Deckhouse Kubernetes Platform v1.26.0 is released
The new stable release of Deckhouse, the Kubernetes platform by Flant, — v1.26.0 — includes almost 60 changes, fixes, and improvements. This is the second major update to the Deckhouse platform since its public release in July.
Notable changes and new modules
The update mechanism configuration. You can now specify a convenient time period when the automatic upgrades of Deckhouse to its newer versions are performed. You can specify separate timeframes for a node group if the update requires a restart (disruptive update). You can also update Deckhouse manually. Upgrading to patch versions (v1.26.1, v1.26.2, …) is performed automatically (as before) as soon as these versions become available.
CIS Benchmarks compliance. Several changes have been made to the Deckhouse components to ensure they meet the recommendations of the Center for Internet Security (CIS) for securing Kubernetes. For example, you can now set permissions on files and directories, bind the network only to the selected interfaces, disable anonymous access, etc.
In addition, two new modules have been added to the platform:
- The pod-reloader module automatically restarts certain Deployment, DaemonSet, or StatefulSet objects in response to Secret and ConfigMap changes;
- The local-path-provisioner module simplifies the use of local storage: it creates a StorageClass and generates the necessary directory structure on nodes.
A total of 27 improvements have been made to various modules and components, including:
- node-manager (this module is responsible for managing nodes) has undergone many changes (e.g., taint validation for NodeGroups have been added). The
.spec.cloudInstances.standbyparameter of the NodeGroup can now be assigned an integer zero value if no standby nodes are needed.
- The WithNAT layout has been added to the cloud-provider-aws module (it is responsible for interacting with the AWS cloud resources). In this layout, virtual machines access the Internet using a shared (and single) source IP.
logrusstructured logger is now used for writing Helm logs in deckhouse (this module configures the logging level/update parameters and defines which modules are enabled). Other notable changes include adding Liveness probes and optimizing the process of updating Deckhouse.
- Metrics have been added to global-hooks for calculating the maximum possible number of nodes in a cluster. They are calculated based on
podSubnetNodeCIDRvalues. An alert is triggered when the number of nodes exceeds 90% of the calculated maximum.
- Support for
ingressGatewayfor multiclusters has been added to the istio module (this one enables integration with the Istio Service Mesh).
- The descheduler module (evicts non-relevant Pods) is now disabled in a cluster consisting of a single node.
CustomPrometheusRulesvalidation hook has been added to operator-prometheus, while the operator itself has been updated to version v0.50.0.
- The codebase has been migrated to Go 1.16.
The Deckhouse documentation has been updated with the following resources:
- Table containing a detailed comparison of the features of the two Deckhouse editions;
- List of supported Kubernetes versions and operating systems;
- Quick install guide that outlines the basic steps needed to install Deckhouse on VMware vSphere.
The full changelog for Deckhouse v1.26.0 can be found here.