Kublr Release 1.22.0 (2021-12-31)

Kublr Quick Start

sudo docker run --name kublr -d --restart=unless-stopped -p 9080:9080 kublr/kublr:1.22.0

Follow the full instructions in Quick start for Kublr Demo/Installer.

The Kublr Demo/Installer is a lightweight, dockerized, limited-functionality Kublr Platform which can be used to:

• Test setup and management of a standalone Kubernetes cluster
• Setup a full-featured Kublr Platform

The Kublr Demo/Installer stores all of the data about the created clusters inside the Docker container. If you delete the Docker container you will lose all data about the created clusters and the Kublr platforms. However, you will not lose the clusters and the platforms themselves.

We recommend using the Kublr Demo/Installer to verify if a Kubernetes cluster can be created in your environment and to experiment with it. To manage a real cluster and experience all features, you can create a full-featured Kublr Platform in a cloud or on-premise.

Overview

The Kublr 1.22.0 release brings Kubernetes 1.22, upgraded NGINX Ingress controller and CertManager, and latest CNI plugins versions. All java components are updated to resolve CVE-2021-44228 Log4J 0-day vulnerability. It also includes Kublr Operator with CRD v1, and provides a number of other improvements and fixes.

Kublr feature Logging

A new elasticsearch index template kublr_logs is created and used instead of kublr-index-template in Kublr v1.22.0.

Important Changes

• New versions of Kubernetes

  • Kubernetes v1.22 support (v1.22.2 by default)

    Kublr 1.22 CNCF Kubernetes confirmance

• CNI plugins upgraded

  • calico: v3.20.1
  • flannel: v0.14.0
  • weave: v2.8.1

• CVE-2021-44228: Log4J 0-day Vulnerability fixed in all java components (CVE-2021-44228 Kublr Support article)

• Kublr feature ingress is upgraded for Kubernetes v1.22 support

  • Kubernetes NGINX controller automaticaly migrates to v1.1.0 (helm chart v4.0.10)

    This may affect the applications deployed to the managed clusters; please refer to NGINX Ingress Controller documentation to prepare for the upgrade.

  • Cert Manager automaticaly migrates to v1.5 (helm chart v1.5.3)

    To keep compatibility with older Kubernetes versions, cert-manager 1.5 is now compatible with both Ingress v1 and v1beta1. Please refer to Cert Manager release notes for more information

• Kublr feature KubeDB end of support (KubeDB is not supported in Kubernetes v1.22 and above)! Please plan the upgrade accordingly if Kublr KubeDB feature is used by the applications running in the cluster.

  • Kublr Keycloak PostgreSQL database is automaticaly migrated to Bitnami postgresql-ha helm chart v7.12.0
  • Kublr MongoDB database is automaticaly migrated to Bitnami mongodb helm chart v10.29.2

• DNS based URLs for Kublr feature components (Grafana/Kibana/Prometheus/Alertmanager) are migrated to sub-path by default:

  • kibana.kublr.example.com moved to kublr.example.com/kibana
  • grafana.kublr.example.com moved to kublr.example.com/grafana
  • prometheus.kublr.example.com moved to kublr.example.com/prometheus
  • alerts.kublr.example.com moved to kublr.example.com/alerts

• Kublr feature logging:

  • Use rollover policies and data streams
  • Fluentbit support (technical preview)

• vCloud Director improvements

  • Check load balancer and kubernetes api port IP is already in use for External IPs
  • Edge gateway network IP is selectable in UI
  • Customize VM root volume size

Improvements

• Upgrade patch versions of supported Kubernetes version

• Use OIDC oauth2-proxy instead of keycloak-proxy for all Kublr components

• Kublr Operator:

  • Helm istall timeout is now configurable
  • Helm v3.7.1 is used by default
  • Pre/post upgrade hooks executed before and after Helm upgrade

• Kublr shell:

  • use internal Kubernetes API address instead of public IP
  • text insertion from context menu
  • kubectl v1.19.14

• Kublr feature Monitoring:

  • Alert rules full customization support

• Kublr feature Logging:

