Release notes

Release 2.5.0

2023/06/30

Release notes to version 2.5.0

• Upgrade Kubernetes 1.25.6 (kubespray v2.22.1)
• Upgrade Helm charts for:
• Traefik (23.0.1) and Nginx (4.7.0) ingress controllers
• OpenSearch (2.13.1) and OpenSearch Dashboards (2.11.1)
• Concourse (17.1.1)
• Keycloak (18.4.3)
• Prometheus (46.6.0) and Thanos (12.6.2)
• Fix python issues during Kubernetes installation steps
• Fix Concourse performance issues with worker pods
• Add Velero backup retention period configuration
• Add support for hot add CPU and Memory in vSphere

---

Release 2.4.0

2023/02/01

Release notes to version 2.4.0

• Kubernetes 1.25.6
• Upgrade internal tools
  • Concourse 7.8.3
  • Keycloak 16.1.1
  • Vault 1.11.6
  • Harbor 2.7.0
  • Prometheus 2.41.0
  • Terraform 1.3.6
  • Traefik Ingress Controller 2.9.6
  • Nginx Ingress Controller 1.5.1
• vSphere: Remove NSX-T Manager API support
• vSphere: Add Gateway Firewall
• Fixes in upgrade pipeline
• Replaced deprecated terraform providers

Important notes

• There is a new Kubernetes version in this upgrade. There are some APIs changes, see more details here before running upgrade: https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/
• Please make sure you have a backup of your data before running an update.

---

Release 2.3.0

2022/10/07

Release notes to version 2.3.0

• Kubernetes 1.24
• Support for custom CA certificate
• Support for separate storge configuration for environments
• Support for extensions in git repository
• Replaced deprecated terraform providers

Important notes

• There is a new Kubernetes version in this upgrade. There are some APIs changes, see more details here before running upgrade: https://kubernetes.io/blog/2022/05/03/kubernetes-1-24-release-announcement/
• Please make sure you have a backup of your data before running an update.
• In order to add custom CA certificate you should place it in sensitive-data bucket and set proper Opscontrol terraform variables sensitive_data_offline_root_ca_key_filename, sensitive_data_offline_root_ca_crt_filename and/or sensitive_data_offline_root_ca_chain_filename. If there is a password set for the key you can pass it via sensitive_data_offline_root_ca_key_password.
• In order to use extensions in git you need to place them in the current Cloudboostr config repository under extensions directory and then set extensions_bucket_name to empty string. Then e.g. extensions_terraform_directory will be used to locate proper directory under extensions/ dir.

---

Release 2.2.0

2022/08/07

Release notes to version 2.2.0

• Kubernetes 1.23.0
• Update Concourse to 7.8.0
• Update Prometheus/Thanos to 2.38.0/0.26.0
• Update Velero to 1.8.1
• Improve security in metrics components and audit logging
• Bugfixes and improvements

Required steps

• Variables name changed in Opscontrol terraform.tfvars: telemetry_subnet_cidr -> control_plane_subnet_cidr telemetry_router_ip -> control_plane_router_ip telemetry_dhcp_server_ip -> control_plane_dhcp_server_ip telemetry_dhcp_server_range_start -> control_plane_dhcp_server_range_start telemetry_dhcp_server_range_end -> control_plane_dhcp_server_range_end efk_deployment_enabled -> elk_deployment_enabled

• Variables that can be removed from Opscontrol terraform.tfvars: dmz_reserved_ips dmz_static_ips mgmt_reserved_ips telemetry_reserved_ips telemetry_static_ips

• New variable in common.json config file: {"name": "elk_deployment_enabled", "opscontrol_var": "elk_deployment_enabled"}

• New variables in k8s-deployment.json config file: {"name": "delete_k8s_pv_on_destroy", "value": "false"} {"name": "docker_image_repo", "opscontrol_var": "docker_image_repo"} {"name": "k8s_packages_ansible_playbook_additional_arguments", "value": ""} {"name": "filebeat_release_state", "value": "present"} {"name": "nginx_ingress_release_state", "value": "absent"} {"name": "traefik_ingress_release_state", "value": "present"} {"name": "prometheus_release_state", "value": "present"} {"name": "thanos_release_state", "value": "present"} {"name": "velero_release_state", "value": "present"}

• Old variables in k8s-deployment.json config file, that can be removed: {"name": "ingress_additional_files_bucket", "value": "..."} {"name": "ingress_additional_files", "value": "..."} {"name": "ingress_type", "value": "..."}

• Move ingress certificate and key from your bucket to Vault: ${ingress_additional_files_bucket}/${ENV_NAME}.k8s.key -> ${VAULT_KV_PATH_EXTENSIONS}/${ENV_NAME}/k8s_key ${ingress_additional_files_bucket}/${ENV_NAME}.k8s.crt -> ${VAULT_KV_PATH_EXTENSIONS}/${ENV_NAME}/k8s_crt

• Move ingress extensions files to extensions_directory: ${ingress_additional_files_bucket}/nginx-override.yaml -> ${EXTENSIONS_BUCKET}/${EXTENSIONS_DIR}/packages/nginx-ingress/values.yml ${ingress_additional_files_bucket}/traefik-override.yaml -> ${EXTENSIONS_BUCKET}/${EXTENSIONS_DIR}/packages/traefik-ingress/values.yml

Important notes

• There is a new Kubernetes version in this upgrade. There are some APIs changes, see more details here before running upgrade: https://kubernetes.io/blog/2021/12/07/kubernetes-1-23-release-announcement/
• This version requires an update of some tools for OpsControl installation:
  • yq – 2.13.0 (version from pip3 is required: pip3 install yq==2.13.0)
  • jq – 1.6
  • terraform – 1.1.5
• Please make sure you have a backup of your data before running an update.

