D2iQ® Konvoy® version 1.8.0 was released on 05, May 2021.
This release provides new features and enhancements to improve the user experience, fix reported issues, integrate changes from previous releases, and maintain compatibility and support for other packages used in Konvoy.
New features and capabilities
- Switched the kubeaddons base image to distroless and run the controller as a non-root user. Addresses the static (not executed) CVE-2019-25013 in the prior base image.
- Use the correct
- Fix an issue where
konvoy resetwould fail when removing Kubernetes directories when that directory is a mount point. (COPS-6771)
- Added support for RHEL/CentOS 7.9.
- You can now uninstall the auto-provisioner if the
autoProvisioning.disabledis set to
trueafter the initial installation.
- Use the correct GPG key when installing FIPS RPM packages in an air-gapped environment.
- Include the missing
docker.io/mesosphere/pause:3.2needed for air-gapped FIPS installation.
- Added support for using a custom CA when generating certificates for the Kubernetes control plane by copying the
extras/pkiin the working directory, See the Konvoy documentation.
- Validate that Konvoy is not being run from a host in the Kubernetes cluster. (COPS-6878)
- Fix to allow for upgrading Konvoy v1.7.0 and v1.7.1 to any later version of Konvoy while running in FIPS mode.
- Set the default image to CentOS 7.9.
- Allow for setting
noneto disable Calico encapsulation (COPS-6836).
- New configuration option
clusterConfiguration.spec.ntp.autoConfigurethat can be set to
falseto disable installing and configuring Chrony. (COPS-6282)
- Existing SecurityGroups can now be assigned to nodes, VPC endpoints, and the kube-apiserver ELB. See AWS advanced install documentation.
- Fix a bug where running
konvoymay destroy machines when
subnetIDsare specified. (COPS-6816)
- Fix a cluster configuration validation error that marked AWS GovCloud KMS ARNs invalid. (COPS-6884)
wait_for_guest_net_routableis now set to
falseto allow for air-gapped installations.
Upstream industry changes
The following sections refer to recent changes in the Open Source software used by DKP that may require action on your part as part of an upgrade or installation of D2iQ software.
Docker hub rate limiting
Docker Hub announced an update to their image pull policies in August, 2020. The change results in the need to change cluster configurations to accommodate new account structures that enable image pull rate limiting.
Rate limiting happens on a per-pull basis regardless of whether the pulled image is owned by a paid user. This means D2iQ, as owner of most images used in Konvoy, does not have any influence as to whether your current address is rate-limited or not. Konvoy does not have a strict dependency on Docker Hub accounts or plans.
For more information on addressing this limit, see Docker hub rate limits.
- Ansible 22.214.171.124
- Calico 3.17.3
- Cluster-autoscaler v0.5.0
- Containerd v1.3.9
- Docker v19.03.15
- EBS CSI 0.7.x
- Elastic Search 7.10.1
- Gatekeeper 3.4.0
- Go 1.16.2
- Helm v3.5.2
- Istio 1.9.1
- Kibana 7.9.3
- kubeaddons-dispatch stable-1.19-1.4.5
- kubeaddons-kommander stable-1.20-1.4.0
- kubernetes-base-addons stable-1.20-4.0.0
- Kubernetes v1.20.6
- Kubeaddons v0.26.0
- Mitogen a60c6c14a2473c895162a1b58a81bad0e63d1718
- Prometheus 2.22.1
- Prometheus Operator 0.43.0
- snapshot-controller 3.0.2
- Terraform v0.13.7
- Terraform AWS plugin ~> 3.0
- Terraform Azure plugin ~> 2.31
- Terraform GCP plugin ~> 3.42
- Velero >= 1.5
For information about installing and using Konvoy, see the Konvoy documentation.
For information about working with native Kubernetes, see the Kubernetes documentation.