From f8e6768375655f20148180545e40d7e5e02f1aa2 Mon Sep 17 00:00:00 2001 From: ddeyo Date: Wed, 24 Oct 2018 16:52:27 -0700 Subject: [PATCH 1/5] add known issues from issue #738 added to release notes --- ee/ucp/release-notes.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 5a11032d4d..0851134ba6 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -42,6 +42,23 @@ upgrade your installation to the latest release. * JSON configuration used with `kubectl create -f pod.json` containing fields with incorrect casing are no longer valid. You must correct these files before upgrading. When specifying keys in JSON resource definitions during direct API server communication, the keys are case-sensitive. A bug introduced in Kubernetes 1.8 caused the API server to accept a request with incorrect case and coerce it to correct case, but this behaviour has been fixed in 1.11 so the API server will again enforce correct casing. During this time, the `kubectl` tool continued to enforce case-sensitive keys, so users that strictly manage resources with `kubectl` will be unaffected by this change. * If you have a pod with a subpath volume PVC, there’s a chance that after the upgrade, it will conflict with some other pod; see [this pull request](https://github.com/kubernetes/kubernetes/pull/61373). It’s not clear if this issue will just prevent those pods from starting or if the whole cluster will fail. +**Known issues** +* You must use the ID of the user, organization, or team if you are manually creating a **ClusterRoleBinding** or **RoleBinding** for `User` or `Group` subjects. + * For the `User` subject Kind, the `Name` field should be the ID of the user. + * For the `Group` subject Kind, the format depends on whether you are creating a Binding for a team or an organization: + * For an organization, the format is `org:{org-id}` + * For a team, the format is `team:{org-id}:{team-id}` + +* In order to deploy Pods with containers using Restricted Parameters, a user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with the `cluster-admin` **ClusterRole**. Restricted Parameters on Containers include: + * Host Bind Mounts + * Privileged Mode + * Extra Capabilities + * Host Networking + * Host IPC + * Host PID + +* If the `cluster-admin` built-in **ClusterRole** or **ClusterRoleBinding** are deleted, you can recreate it automatically by restarting the `ucp-kube-apiserver` container on any manager node. + # Version 3.0 ## 3.0.4 (2018-08-09) From 119fef7c2dd5a835a52e6b9c38e28a5b81d78025 Mon Sep 17 00:00:00 2001 From: ddeyo Date: Wed, 24 Oct 2018 17:09:41 -0700 Subject: [PATCH 2/5] relnotes from orca issue #15411 added to release notes --- ee/ucp/release-notes.md | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 0851134ba6..8038b7f2bb 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -57,10 +57,29 @@ upgrade your installation to the latest release. * Host IPC * Host PID -* If the `cluster-admin` built-in **ClusterRole** or **ClusterRoleBinding** are deleted, you can recreate it automatically by restarting the `ucp-kube-apiserver` container on any manager node. +* If the `cluster-admin` built-in **ClusterRole** or **ClusterRoleBinding** are deleted, you can recreate it automatically by restarting the `ucp-kube-apiserver` container on any manager node. # Version 3.0 +## 3.0.6 (2018-10-25) + +**Bug fixes** + +* Core + * Bumped Kubernetes version to 1.8.15. + * Resolved an issue where LDAP sync jobs would crash when handling an org admin + search result which does not correspond to an existing user. (docker/escalation#784 #docker/escalation#888) + * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) + * Fixed an issue that caused Azure IPAM not releasing addresses. (docker/escalation#815) + * Fixed an issue that caused installation of UCP on Azure unsuccessful. (docker/escalation#863) + * Fixed an issue that caused Interlock proxy service keeps on restarting (docker/escalation#814) + * Fixed an issue that caused Kubernetes DNS not working (#14064, #11981) + * Fixed an issue that causes a missing swarm placement constraints warning banner to show up unnecessarily. (#14539) +* Security + * Fixed `libcurl` vulnerability in RethinkDB image. (#15169) +* UI + * Fixed an issue that caused "Per User Limit" not working on Admin Settings. (docker/escalation#639) + ## 3.0.4 (2018-08-09) **Bug fixes** @@ -316,6 +335,18 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. # Version 2.2 +## Version 2.2.14 (2018-10-25) + +**Bug fixes** + +* Core + * Resolved an issue where LDAP sync jobs would crash when handling an org admin + search result which does not correspond to an existing user. (docker/escalation#784 #docker/escalation#888) + * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) +* UI + * Fixed an issue that caused "Per User Limit" not working on Admin Settings. (docker/escalation#639) + + ## Version 2.2.12 (2018-08-09) **Bug fixes** From 79f8fed92675d06d7cb39cce5663042df565c4c0 Mon Sep 17 00:00:00 2001 From: ddeyo Date: Thu, 25 Oct 2018 09:29:24 -0700 Subject: [PATCH 3/5] peer review fwwdback --- ee/ucp/release-notes.