Rancher 2.4 #
TLDR: CIS scans, OPA admission gatekeeper, expanded k3s support, remote-write for cattle-monitoring
NOTE: the .0 release torched some clusters (kubelet reboots 😬), this is remedied in
2.4.2
- CIS conformance scan of RKE clusters; both manually triggered and on a schedule
- RKE cluster upgrades
are now ‘zero downtime’ thanks to a new
max_unavailable_[worker|controlplane]parameter - k3s upgrades can now be Rancher orchestrated
- Helm 3 now supported by Rancher UI’s ‘catalog’
- k3s (with external MySQL) can now be used as the underlying platform for a Rancher HA deployment
- Atomic cluster rollbacks (etcd + cluster config in same operation)
- Remote read/write
support for
prometheus-operatorwhen deployed via Rancher UI - EKS 1.15
- Experimental
- OPA Gatekeeper (admission controller using Rego-authored policies)
- next gen UI (new aesthetic, also deprecates Rancher projects - proprietary groups of K8s namespaces - in favour of K8s namespaces themselves)
Flux 1.19 #
TLDR: garbage collection behavior improvements, fluxctl QoL, mostly fixes
- garbage collection can be controlled via annotations
- bash/zsh
autocompletion for
fluxctl fluxctladded to Docker Hub (for use in pipes)
ArgoCD 1.5 #
TLDR: Support for Helm 3 charts, Windows CLI(!), performance-at-scale improvements
- Helm 3 support
- Local account auth, intended for service accounts (still use SSO for real users)
-
Windows binary for
argocd - Argo’s Helm chart can now deploy Redis in high availability configuration (fronted by HAproxy)
Vault 1.4 #
TLDR: Integrated storage engine, Helm chart
- Integrated storage, ‘competes’ with a Consul cluster for default recommendation, built into Vault binary, replicated using raft
- Vault can now expose app status of Kubernetes pods via K8s labels
- OpenLDAP support
- Kerberos (SPNEGO) support
- Enterprise-only features
- Transform engine (eg obfuscate PII but keep structure)
- NetApp key management (for disk and volume level encryption)
- Secondary DR clusters (?!!$)
Harbor 2.0 #
TLDR: OCI compliance (store Helm, OPA, CNAB etc artifacts), Trivy scanning
- OCI compatibility means in addition to Docker containers, Harbor can now house any other OCI compliant object
- Trivy replaces Clair as default vulnerability scanner
- TLS between internal microservices
- Webhook triggers, Slack integration
- Scheduled expiry for service accounts
Grafana 7.0 #
TLDR: Trace view (for Jaeger/Zipkin etc)! CloudWatch logs as datasource. UX enhancements.
- Grafana can now detect distributed trace ID’s in Loki and hyperlinks them to an associated in-box Trace view
- New table panel with dynamic resize and reorder of columns. Columns can even be nested graphs!
- Generic data sources can now be transformed and presented as tables the same way you transform a timeseries into a graph
- New icons, auto layout function when authoring graphs
Istio 1.6 #
TLDR: istiod migration complete
- Citadel functionality now baked into
istiodbinary istioctlinstall and debug subcommand improvements- Updated Grafana dashboards
WorkloadEntryresource to more easily publish extra-cluster servicesMeshPolicyandPolicymTLS resources replaced by newPeerAuthenticationCRD
Gitlab 13.0 #
TLDR: Gitaly-powered HA, AWS ECS and Terraform integrations
- Gitaly, Gitlab’s home-grown architecture for horizontal scaling
- Puma application server, replacing unicorn for ‘40%’ memory utilization reduction
- Atlantis-like Terraform PR integration (and support for Gitlab as a TF state backend)
- Vulnerability scanning (versioning) and DAST (REST API) improvements
kops 1.17 #
TLDR: Kube 1.17 support, Ubuntu 20.04 (node) support
- Release built around Kubernetes 1.17
- Ubuntu 20.04 supported as host for both worker and control plane nodes
- Default instance types ‘upgraded’ (from t2.medium to t3.medium)
Pulumi 2.0 #
TLDR: CrossGuard policies, Golang and .NET SDK feature parity
- CrossGuard is policy-as-code, a la TFE Sentinel
- .NET and Golang join Node and Python as first-class language runtimes
- CI/CD and test suite integrations expanded to now cover all major (enterprise) platforms
Zerto 8.0 #
TLDR: HV2019, vSphere vVols, GCP as restore destination
- Hyper-V 2019 / SCVMM 2019 support
- vCloud Director 10 support
- vSphere vVol support
- Azure Gen2 (UEFI) VM support
- (VMware on) GCP as restore destination
Argo Rollouts 0.8 #
TLDR: NGINX and ALB ingress support
- NGINX ingress (not
ingress-nginx) canary deploys - AWS ALB canary deploys
- Blue/green deploys now support
AnalysisRunsto validate newReplicaSets(previously only canary strategy could do this) - Manual restart of a deploy via kubectl
- Anti-affinity rules can be applied to deployed
ReplicaSets
Windows Terminal 0.11 #
TLDR: tons of breaking changes 😬
profile.jsonrenamed tosettings.json- Refactoring of
settings.jsonformat - Refactoring of pane split keybinding syntax
- Cascadia Code now the default font
- New installs have new defaults around common keybinds (find, copy, paste)
OpenPolicyAgent 0.19 #
TLDR: new Rego parser, up to 100x faster
- PEG parser replaced with native Golang rewrite
Terraform 0.13 Beta #
TLDR: New clauses for module workflows, Terraform Cloud additions
count,depends_on, andfor_eachclauses for more DRY module workflows- Define validation rules for variables
- Install required providers (including third party and private providers) using new
[hostname]/[namespace]/typesyntax terraform logincommand, authenticating with Terraform Cloud
Nomad 0.12 Beta #
TLDR: CNI, spread scheduling, snapshots
- multi-cluster deployment orchestration [EE]
- CNI plugin support
- snapshots [can be automated in EE]
- spread scheduling
- preemption capability moved to OSS
- native AWS ASG autoscaling
Alertmanager 0.21 #
TLDR: Bugfixes
- HipChat support removed (SaaS service killed off by Atlassian)
- API v2 logging improvements
amtool clustersubcommand (outputs cluster/peer status)