  • Kublr API audit records are moved to Elasticsearch for storage (before the records were saved in MongoDB with optional export to AWS S3)
  • Configurable index names (https://docs.kublr.com/reference/centralized-log-collection/#feature-configuration-reference)
  • Use actual event timestamp for kublr components logs
  • Prometheus exporter upgraded
  • Kibana config: change searchguard.auth.type to proxy

• Kublr Agent

  • Remove wraper from etcd container
  • Improve SystemD docker and containerd services configuration

• AWS:

  • Cluster autoscaling controller restarts fixed
  • Use API requests for getting instance type information instead of static params
  • Enable deploying AWS clusters without automatically created IGW

• Azure:

  • Report additional information when Azure Location deployment failed

• Stability, Reliability and security

  • Cluster worker nodes RollingUpdate issue fixed
  • Cluster controller may stop tracking KCP when updating itself
  • CronJobs API moved to batch/v1
  • Kublr Operator supports new/old version of kublr-ingress-controller
  • PSP configurable for all Kublr features charts

• Various UI Improvements

  • Remove unavailable AWS instance types
  • AWS/GCP/Azure. Spec contains undefinedMB when cloning cluster with empty bootDiskSize
  • Catch possible exception when low privilege user is unable to load instance types
  • Interactive warnings about unsupported instance types
  • Using Yaml/JSON/TOML for cluster specification editor

Fixes

• User config file cannot be downloaded when default-ingress-certificate[ca.crt] is empty
• Kublr K8S API proxy issue if one of the masters is down
• Kublr Agent spams k8s audit log with authorization: forbid messages
• Agent issues warning that Ubuntu 20.04 is not supported
• Agent cannot create kublrnode CR before kubelet starts
• Kublr Operator: make clusterDNS value value available for Kublr features helm charts
• AWS: Credential should be scoped to a valid region
• vSphere
  • OpenVM tool VM initialising fix
  • Confusing error when all templates paths in spec are incorrect
  • etcd datastore visible when Regular Datastore Type selected after Storage DRS
  • Compute cluster antiafinity rules error
• Logging and Audit
  • fluentbit rabbitmq output plugin does not reconect to rabbitmq after disconnection and does not report error
  • nginx-proxy removed from Kibana pod
  • Minimal rights allow deleting index patterns in Kibana
  • Read-only user should have access to Kibana
  • Wrong ELK documentation on rate expression for alertmanager
• UI
  • Multiline strings are processed incorrectly in custom cluster spec editing window
  • Block KubeDB features installation in k8s >= v1.22.0
  • Cookie size increased
  • AWS. AZ added/deleted when increase/decrease count of minNodes
  • Azure Autoscaling controls are disabled in a cluster editing UI for existing clusters
  • CLI link is not visible for users with limited rights
  • Draining nodes cannot be disabled via UI

AirGap Artifacts list

Additionally, you need to download the BASH scripts from https://repo.kublr.com

• https://repo.kublr.com/repository/arc/controlplane/1.22.0/kublr-load-helm-1.22.0.sh
• https://repo.kublr.com/repository/arc/controlplane/1.22.0/kublr-controlplane-load-images-1.22.0.sh

You also need to download Helm package archives and Docker images:

• https://dl.kublr.com/controlplane/1.22.0/kublr-helm-1.22.0.tar.gz
• https://dl.kublr.com/controlplane/1.22.0/kublr-controlplane-images-1.22.0.tar.gz

Supported Kubernetes versions

v1.22

• https://repo.kublr.com/repository/arc/agent/1.22.2/kublr-agent-load-gobins-1.22.2-7.sh

• https://dl.kublr.com/agent/1.22.2/kublr-agent-1.22.2-7.tar.gz

• https://repo.kublr.com/repository/arc/agent/1.22.2/kublr-agent-load-images-1.22.2-7.sh

  (optional if the control plane 1.22.0 images are imported already)

