diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 77a4d53d02..f928009c17 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -28,7 +28,7 @@ upgrade your installation to the latest release. 2019-10-07 ### UI -* Fixes a UI issue that caused incorrect line breaks at pre-logon banner notification (ENGORG-2678) +* Fixes a UI issue that caused incorrect line breaks at pre-logon banner notification (ENGORC-2678) * Users have an option to store sessionToken per window tab session. (ENGORC-2597) ### Kubernetes @@ -70,7 +70,7 @@ upgrade your installation to the latest release. * The `azure-ip-count` variable is now exposed at install time, allowing a User to customize the number of IP addresses UCP provisions for each node. Additional information can be found - [here](/ee/ucp/admin/install/cloudproviders/install-on-azure/#adjust-the-ip-count-value) + [here](/ee/ucp/admin/install/cloudproviders/install-on-azure/#adjust-the-ip-count-value). ### Security * Upgraded Golang to 1.12.9. @@ -142,21 +142,15 @@ more information see ### Deprecations The following features are deprecated in UCP 3.2: -- Collections - - The ability to create a nested collection of more than 2 layers deep within the root /Swarm/collection is - now deprecated and will not be included in future versions of the product. However, current nested collections - with more than 2 layers are still retained. - - Docker recommends a maximum of two layers when creating collections within UCP under the shared cluster - collection designated as /Swarm/. For example, if a production collection called /Swarm/production is created - under the shared cluster collection /Swarm/, only one level of nesting should be created, for - example, /Swarm/production/app/. See Nested collections for more details. -- UCP `stop` and `restart` - - Additional upgrade functionality has been included which eliminates the need for these commands. -- `ucp-agent-pause` - - `ucp-agent-pause` is no longer supported. To pause UCP reconciliation on a specific node, for example, when repairing unhealthy `etcd` or `rethinkdb` replicas, you can use swarm node labels as shown in the following example: - ``` - docker node update --label-add com.docker.ucp.agent-pause=true - ``` +#### Collections + +- The ability to create a nested collection of more than 2 layers deep within the root /Swarm/collection is now deprecated and will not be included in future versions of the product. However, current nested collections with more than 2 layers are still retained. +- Docker recommends a maximum of two layers when creating collections within UCP under the shared cluster collection designated as /Swarm/. For example, if a production collection called /Swarm/production is created under the shared cluster collection /Swarm/, only one level of nesting should be created, for example, /Swarm/production/app/. See Nested collections for more details. +- UCP `stop` and `restart`. Additional upgrade functionality has been included which eliminates the need for these commands. +- `ucp-agent-pause` is no longer supported. To pause UCP reconciliation on a specific node, for example, when repairing unhealthy `etcd` or `rethinkdb` replicas, you can use swarm node labels as shown in the following example: +``` +docker node update --label-add com.docker.ucp.agent-pause=true +``` - Windows 2016 is formally deprecated from Docker Enterprise 3.0. EOL of Windows Server 2016 support will occur in Docker Enterprise 3.1. Upgrade to Windows Server 2019 for continued support on Docker Enterprise. - Support for updating the UCP config with `docker service update ucp-manager-agent --config-add ...` @@ -168,87 +162,54 @@ Refer to [UCP backup information](/ee/admin/backup/back-up-ucp/) for detailed UC If your cluster has lost quorum and you cannot recover it on your own, please contact Docker Support. -- Browser support +#### Browser support + In order to optimize user experience and security, support for Internet Explorer (IE) version 11 is not provided for Windows 7 with UCP version 3.2. Docker recommends updating to a newer browser version if you plan to use UCP 3.2, or remaining on UCP 3.1.x or older until EOL of IE11 in January 2020. -- Kubernetes +### Kubernetes - - Integrated Kubernetes Ingress - - You can now dynamiclly deploy L7 routes for applications, scale out multi-tenant ingress for shared clusters, - and give applications TLS termination, path-based routing, and high-performance L7 load-balancing in a - centralized and controlled manner. +- Integrated Kubernetes Ingress +- You can now dynamiclly deploy L7 routes for applications, scale out multi-tenant ingress for shared clusters, and give