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 8038b7f2bb..0677410e50 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -49,7 +49,7 @@ upgrade your installation to the latest release. * For an organization, the format is `org:{org-id}` * For a team, the format is `team:{org-id}:{team-id}` -* In order to deploy Pods with containers using Restricted Parameters, a user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with the `cluster-admin` **ClusterRole**. Restricted Parameters on Containers include: +* In order to deploy Pods with containers using Restricted Parameters, a user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the **ClusterRole**. Restricted Parameters on Containers include: * Host Bind Mounts * Privileged Mode * Extra Capabilities @@ -57,7 +57,7 @@ upgrade your installation to the latest release. * Host IPC * Host PID -* If the `cluster-admin` built-in **ClusterRole** or **ClusterRoleBinding** are deleted, you can recreate it automatically by restarting the `ucp-kube-apiserver` container on any manager node. +* If you delete the built-in **ClusterRole** or **ClusterRoleBinding** for `cluster-admin`, restart the `ucp-kube-apiserver` container on any manager node to recreate them. # Version 3.0 @@ -66,19 +66,19 @@ upgrade your installation to the latest release. **Bug fixes** * Core - * Bumped Kubernetes version to 1.8.15. + * Updated Kubernetes to version 1.8.15. * Resolved an issue where LDAP sync jobs would crash when handling an org admin search result which does not correspond to an existing user. (docker/escalation#784 #docker/escalation#888) * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) - * Fixed an issue that caused Azure IPAM not releasing addresses. (docker/escalation#815) - * Fixed an issue that caused installation of UCP on Azure unsuccessful. (docker/escalation#863) - * Fixed an issue that caused Interlock proxy service keeps on restarting (docker/escalation#814) - * Fixed an issue that caused Kubernetes DNS not working (#14064, #11981) - * Fixed an issue that causes a missing swarm placement constraints warning banner to show up unnecessarily. (#14539) + * Fixed an issue that caused Azure IPAM to not release addresses. (docker/escalation#815) + * Fixed an issue that caused unsuccessful installation of UCP on Azure. (docker/escalation#863) + * Fixed an issue that caused the Interlock proxy service to restart (docker/escalation#814) + * Fixed an issue that caused Kubernetes DNS to not work (#14064, #11981) + * Fixed an issue that causes a missing warning banner to appear unnecessarily. (#14539) * Security * Fixed `libcurl` vulnerability in RethinkDB image. (#15169) * UI - * Fixed an issue that caused "Per User Limit" not working on Admin Settings. (docker/escalation#639) + * Fixed an issue that caused "Per User Limit" to not work in Admin Settings. (docker/escalation#639) ## 3.0.4 (2018-08-09) @@ -340,11 +340,11 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. **Bug fixes** * Core - * Resolved an issue where LDAP sync jobs would crash when handling an org admin - search result which does not correspond to an existing user. (docker/escalation#784 #docker/escalation#888) + * Resolved an issue where LDAP sync jobs terminated when handling an org admin + Search result that does not resolve to an existing user. (docker/escalation#784 #docker/escalation#888) * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) * UI - * Fixed an issue that caused "Per User Limit" not working on Admin Settings. (docker/escalation#639) + * Fixed an issue that caused "Per User Limit" to not work on Admin Settings. (docker/escalation#639) ## Version 2.2.12 (2018-08-09) From 95e6230891e2e47619481f025bb8cf82dd5aa012 Mon Sep 17 00:00:00 2001 From: ddeyo Date: Thu, 25 Oct 2018 09:37:53 -0700 Subject: [PATCH 4/5] additional edits --- ee/ucp/release-notes.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index 0677410e50..ba877a3c22 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -67,8 +67,8 @@ upgrade your installation to the latest release. * Core * Updated Kubernetes to version 1.8.15. - * Resolved an issue where LDAP sync jobs would crash when handling an org admin - search result which does not correspond to an existing user. (docker/escalation#784 #docker/escalation#888) + * Resolved an issue where LDAP sync jobs would terminate when processing an org admin + Search result that does not resolve to an existing user. (docker/escalation#784 #docker/escalation#888) * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) * Fixed an issue that caused Azure IPAM to not release addresses. (docker/escalation#815) * Fixed an issue that caused unsuccessful installation of UCP on Azure. (docker/escalation#863) @@ -340,7 +340,7 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. **Bug fixes** * Core - * Resolved an issue where LDAP sync jobs terminated when handling an org admin + * Resolved an issue where LDAP sync jobs terminated when processing an org admin Search result that does not resolve to an existing user. (docker/escalation#784 #docker/escalation#888) * Fixed an issue that caused RethinkDB client lock contention. (docker/escalation#902 and docker/escalation#906) * UI From f1108462f6d03e34c598bfe2138fc458f08197ef Mon Sep 17 00:00:00 2001 From: ddeyo Date: Thu, 25 Oct 2018 11:46:15 -0700 Subject: [PATCH 5/5] deprecated features added per issue 766 --- ee/ucp/release-notes.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index ba877a3c22..b62c629163 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -21,6 +21,8 @@ upgrade your installation to the latest release. # Version 3.1 +## 3.1.0 (2018-11-8) + **New Features** * Default address pool for Swarm is now user configurable * UCP now supports Kubernetes Network Encryption using IPSec @@ -59,6 +61,17 @@ upgrade your installation to the latest release. * If you delete the built-in **ClusterRole** or **ClusterRoleBinding** for `cluster-admin`, restart the `ucp-kube-apiserver` container on any manager node to recreate them. +**Deprecated features** + +The following features are deprecated in UCP 3.1 + +* Collections + * Nested collections are deprecated and will be removed in future versions of the product. Customers should use non-nested collections going forward. +* Kubernetes + * **PersistentVolumeLabel** admission controller is deprecated in Kubernetes 1.11. This functionality will be migrated to Cloud Controller Manager [https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/) + * `--cni-install-url` is deprecated in favor of `--unmanaged-cni` + * KubeDNS is deprecated in favor of CoreDNS. + # Version 3.0 ## 3.0.6 (2018-10-25)