Skip to content
This repository has been archived by the owner on Aug 19, 2021. It is now read-only.

Release 01/31/2020
Compare
Choose a tag to compare
@mawinkler mawinkler released this 31 Jan 16:55
· 328 commits to master since this release
v1.1
01599f7

Release 01/31/2020

Headline news

  • It's now possible to let Ansible populate the Jenkins Credentials. You can now directly start over within Jenkins and create pipelines using the cluster registry and Smart Check. See the documentation of Jenkins and the demo video.
  • Calico now working for Google GCP and ESXi.
  • Major change - GCP and AWS only:
    • Instances which are technically not required to be directly addressable from the internet (e.g. the kubernetes cluster) have been moved to the private subnet. For that reason, Ansible does now use the jumphost instance to do it's orchestration. For the same reason, nat gateways got introduced.
    • If you are running multiple environments at the same time in different clouds, before rerunning the deployment playbook please switch to the target environment by the menu.sh script.
  • Major change - GCP and AWS only:
    • All instances besides the jumphost, Deep Security and the Windows endpoints are now only accessible by ssh from the internet. Access to the services is now granted through a reverse proxy with certificates and by DNS names.
    • The direct links are constructed automatically with the following syntax: Given the public IP of your jumphost is 18.197.164.37, the resulting DNS name of a service would be servicename-18-197-164-37.nip.io. So the dots within the IP address are replaced by dashes. See your site_XXX-directory for details.

The "one more thing" thing

  • Upgrade from Kubernetes 1.14.4 to 1.14.9
  • Switch from cgroupfs to systemd
  • Calico firewall fix to allow ip-in-ip encapsulation in Google GCP. Still problematic on AWS.
  • Upgrade to Helm 3.0.1 - no Tiller anymore
  • After resuming the environment, Kubernetes is now reenabled within Jenkins
  • Certificate web-server pod now independent from Docker Hub
  • Miau demo app now independent from Docker Hub
  • New demo app troopers available
  • Smart Check now connects to the pre-registry in addition to the cluster registry
  • Fixed username handling for Smart Check

Breaking Changes and Adaptions to take out

When upgrading to the latest version, ensure to have the following variables set.

File:

/etc/ansible/ansible.cfg

force_valid_group_names = ignore

File:

vars/site_secrets.yml

add:

# Your valid e-Mail address, required for Letsencrypt
# Mandatory
admin_email: <YOUR VALID EMAIL ADDRESS>

Files:

vars/environment_gcp_vars.yml
vars/environment_aws_vars.yml

add:

jumphost_tld: nip.io
Assets 2
Loading