applications TLS termination, path-based routing, and high-performance L7 load-balancing in a centralized and controlled manner. +- Updated Kubernetes to version 1.14. - - Updated Kubernetes to version 1.14. - - - Enhancements: - - PodShareProcessNamespace - - - The PodShareProcessNamespace feature, available by default, configures PID namespace sharing within a pod. See [Share Process Namespace between Containers in a Pod](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) for more information. - - https://github.com/kubernetes/kubernetes/pull/66507 - - Volume Dynamic Provisioning - - Combined `VolumeScheduling` and `DynamicProvisioningScheduling`. - - Added allowedTopologies description in kubectl. - - ACTION REQUIRED: The DynamicProvisioningScheduling alpha feature gate has been removed. The VolumeScheduling beta feature gate is still required for this feature. - https://github.com/kubernetes/kubernetes/pull/67432 - - TokenRequest and TokenRequestProjection - - Enable these features by starting the API server with the following flags: - * --service-account-issuer - * --service-account-signing-key-file - * --service-account-api-audiences - - https://github.com/kubernetes/kubernetes/pull/67349 - - Removed `--cadvisor-port flag` from kubelet - - - ACTION REQUIRED: The cAdvisor web UI that the kubelet started using `--cadvisor-port` was removed - in 1.12. If cAdvisor is needed, run it via a DaemonSet. - - https://github.com/kubernetes/kubernetes/pull/65707 - - Support for Out-of-tree CSI Volume Plugins (stable) with API - - - Allows volume plugins to be developed out-of-tree. - - Not require building volume plugins (or their dependencies) into Kubernetes binaries. - - Not requiring direct machine access to deploy new volume plugins (drivers). - - https://github.com/kubernetes/enhancements/issues/178 - - Server-side Apply leveraged by the UCP GUI for the yaml create page - - - Moved "apply" and declarative object management from kubectl to the apiserver. Added "field ownership". - - https://github.com/kubernetes/enhancements/issues/555 - - The PodPriority admission plugin - - - For `kube-apiserver`, the `Priority` admission plugin is now enabled by default when using `--enable-admission-plugins`. If using `--admission-control` to fully specify the set of admission plugins, the `Priority` admission plugin should be added if using the `PodPriority` feature, which is enabled by default in 1.11. - - The priority admission plugin: - - Allows pod creation to include an explicit priority field if it matches the computed - priority (allows export/import cases to continue to work on the same cluster, between - clusters that match priorityClass values, and between clusters where priority is unused - and all pods get priority:0) - - Preserves existing priority if a pod update does not include a priority value and the old - pod did (allows POST, PUT, PUT, PUT workflows to continue to work, with the admission-set value - on create being preserved by the admission plugin on update) - - https://github.com/kubernetes/kubernetes/pull/65739 - - Volume Topology - - - Made the scheduler aware of a Pod's volume's topology constraints, such as zone or node. - - https://github.com/kubernetes/enhancements/issues/490 - - Docs pr here: kubernetes/website#10736 - - Admin RBAC role and edit RBAC roles - - The admin RBAC role is aggregated from edit and view. The edit RBAC role is aggregated from a - separate edit and view. - - https://github.com/kubernetes/kubernetes/pull/66684 - - API - - `autoscaling/v2beta2` and `custom_metrics/v1beta2` implement metric selectors for Object and Pods - metrics, as well as allow AverageValue targets on Objects, similar to External metrics. - - https://github.com/kubernetes/kubernetes/pull/64097 - - Version updates - - Client-go libraries bump - - ACTION REQUIRED: the API server and client-go libraries support additional non-alpha-numeric - characters in UserInfo "extra" data keys. Both support extra data containing "/" characters or - other characters disallowed in HTTP headers. - - Old clients sending keys that were %-escaped by the user have their values unescaped by new API servers. - New clients sending keys containing illegal characters (or "%") to old API servers do not have their values unescaped. - - https://github.com/kubernetes/kubernetes/pull/65799 - - audit.k8s.io API group bump - - The audit.k8s.io API group has been bumped to v1. - - Deprecated element metav1.ObjectMeta and Timestamp are removed from audit Events in v1 version. - - Default value of option --audit-webhook-version and --audit-log-version are changed from `audit.k8s.io/v1beta1` to `audit.k8s.io/v1`. - - https://github.com/kubernetes/kubernetes/pull/65891 +#### Enhancements +- PodShareProcessNamespace + - The PodShareProcessNamespace feature, available by default, configures PID namespace sharing within a pod. See [Share Process Namespace between Containers in a Pod](https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/) for more information. [kubernetes #66507](https://github.com/kubernetes/kubernetes/pull/66507) +- Volume Dynamic Provisioning + - Combined `VolumeScheduling` and `DynamicProvisioningScheduling`. + - Added allowedTopologies description in kubectl. + - ACTION REQUIRED: The DynamicProvisioningScheduling alpha feature gate has been removed. The VolumeScheduling beta feature gate is still required for this feature. [kubernetes #67432](https://github.com/kubernetes/kubernetes/pull/67432) +- TokenRequest and TokenRequestProjection [kubernetes #67349](https://github.com/kubernetes/kubernetes/pull/67349) + - Enable these features by starting the API server with the following flags: + - `--service-account-issuer` + - `--service-account-signing-key-file` + - `--service-account-api-audiences` +- Removed `--cadvisor-port flag` from kubelet + - ACTION REQUIRED: The cAdvisor web UI that the kubelet started using `--cadvisor-port` was removed in 1.12. If cAdvisor is needed, run it via a DaemonSet. [kubernetes #65707](https://github.com/kubernetes/kubernetes/pull/65707) +- Support for Out-of-tree CSI Volume Plugins (stable) with API + - Allows volume plugins to be developed out-of-tree. + - Not require building volume plugins (or their dependencies) into Kubernetes binaries. + - Not requiring direct machine access to deploy new volume plugins (drivers). [kubernetes #178](https://github.com/kubernetes/enhancements/issues/178) +- Server-side Apply leveraged by the UCP GUI for the yaml create page + - Moved "apply" and declarative object management from kubectl to the apiserver. Added "field ownership". [kubernetes #555](https://github.com/kubernetes/enhancements/issues/555) +- The PodPriority admission plugin + - For `kube-apiserver`, the `Priority` admission plugin is now enabled by default when using `--enable-admission-plugins`. If using `--admission-control` to fully specify the set of admission plugins, the `Priority` admission plugin should be added if using the `PodPriority` feature, which is enabled by default in 1.11. + - Allows pod creation to include an explicit priority field if it matches the computed priority (allows export/import cases to continue to work on the same cluster, between clusters that match priorityClass values, and between clusters where priority is unused and all pods get priority:0) + - Preserves existing priority if a pod update does not include a priority value and the old pod did (allows POST, PUT, PUT, PUT workflows to continue to work, with the admission-set value on create being preserved by the admission plugin on update). [kubernetes #65739](https://github.com/kubernetes/kubernetes/pull/65739) +- Volume Topology + - Made the scheduler aware of a Pod's volume's topology constraints, such as zone or node. [kubernetes #490](https://github.com/kubernetes/enhancements/issues/490) + - Admin RBAC role and edit RBAC roles + - The admin RBAC role is aggregated from edit and view. The edit RBAC role is aggregated from a separate edit and view. [kubernetes #66684](https://github.com/kubernetes/kubernetes/pull/66684) +- API + - `autoscaling/v2beta2` and `custom_metrics/v1beta2` implement metric selectors for Object and Pods metrics, as well as allow AverageValue targets on Objects, similar to External metrics. [kubernetes #64097](https://github.com/kubernetes/kubernetes/pull/64097) + - Version updates + - Client-go libraries bump + - ACTION REQUIRED: the API server and client-go libraries support additional non-alpha-numeric characters in UserInfo "extra" data keys. Both support extra data containing "/" characters or other characters disallowed in HTTP headers. + - Old clients sending keys that were %-escaped by the user have their values unescaped by new API servers. New clients sending keys containing illegal characters (or "%") to old API servers do not have their values unescaped. [kubernetes #65799](https://github.com/kubernetes/kubernetes/pull/65799) + - audit.k8s.io API group bump. The audit.k8s.io API group has been bumped to v1. + - Deprecated element metav1.ObjectMeta and Timestamp are removed from audit Events in v1 version. + - Default value of option --audit-webhook-version and --audit-log-version are changed from `audit.k8s.io/v1beta1` to `audit.k8s.io/v1`. [kubernetes #65891](https://github.com/kubernetes/kubernetes/pull/65891) ### Known issues