---

Release 2.1.0

2022/04/11

Release notes to version 2.1.0

• Upgrade Kubernetes to version 1.22.6 (kubespray 2.18.1)
• Use containerd as default container runtime in Kubernetes
• Upgrade Terraform to version 1.1.5
• Upgrade Velero to version 1.8.0 with multibackend and snapshots support
• Remove BOSH fully from Cloudboostr
• Fix OpenSearch service to aggregate logs
• Fix https redirections for OpsControl services
• Improve VMs OS upgrades

Required steps

• New efk_deployment_enabled parameter added to Opscontrol terraform.tfvars file. It allows to disable the ELK (OpenSearch) installation in Opscontrol. Default value is true.
• New velero_snapshot_volumes parameter in k8s-deployment.json which can be used to enable PersistentVolume snapshot feautre in Velero backup service.
• Additional flags that can be set via extensions to control update/migrate process. By default all flags are not set so upgrade and migration run. If both flags are set to “true” nothing will happen.
  • skip_upgrade – to skip update and run just a migration (true/false)
  • disable_containerd_migration – to skip migration and run just an upgrade (true/false)

Important notes

• In this version default container runtime in Kubernetes is changed to containerd. There is still an option to use dockershim and it requires usage of extensions. During upgrade process all pods should be moved from docker to containerd automatically but there might be some unexpected issues.
• There is a new Kubernetes version in this upgrade. There are some APIs removed, see more details here before running upgrade: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/#api-changes
• After upgrade you may have to manually remove BOSH Director from OpsControl if you have not removed that yet after 2.0.0 upgrade.
• Please make sure you have a backup of your data before running an update.

---

Release 2.0.0

2022/01/24

Release notes to version 2.0.0

• Replace Credhub with Vault v1.9.2
• Replace UAA with Keycloak v15.0.2
• Replace Opendistro with Opensearch
• Move Prometheus/Grafana to Kubernetes
• Removal BOSH from Environment deployment
• Add multiple users support on jumpbox
• Add concourse extensions and log retention settings
• Add variable with CB version
• vSphere: Add LB active monitor in NSXT Policy API
• AWS: update LoadBalancers in Terraform

Required steps

• In case you have configured Kubernetes with OIDC authentication with UAA it will still work but it is already deprecated and you have to migrate to Keycloak. UAA will be completly removed in Cloudboostr 2.1.0 release
• New ansible_strategy parameter added to Opscontrol terraform.tfvars file. You can check possible values here: https://docs.ansible.com/ansible/latest/user_guide/playbooks_strategies.html
• Removed concourse_ui_certificate_name and grafana_certificate_name from terraform.tfvars

• New users parameter in config.json that can be used to add custom users to all jumpboxes (Opscontrol and all Environments). This is an array of object with two parameters:

  • name – string with username
  • ssh_key – base64 encoded public key. Note: public key should include in a comment valid user email address ```

  Example of config.json file with users

  { "envs": [ { "name": "test", "backend_type": "aws", "config_repo_url": "...", "config_repo_branch": "..." } ], "users": [ { "name": "test", "ssh_key": "" } ] } ```

• New pipeline available to update jumpbox users in env.json: (...) { "name": "update_users", "file": "ci/pipelines/update-users.yml", "vars": [ {"name": "timer_interval", "value": "24h"} ] }, (...)

• Removed bosh_ variables from env.json

• BOSH installation was removed from Environments. In order to fully remove BOSH director you have to delete it manually from Environment bosh delete-env -n \ --state /etc/bosh-state/state.json \ --vars-store /etc/bosh-state/creds.yml \ ~/configure_jumpbox_bosh_workspace/manifest.yml

• New ansible_strategy parameter in k8s-deployment.json which can be used to modify strategy for kubespray deployment. See above example from terraform.tfvars to see possible values. Note: you can use "opscontrol_var": "ansible_strategy" to reuse value from Opscontrol.

Important notes

• This upgrade is a major upgrade that replaces core components from Cloudboostr: Credhub and UAA with Vault and Keycloak. Please make sure to update to new toolset your custom scripts and extensions before upgrade.

• After changing kube-apiserver (if there is no Kubernetes version change) you have to manually reinit kubeadm from one of the master nodes: sudo kubeadm init --config /etc/kubernetes/kubeadm-config.yaml phase control-plane all

• Please make sure you have a backup of your data before running an update.

• This version removes completly BOSH from Environment, which affects CloudFoundry deployment. It should change in next Cloudboostr 2.1.0 release.
• If you are going to change from in-tree to external cloud provider in OpsControl you have to manaully migrate the volumes to new CSI or remove them completly and recreate.
• This upgrade does not include new Kubernetes version. It is still v1.21.5 (the same as in Cloudboostr v1.7.0).