This repository has been archived by the owner on Jan 9, 2023. It is now read-only.
Releases: jetstack/tarmak
Releases · jetstack/tarmak
0.6.0-rc2
Release 0.6.0-rc2
0.5.4
Updated the Centos image due to CVE-CVE-2019-5736: a runc venerability that
enables container break-out,
details
Changed
- Upgrade Go to 1.11.4 (#680, @simonswine)
- Upgrade to Centos 7.6.1810 (#726, @simonswine)
Versions
| Application | Supported versions | Default |
|---|---|---|
| Packer | 1.0.2 |
|
| Terraform | 0.11.8 |
|
| Consul | 1.2.3 |
|
| Vault | 0.9.5 |
|
| Kubernetes | >= 1.9 && < 1.13 |
1.11.5 |
| Calico | 3.1.4 |
|
| Vault Helper | 0.9.13 |
|
| Etcd | 3.2.25 |
0.6.0-rc1
Release 0.6.0-rc1
0.6.0-alpha2
Release 0.6.0-alpha2
0.6.0-alpha1
Release 0.6.0-alpha1
0.5.3
More bugfixes...
Fixed
- Fix bug with kubectl/kubeconfig and public apiserver (#660, @MattiasGees)
- Make sure centos-puppet-agent-latest-kernel is booting into the right kernel (#658, @simonswine)
Versions
| Application | Supported versions | Default |
|---|---|---|
| Packer | 1.0.2 |
|
| Terraform | 0.11.8 |
|
| Consul | 1.2.3 |
|
| Vault | 0.9.5 |
|
| Kubernetes | >= 1.9 && < 1.13 |
1.11.5 |
| Calico | 3.1.4 |
|
| Vault Helper | 0.9.13 |
|
| Etcd | 3.2.25 |
0.5.2
Bugfix release to fix regression that come up in the 0.5 release branch.
Notably now hard coding the Centos release to 7.5. To avoid instability from a
new Centos minor version.
Changed
- Hardcode centos image release to 7.5.1804 (#649, @simonswine)
Fixed
- Override local kubeconfig if errors (#652, @JoshVanL)
- Correctly mount nvme drives on etcd instances (#538, @JoshVanL)
- Fix centos 7.6 aws cli, download it through pip if it's not working (#646, @simonswine)
Versions
| Application | Supported versions | Default |
|---|---|---|
| Packer | 1.0.2 |
|
| Terraform | 0.11.8 |
|
| Consul | 1.2.3 |
|
| Vault | 0.9.5 |
|
| Kubernetes | >= 1.9 && < 1.13 |
1.11.5 |
| Calico | 3.1.4 |
|
| Vault Helper | 0.9.13 |
|
| Etcd | 3.2.25 |
0.5.1
Release to update default Kubernetes version to 1.11.5: CVE-2018-1002105: proxy
request handling in kube-apiserver can leave vulnerable TCP connections
(details).
Changed
Versions
| Application | Supported versions | Default |
|---|---|---|
| Packer | 1.0.2 |
|
| Terraform | 0.11.8 |
|
| Consul | 1.2.3 |
|
| Vault | 0.9.5 |
|
| Kubernetes | >= 1.9 && < 1.13 |
1.11.5 |
| Calico | 3.1.4 |
|
| Vault Helper | 0.9.13 |
|
| Etcd | 3.2.25 |
0.5.0
The 0.5 release of Tarmak adds support for Kubernetes up to minor version 1.12.
A focus of the release was to ensure all data stores are encrypted at rest.
Another focus was on the stability of tarmak. Various components had version
and/or configuration upgrades to ensure resiliency in the operation.