• https://dl.kublr.com/agent/1.22.2/kublr-agent-images-1.22.2-7.tar.gz

  (optional if the control plane 1.22.0 images are imported already)

v1.21

• https://repo.kublr.com/repository/arc/agent/1.21.6/kublr-agent-load-gobins-1.21.6-23.sh
• https://dl.kublr.com/agent/1.21.6/kublr-agent-1.21.6-23.tar.gz
• https://repo.kublr.com/repository/arc/agent/1.21.6/kublr-agent-load-images-1.21.6-23.sh
• https://dl.kublr.com/agent/1.21.6/kublr-agent-images-1.21.6-23.tar.gz

v1.20

• https://repo.kublr.com/repository/arc/agent/1.20.12/kublr-agent-load-gobins-1.20.12-28.sh
• https://dl.kublr.com/agent/1.20.12/kublr-agent-1.20.12-28.tar.gz
• https://repo.kublr.com/repository/arc/agent/1.20.12/kublr-agent-load-images-1.20.12-28.sh
• https://dl.kublr.com/agent/1.20.12/kublr-agent-images-1.20.12-28.tar.gz

v1.19 (Deprecated in 1.23.0, End of support in 1.24.0)

• https://repo.kublr.com/repository/arc/agent/1.19.16/kublr-agent-load-gobins-1.19.16-58.sh
• https://dl.kublr.com/agent/1.19.16/kublr-agent-1.19.16-58.tar.gz
• https://repo.kublr.com/repository/arc/agent/1.19.16/kublr-agent-load-images-1.19.16-58.sh
• https://dl.kublr.com/agent/1.19.16/kublr-agent-images-1.19.16-58.tar.gz

v1.18 (End of support in 1.22.1)

• https://repo.kublr.com/repository/arc/agent/1.18.20/kublr-agent-load-gobins-1.18.20-34.sh
• https://dl.kublr.com/agent/1.18.20/kublr-agent-1.18.20-34.tar.gz
• https://repo.kublr.com/repository/arc/agent/1.18.20/kublr-agent-load-images-1.18.20-34.sh
• https://dl.kublr.com/agent/1.18.20/kublr-agent-images-1.18.20-34.tar.gz

Components versions

Kubernetes

Kublr Control Plane

Kublr Platform Features

Known issues and limitations

1. Kublr feature Ingress 1.22.0-5 included in Kublr 1.22.0 only supports Kubernetes v1.19 and above, so for Kubernetes v1.18 clusters please use Kublr feature Ingress 1.21.2-24 (the version can be overridded in the custom cluster spec).

2. Kublr feature KubeDB reaches end of support in Kublr v1.22.0 and is not supported on Kubernetes v1.22 and above. Please remove the feature from the cluster specification after Kublr Control Plane upgrade:

   spec:
     features:
       kubedb:
         enabled: false
   

3. When upgrading a Kubernetes v1.22, Kublr feature Ingress must first be upgraded to v1.22.0-5. If applications deployed to the cluster are using Kublr-managed ingress controller, review their ingress rules before upgrading and make sure that spec.ingressClassName proerty is set to nginx.

4. For Kublr Control Plane deployed on baremetal clusters it is recomended to skip Kublr 1.22.0 and migrate to Kublr v1.22.1 directly.

   If for any reason it is necessary to use Kublr v1.22.0, it is recomended to modify the cluster specification for the controlplane feature as follows on update:

   spec:
     featrures:
       controlplane:
         values:
           mongodb:
             initContainers:
             - name:  kublr-migrate-move-data-kubdb-to-bitnami
                   image: 'docker.io/bitnami/bitnami-shell:10-debian-10-r197'
                   command:
                   - /bin/bash
                   - -c
                   - |
                     if [[ ! -d /bitnami/mongodb/data/db ]] ; then
                       mkdir -p /bitnami/mongodb/data/db
                       ls /bitnami/mongodb/ -I data | xargs -i mv /bitnami/mongodb/{} /bitnami/mongodb/data/db/
                     fi
              volumeMounts:
              - mountPath: /bitnami/mongodb
                name: datadir
   

5. If fluentbit log collection is enabled, most audit records are rejected by elasticsearch and end up in the logstash dead letter queue.

   Fluentbit was introduced in preview mode and is disabled by default.

6. If Elasticsearch datastreams are enabled, then SearchGuard security rules must be updated by running the kublr-logging-sg-init cron job manually. The job will overwrite all custom SearchGuard configuration changes and customizations ( https://docs.kublr.com/logging/#roles-customization ).

   Elasticsearch datastreams functionality is disabled by default.