docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9875 from traci-morrison/ucp-nov-patch 

Add updates for Nov patch release
This commit is contained in:
Traci Morrison 2019-11-14 13:13:43 -05:00 committed by GitHub
parent 27fe24d5ad 15049d1072
commit e42aa477d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 115 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
ee/ucp/release-notes.md
View File

@ -24,6 +24,46 @@ upgrade your installation to the latest release.
# Version 3.2
## 3.2.4
2019-11-14
### Known issues
* UCP currently turns on vulnerability information for images deployed within UCP by default for upgrades. This may cause clusters to fail due to performance issues. (ENGORC-2746)
* For Red Hat Enterprise Linux (RHEL) 8, if firewalld is running and `FirewallBackend=nftables` is set in `/etc/firewalld/firewalld.conf`, change this to `FirewallBackend=iptables`, or you can explicitly run the following commands to allow traffic to enter the default bridge (docker0) network:
```
firewall-cmd --permanent --zone=trusted --add-interface=docker0
firewall-cmd --reload
```
### Platforms
* RHEL 8.0 is now supported.
### Kubernetes
* Kubernetes has been upgraded to version 1.14.8 that fixes CVE-2019-11253.
* Added a feature that allows the user to enable SecureOverlay as an add-on on UCP via an install flag called `secure-overlay`. This flag enables IPSec Network Encryption in Kubernetes.
### Security
* Upgraded Golang to 1.13.2. (ENGORC-2762)
* Fixed an issue that allowed a user with a "restricted control" role to obtain Admin access to UCP by starting a container with `docker run --volumes-from ucp-proxy`. (ENGORC-2781)
### Bug fixes
* Fixed an issue where UCP 3.2 backup performs an append not overwrite when `--file` switch is used. (FIELD-2043)
* Fixed an issue where the Calico/latest image was missing from the UCP offline bundle. (FIELD-1584)
* Image scan result aggregation is now disabled by default for new UCP installations. This feature can be configured by a new `ImageScanAggregationEnabled` setting in the UCP tuning config. (ENGORC-2746)
* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser,
leading to a gap in permissions checks. (ENGORC-2781)
### Components
| Component | Version |
| --------------------- | ------- |
| UCP | 3.2.4 |
| Kubernetes | 1.14.8 |
| Calico | 3.8.2 |
| Interlock | 3.0.0 |
| Interlock NGINX proxy | 1.14.2 |
## 3.2.3
2019-10-21
@ -372,6 +412,29 @@ The workaround is to use a swarm service to deploy this change across the cluste
# Version 3.1
## 3.1.12
2019-11-14
### Security
* Upgraded Golang to 1.12.12.
### Kubernetes
* Kubernetes has been upgraded to fix CVE-2019-11253.
### Bug fixes
* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser,
leading to a gap in permissions checks. (ENGORC-2781)
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.1.12 |
| Kubernetes | 1.14.3 |
| Calico | 3.5.7 |
| Interlock | 2.4.0 |
| Interlock NGINX proxy | 1.14.2 |
## 3.1.11
2019-10-08
@ -404,7 +467,7 @@ The workaround is to use a swarm service to deploy this change across the cluste
2019-09-03
### Kubernetes
* Kubernetes has been upgraded to version 1.11.10-docker-1, this has been built with Golang 1.12.9.
* Kubernetes has been upgraded to version 1.11.10-docker-1. This version was built with Golang 1.12.9.
* Kubernetes DNS has been upgraded to 1.14.13 and is now deployed with more than one replica by default.
### Networking
@ -868,6 +931,28 @@ The following features are deprecated in UCP 3.1.
# Version 3.0
## 3.0.16
2019-11-14
### Security
* Upgraded Golang to 1.12.12.
### Kubernetes
* Kubernetes has been upgraded to fix CVE-2019-11253.
### Bug fixes
* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser,
leading to a gap in permissions checks. (ENGORC-2781)
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.0.16 |
| Kubernetes | 1.11.2 |
| Calico | 3.2.3 |
| Interlock (NGINX) | 1.13.12 |
## 3.0.15
2019-10-08
@ -893,8 +978,7 @@ The following features are deprecated in UCP 3.1.
2019-09-03
### Kubernetes
* Kubernetes has been upgraded to version 1.8.15-docker-7, this has been built
with Golang 1.12.9.
* Kubernetes has been upgraded to version 1.8.15-docker-7. This version was built with Golang 1.12.9..
* Kubernetes DNS has been upgraded to 1.14.13.
### Networking
@ -1433,6 +1517,16 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
# Version 2.2
## Version 2.2.23
2019-11-14
### Security
* Upgraded Golang to 1.12.12.
### Bug fixes
* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser,
leading to a gap in permissions checks. (ENGORC-2781)
## Version 2.2.22
2019-10-08
@ -1469,7 +1563,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.19
@ -1493,7 +1587,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.18
@ -1516,7 +1610,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.17
@ -1541,7 +1635,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.16
@ -1565,7 +1659,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.15
@ -1593,7 +1687,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.14
@ -1623,7 +1717,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.13
@ -1650,7 +1744,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.12
@ -1679,7 +1773,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.11
@ -1720,7 +1814,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.10
@ -1773,7 +1867,7 @@ instead of the correct image for the worker architecture.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.9
@ -1809,7 +1903,7 @@ is always used, regardless of which one is actually the best match.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.7
@ -1840,7 +1934,7 @@ is always used, regardless of which one is actually the best match.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.6
@ -1910,7 +2004,7 @@ is always used, regardless of which one is actually the best match.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
@ -1947,7 +2041,7 @@ for volumes.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.4
@ -1992,7 +2086,7 @@ for volumes.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## Version 2.2.3
@ -2045,7 +2139,7 @@ for volumes.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
* You can't create a bridge network from the web interface. As a workaround, use
`<node-name>/<network-name>`.
## version 2.2.2
@ -2177,7 +2271,7 @@ and the API is fully interactive within the UCP web interface.
session timeout](https://docs.docker.com/datacenter/ucp/2.2/guides/admin/configure/external-auth/enable-ldap-config-file/).
* docker/ucp
* The `support` command does not currently produce a valid support dump. As a
workaround you can download a support dumps from the web interface.
workaround, you can download a support dumps from the web interface.
* Windows issues
* Disk related metrics do not display for Windows worker nodes.
* If upgrading from an existing deployment, ensure that HRM is using a non-encrypted