v1.22¶
27 Jan, 2023
Important
Customers must upgrade to the latest version of the base blueprint (v1.22) with their cluster blueprints to be able to use many of the new features described below. Customers must upgrade to the latest version of the RCTL CLI to use the latest functionality.
Amazon EKS¶
Kubernetes v1.24¶
New EKS clusters can now be provisioned based on Kubernetes v1.24. Existing clusters managed by the controller can be upgraded "in-place" to Kubernetes v1.24. Watch a video showcasing provisioning a new EKS cluster based on Kubernetes v1.24 and in-place upgrade of an EKS cluster to v1.24.
Windows - Managed Node Groups¶
Managed node groups based on Windows can now be added to EKS clusters managed by the controller.
- On Kubernetes v1.24 or higher, the Windows based managed node group will require the use of containerd CRI.
- Note that in-place upgrades of Windows AMI node groups can take substantially longer relative to Amazon Linux or Bottlerocket based AMIs.
Azure AKS¶
Takeover Lifecycle Management¶
The platform can now takeover lifecycle management of existing/brownfield AKS clusters. The takeover operation can be performed either during the "import" step (Day-1) or after the cluster has been imported (Day-2).
GitOps with Write Back to Git¶
Users can configure the platform to continuously sync cluster specifications for AKS with a Git repo. Changes can be made in a bi-directional manner.
- If the cluster spec is updated in the Git repo, the platform will update the downstream AKS cluster to bring it to desired state
- If the AKS cluster's state is modified by an authorized user using the UI or CLI, the changes are written back automatically to the configured Git repository
Google GKE¶
A number of bug fixes and enhancements have been implemented to streamline the provisioning and lifecycle management workflows.
Bare Metal and VMs¶
Managed Add-On Updates¶
Critical components such as CNIs, Consul, etcd, OpenEBS and containerd have been updated to latest versions for cluster provisioning.
VMware¶
Static IP for Gateway¶
The gateway can now be configured and deployed using a static IP address.
Custom Node Sizing¶
Cluster administrators can now customize and configure the resources associated with nodes associated with the control plane and nodes.
Imported Clusters¶
Helm Chart based Import¶
In addition to the bootstrap Kubernetes YAML based import process, customers can now import existing clusters into their Orgs using an official Helm Chart with a custom "values.yaml" file.
Cluster Blueprints¶
Managed Add-On Updates¶
Managed add-ons have been updated to later versions to ensure that vulnerability scans pass successfully.
Grouping and Search¶
Infrastructure admins can configure and assign labels for add-ons. They can use these labels to "group" and "search" for add-ons quickly and efficiently.
Policy Management¶
Support for Kubernetes v1.25¶
The OPA Gatekeeper managed add-on has been updated to support clusters on Kubernetes versions v1.25 and later. Kubernetes v1.25 and higher require OPA Gatekeeper v3.10 or higher.
Installation Profiles¶
Customers can now specify the version of OPA Gatekeeper as part of an installation profile for the policy management managed add-on.
Secrets Management¶
AWS Secrets Manager Integration¶
The integration with AWS Secrets Manager has been enhanced. The Secret Provider for the AWS Secrets Manager Integration can now be shared with select/all projects in the Organization. This allows organizations to configure this integration centrally once and reuse it across various business units and teams spanning different projects.
Secret Store configuration¶
Users can now control the list of clusters to which a "secret store" configuration update is applied to.
Audit Logs¶
Performance Improvements¶
APIs to access the central audit logging system have been optimized for scale and performance. When admins export audit logs, a maximum of 10,000 rows/records are returned. Admins are recommended to use the provided filters to zero in on
Cost Management¶
Automation - CLI and Terraform¶
Users can now configure and manage "chargeback groups" using the RCTL CLI or the Terraform provider.
Summary Reports¶
The platform now provides users with the ability to create "summary/aggregate" reports based on projects, clusters, namespaces or labels.
Catalog¶
Additions to System Catalog¶
The System Catalog has been updated to add support for the following repositories.
| Category | Description |
|---|---|
| Secrets Management | Secrets Store CSI driver |
Bug Fixes¶
| Bug ID | Description |
|---|---|
| RC-21285 | Unable to assign the role of workspace read only to group association using Terraform |
| RC-22228 | Unable to get secret store list using RCTL |
| RC-12755 | No user feedback when pipeline stops working due to Git access credentials expiry or revocation |
| RC-21429 | UI: Unable to simultaneously unshare/share clusters with projects |
| RC-22365 | Cluster labels are not included in the cluster config |
| RC-21473 | EKS cluster failed to upgrade Windows node group with error "failed to terminate node" |
| RC-21751 | values.yaml in override config is getting trimmed by 4 characters if it is ending with hyphen and two letters |
| RC-21325 | Cannot set/change CloudWatch's log retention on EKS clusters |
Upcoming Previews¶
Info
Select new features and enhancements will be initially available to customers and partners in our Preview environment. Review the Previews page to learn about upcoming previews.