automatically by auto-scalers would start with an outdated version of kubelet.