This detailed changes have happend since the last minor version of Tarmak:
Added
- Update default kubernetes version for new clusters to 1.11.4 (#638, @simonswine)
- Istio example in documentation (#551, @charlieegan3)
- Option to enable EBS encryption (#496, @alljames)
- Toogle EBS encryption and protect EBS data from being deleted (#531, @simonswine)
- Kube bench proposed security fixes (#639, @simonswine)
- Point Tarmak CLI to new multicluster environment's 'hub' cluster by default (#566, @alljames)
- Jetstack Navigator example in documentation (#539, @charlieegan3)
- SPIFFE/SPIRE proposal/feasibility document. (#445, @JoshVanL)
- Documentation regarding using AWS instance storage (#545, @MattiasGees)
- Prometheus collection of systemd unit status (#612, @simonswine)
- Bastion and Vault instance pools now support additional policies declared in the config (#579, @JoshVanL)
- Etcd backup strategy (daily push of KMS encrypted snapshots of every instance) (#558, @simonswine)
- Auto-generated CLI documentation (#589, @JoshVanL)
- Flag --auto-approve and --auto-approve-deleting-data for
cluster applycommand (#560, @JoshVanL) - KMS Server Side Encryption to Consul S3 backups (#614, @JoshVanL)
- KMS encrypt terraform remote S3 state data. (#505, @JoshVanL)
plan --plan-file-storeandapply --plan-file-location(#563, @JoshVanL)cluster apply --auto-approveandcluster apply --auto-approve-deleting-data(#560, @JoshVanL)- Format terraform code for CI (#580, @JoshVanL)
- Tests for auto-generated terraform code (#535, @JoshVanL)
- Restart Consul on failure (#502, @dippynark)
- Restart etcd and wing-server on the bastion automatically on failure (#510, @dippynark)
- Metrics-server add-on from Kubernetes version 1.7 onwards (#487, @dippynark)
- Vault_server puppet module to initiate vault servers (#476, @JoshVanL)
- Support to enable API Server ELB access logs (#492, @JoshVanL)
- Set root volume attribute variables, previously only default was used. (#447, @charlieegan3)
- Cluster force-unlock subcommand for to release terraform state lock. (#522, @JoshVanL)
- Expose auto-cluster's
--scale-down-utilization-thresholdin .tarmak.yaml (#456, @JoshVanL) - Validate configuration, so that hubs in multi cluster environments contain all zones of their clusters (#471, @JoshVanL)
cluster kubeconfig(#632, @JoshVanL)- Configuration file for Kubelet and Kube-Proxy for Kubrnetes clusters >= 1.11 (#442, @JoshVanL)
Changed
- Unset API Server depreciated flags for Kubernetes version >= 1.11 (#440, @JoshVanL)
- Only wait for wing conversion when infrastructure-only mode specified (#493, @JoshVanL)
- Encrypt S3 puppet tar ball and consul backup buckets. (#504, @JoshVanL)
- Generate API documentation in site (#533, @JoshVanL)
- Use SSL protocol for API server health checks (#524, @lostick)
- Ensure connected vault tunnel is healthy (#512, @JoshVanL)
- Move tarmak terraform provider socket to /tmp (#587, @JoshVanL)
- Better advice when remote state has been destroyed (#576, @JoshVanL)
- Make Jenkins a valid instancepool for hub (#478, @MattiasGees)
- Bump default Kubernetes version for new clusters to 1.11.4 (#638, @simonswine)
- Bump fluentbit to 0.14.6 (#585, @MattiasGees)
- Bump node-exporter to 0.16.0 (#537, @lostick)
- Bump etcd to 3.2.25 (#623, @JoshVanL)
- Bump Terraform to v0.11.8 (#516, @simonswine)
- Bump Calico to 3.1.4 (#622, @JoshVanL)
- Bump Heapster to 1.5.4 (#491, @dippynark)
- Bump Prometheus to 2.3.2 and related components to latest version (#624, @JoshVanL)
Fixed
- Terraform debug shell error when binary version is incompatible (#495, @dippynark)
- Bug with conversion of yaml loggingsink to puppetcode (#581, @MattiasGees)
- Bug with Grafana in cluster service (#460, @MattiasGees)
- Better
cluster images buildbehavior (#604, @JoshVanL) - Node exporter port on etcd nodes (#553, @simonswine)
- Consul and update behaviour (#570, @simonswine)
- Packer image updates to fix failing services (#562, @simonswine)
- Clean up ssh run time assets (#597, @JoshVanL)
- Correctly mount docker storage on NVMe driver AWS instances. (#461, @JoshVanL)
- Ensure code generation is verified correctly (#462, @simonswine)
- Propagate interrupt signals to sub-processes and tasks (#356, @JoshVanL)
Versions
| Application | Supported versions | Default |
|---|---|---|
| Packer | 1.0.2 |
|
| Terraform | 0.11.8 |
|
| Consul | 1.2.3 |
|
| Vault | 0.9.5 |
|
| Kubernetes | >= 1.9 && < 1.13 |
1.11.4 |
| Calico | 3.1.4 |
|
| Vault Helper | 0.9.13 |
|
| Etcd | 3.2.25 |
0.5.0-rc2
9dde0a3
This commit was signed with the committer’s verified signature.
The key has expired.
simonswine
Christian Simon
Release 0.5.0-rc2