Release Notes Kommander 1.4.0

View release-specific information for Kommander 1.4.0

D2iQ® Kommander® version 1.4.0 was released on May 5, 2021.

To get started with Kommander, download and install the latest version of Konvoy.

NOTE: You must be a registered user and logged on to the support portal to download this product. New customers must contact their sales representative or before attempting to download or install Konvoy.

Release Summary

Kommander provides a command center for all your cloud native management needs in public Information as a Service (IaaS), on-premises, and edge environments. Kommander provides a multi-tenant experience to create, secure, and configure Kubernetes clusters and cloud native workloads. Kommander enables teams to unlock federated cost management across multiple clusters, whether they are a new Konvoy cluster or an existing 3rd party/DIY distribution installation.

New features

Workspace Permissions Updates

In previous Kommander versions, Workspace roles were not automatically propagated to Project roles. A user with edit permissions for the Workspace did not automatically receive edit permissions to a Project inside the Workspace. Beginning with Kommander version 1.4, roles are propagated from Workspace to Project, and a user with edit permissions on the Workspace will also have edit permissions on the Project.

IMPORTANT: This change will propagate to all Projects, including existing Projects.

Refer to the instructions in [Access Control][access_control] to disable this propagation.

Network Tunneling

Prior to release 1.4, Kommander required bi-directional connectivity between the Kommander management cluster and clusters that are under management. This effectively blocked several use cases:

  • Kommander did not have direct access to the managed cluster, for example, when the cluster was on a laptop or behind a NAT gateway.

  • The managed cluster did not have direct access to Kommander, for example, Kommander was on-premise and the managed cluster was in a public cloud provider environment.

  • The managed cluster was behind a firewall, a proxy, or resident in a DMZ.

A new component, kubetunnel, provides communication between Kommander and the managed cluster through a tunneling protocol resolving these blocked use cases. The TLS-encrypted tunnel enables you to access the cluster using SSO and to receive alerts, metrics, and kubecost data.

For more information on this capability, see Attach an Existing Kubernetes Cluster

Catalog Workload Certification

D2iQ now certifies workloads for use with Kommander. All workloads that have been tested and certified for successful configuration and provisioning on Konvoy are flagged in Kommander with a certification icon. For more information, see Project Platform Services.

Helm charts

The Projects tab now shows all of the current Helm Release charts, their chart version, and the names of the clusters. For more information, see Project Deployments.

Breaking changes

Docker hub rate limiting

Docker Hub announced an update to their image pull policies in August, 2020. The change results in the need to change cluster configurations to accommodate new account structures that enable image pull rate limiting.

Rate limiting happens on a per-pull basis regardless of whether the pulled image is owned by a paid user. This means D2iQ, as owner of most images used in Konvoy, does not have any influence as to whether your current address is rate-limited or not. Konvoy does not have a strict dependency on Docker Hub accounts or plans.

For more information on addressing this limit, see Docker hub rate limits.

Component versions

  • Addon: 1.4.0-22
  • Chart: 0.31.1
  • kommander-federation (yakcl): 0.16.1
  • kommander-licensing (yakcl): 0.16.1
  • UI: 6.98.0
  • kommander-karma: 0.3.19
  • kubeaddons-catalog: 0.1.16
  • kommander-thanos: 0.1.22
  • kubecost: 0.9.1
  • grafana: 6.6.0
  • karma: 0.70
  • thanos: 0.17.1
  • cost-analyzer: 1.77.1

Fixes and Improvements

  • UI: Show status of Helm Releases in Project CD.
  • Do not deploy the mtls-proxy load balancers if the connection-type is of type unidirectional.
  • Add kubetunnel integration.
  • UI: Add support for Catalog platform service badges to identify certified, air-gapped and d2iq supported platform services
  • Upgrade federated Prometheus to v12.11.10, which includes a change to use the kube-prometheus-stack upstream chart following the deprecation of helm/charts.
  • Duplicate namespaces no longer created per workspace.
  • UI: Update to handle new KUDO param types.
  • Decrease the amount of time it takes to delete Kommander.
  • Update the karma subchart to remove a liveness probe that could cause the karma container to be restarted unnecessarily, preventing its API from becoming available.
  • UI: Allow gitops source update.
  • UI: Federated addon info is now displayed properly in UI cards.
  • Bump federated Kubeaddons to v0.26.1 to fix a bug causing unnecessary addon deployment delays.
  • UI: Handle license loading state, show loading instead of invalid when license is missing a status. (COPS-6912)
  • UI: Resolve kubecost performance issue.