Skip to main content

Release Radar - Q1 2020

Powershell 7
#

TLDR: Built on NET Core 3.1 (LTS), PWSH 7.0 adds pipeline parallelization, improved error handling, module back-compat enhancements, and can be used as a POSIX login shell.

  • ForEach-Object -Parallel [-ThrottleLimit defaults to 5]
  • Windows compatibility wrapper
  • Can be used as a POSIX login shell
  • $ErrorView (preference variable) adds ConciseView (prev == NormalView and CategoryView), which just shows the exception itself without the breakpoint and category metadata
  • Get-Error added, which returns a very detailed PSObject containing significant context around the most recent error (useful for error handling logic)
  • Pipeline chain operators (&& and ||)
  • Null assignment and coalescing operators (?? and ??=)
  • Ternary operator (condition ? consequent : alternative)
  • Cross-platform Invoke-DscResource (experimental)
  • Get-Clipboard / Set-Clipboard (were missing in 6.x)
  • Out-Printer (Windows only), supports PDF printers
  • Clear-RecycleBin
  • Test-Connection updates
  • Select-String now highlights the segment of the string you were searching for
  • Update-List (missing from 6.x)
  • New version notification

vSphere 7
#

TLDR: VMware’s first major release in 5 years has a heavy Kubernetes focus, but most of what their customer base was looking forward to - K8s abstracted behind a familiar vSphere UI - is locked behind VCF (bundled SDDC suite) licensing

  • vSphere with Kubernetes (called Project Pacific in tech preview) converges VM’s and containers:

    • Pod Service = deploy K8s manifests directly onto ESXi hosts (‘Supervisor Clusters’, where kubelet==sphereletspherelet, CRI==CRX), manageable alongside VM’s in the vSphere UI; it’s not CNCF conformant K8s, but a compromise between ‘our devs/CIO want k8s’ and ‘VI admins want to retain control, using their existing infra skills’
    • Registry Service = Harbor (store and secure Docker/OCI images)
    • Network Service = access NSX-T NVF features through K8s-ish paradigms; Virtual Routers, Load Balancers, Firewall Rules
    • Storage Service = publish VSAN storage as K8s PersistentVolumes

    ‘vSphere with Kubernetes’ requires VCF (ie vSphere+vSAN+NSX+vRealize), which has caused ripples amongst the core VMware userbase, many of whom use <some other SAN, eg NetApp> and <some other SDN, eg Cisco ACI>. They were looking forward to joining the K8s hype train on their own terms - in the datacenter, with their team still at the Helm (😏).

  • Tanzu is a suite of K8s acquisitions: a CNCF conformant K8s distro and ‘day two’ offerings:

    • Kubernetes Grid Service’ is basically Pivotal’s PKS but further developed
    • ‘Guest Clusters’ (as distinct from Supervisor Clusters) aren’t ESXi native; they run on host OS VM’s like all other CNCF K8s distros (eg rke and kops)
    • ‘Tanzu Mission Control’ is a single pane of glass for managing both on-prem and public cloud hosted K8s clusters
    • ‘Tanzu Application Catalog’ is the result of Bitnami acquisition; one click container deploys of common workloads
    • ‘Tanzu Application Service’ = ? CI
    • ‘Tanzu Observability by Wavefront’ = acquired K8s monitoring platform?

  • vSAN 7 adds NFS(3|4.1) file shares and is thus a supported backend for both file based/RWX PV’s and block based (RWO) PV’s.

  • NSX-T 7 is designed to be a container aware connectivity solution

  • Traditional workload (ESXi/vCenter) improvements:

    • vCenter can patch host FW and drivers alongside ESXi updates
    • DRS now cares more about ‘VM happiness’ (evaluated every 60s) and less about host utilization
    • Assignable Hardware + Dynamic DirectPath I/O mean you can DRS/HA VM’s that require specific host resources eg NVIDIA GPU’s to hosts that also have those resource (in <=6.7 they were locked to a specific host)
    • vMotion performance improvements (targeting very large RAM workloads but there is some trickle down)
    • Identity Federation - vCenter OIDC auth support (BYO MFA inclusive SSO provider)
    • vSGX support - use modern Intel proc SGX capability to shield workload secrets from guest OS and hypervisor; requires latest VMX version, processor support, and workload to be designed to leverage SGX when detected
    • vCenter can be multihomed (have 4 NICs), but NIC#2 will be reserved for VCHA even if not using VCHA

  • vRealize improvements:

    • vROPS 8.1 now supports out of box metrics and alerting for both vSphere with Kubernetes and Tanzu based container workloads
    • vROPS 8.1 multi-cloud monitoring now supports VMC, AWS, Azure and GCP
    • vRA 8.1 now has a multitenancy concept; provider (parent) org can carve out tenant (child) orgs; members of tenant orgs can only manage in-scope resources, policies etc
    • vRO 8.1 now supports multiple scripting languages (PWSH 6.2, Python 3.7, nodeJS 12)
    • vRO 8.1 builds on git sync (added in 8.0), now supports multiple branches-

Kubernetes 1.18
#

TLDR: kubectl debug and support for containerd on WS2019 workers

  • HPA scale velocity now has granular scope option (previously, cluster wide) alpha
  • startupProbe adds a new, third probe that prevents liveness probes from triggering restart loops on slow-to-boot workloads beta
  • ContainerD CRI on Windows (Server 2019) workers! [alpha]
  • RuntimeClass object gets Windows support [alpha]
  • kubectl debug added, facilitates attaching ephemeral containers to an existing pod for ad hoc investigation [alpha]
  • kubectl diff added [alpha]
  • topologySpreadConstraints allows awareness of failure domains when scheduling pods across nodes [beta], with defaultConstraints support in [alpha]
  • ConfigMap and Secret objects now support an immutable flag [alpha]
  • OIDC discovery for K8s Service Accounts (KSAs) [alpha]

Istio 1.5
#

TLDR: Pilot, Citadel and Mixer microservices all folded into a single istiod binary

  • istiod is a new monolithic binary encapsulating Pilot, Citadel, Galley, and the sidecar injector, making deployment, upgrades, scaling, and debugging much easier
  • when deployed in ‘preview’ mode, 1.5 uses the new binary and new WASM extensible Envoy, but only supports Prom and Stackdriver telemetry. Upgrades and default installs still use the traditional Mixer-based architecture.
  • Telemetry v2 (‘Mixerless’) still presents the same front end but has been massively reworked; metrics now come directly from sidecars
  • Mixer now supports telemetry for raw TCP connections and gRPC response codes (not just HTTP)
  • auto mTLS has been simplified and is now enabled by default

bank-vaults 1.0
#

TLDR: vault-env improvements, Istio compatibility, Velero backups

  • vault-env now supports dynamic secret renewal (by running as daemon)
  • Compatibility with Istio sidecars
  • Backups via Velero (nee Ark)
  • Chart is now Helm 3 compatible
  • Multi DC replication
  • HSM support

OBS Studio 25.0
#

TLDR: a new window capture method can handle hardware accelerated browsers, and thus also Electron apps!

  • Can now capture hardware-accelerated windows like browsers and UWP apps
  • Game Capture now supports Vulkan based games
  • Removed legacy NVENC encoder