Vault upgraded to 1.8.2
We are in the process of upgrading our Kubernetes based Vault setups to the latest version 1.8.2.
Vault upgraded to 1.8.1
We are in the process of upgrading our Kubernetes based Vault setups to the latest version 1.8.1.
Upgraded cluster components & increased Pod density. Actions to take!
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already rolled these out to all clusters.
More …Reduced memory usage of Cluster Autoscaler
In an effort to optmize as much as possible the resources being used by the infrastrucutre components running on our Reference Solution Kubernetes platforms, we’ve considerably reduced the memory used by the Cluster Autoscaler by optimizing its configuration. This means that the autoscaler will now run more reliably, and that there’ll be a bit more memory available for other workloads running on the K8s clusters.
More …Upgraded Teleport to version 6.2.8
We’ve upgraded all Teleport clusters to version 6.2.8. Coming from version 4.x, this is a (double) major release, coming with many new features:
More …Concourse upgraded to v7.3.2
We have upgraded our Concourse setups to the latest version 7.3.2.
More …Using encryption at rest for Prometheus and Alertmanager
We’re switching to encrypted volumes for all our Prometheus and Alertmanager set ups. These were the last of our managed infrastructure components to receive encryption at rest.
More …Pod Disruption Budget for CoreDNS
In order to improve the resilience of CoreDNS during upgrades, we have added a Pod Disruption Budget for the CoreDNS pods. The CoreDNS deployment already has a proper update strategy and anti affinity applied, however the extra PDB will prevent the posibility where there are no available CoreDNS pods running in the cluster during a rolling upgrade.
Using Telepresence in our Reference Solution
Telepresence is an open source tool that allows cluster users and operators to access cluster services and resources as if they were running in a local network. It also allows a developers to debug Kubernetes services locally and run local services as if they were on the cluster network. You can read more on how it works and what it can do in its documentation.
More …GP2-encrypted is now the default storageclass
We’re making the use of encryption at rest our default. For this we switched our default PV storageclass on K8s from gp2 to gp2-encrypted.
Always use encryption at rest for OpenVPN storage
We’re making the use of encryption at rest our default and only option for OpenVPN storage. Until now it was enabled by default, but it was still possible to disable it.
More …Support for RabbitMQ and AmazonMQ monitoring
We’ve added support for monitoring both self-hosted RabbitMQ and AmazonMQ for RabbitMQ clusters through Prometheus. The monitoring coverage differs slighly for those two services.
More …Initial support for Milvus database
We have added initial support for Milvus. It is available as an optional add-on for all customers using our Kubernetes Reference Solution on AWS.
More …Encrypted storage layer of Teleport
We’ve updated all Teleport clusters so the underlaying volume that is used is encrypted. For this we are using Amazon EBS encryption.
More …Upgrade AKS and EKS clusters to 1.20
We have started rolling out AKS and EKS 1.20. This brings AKS on Kubernetes v1.20.7 and EKS on Kubernetes v1.20.4-eks-6b7464.
Istio dashboards in Grafana
We have added the official Istio dashboards to Grafana. If you have Istio enabled on your cluster the following dashboards are now available:
More …Istio upgraded to version 1.10.0
We have upgraded Istio on all clusters that use it. The version was upgraded from 1.9.2 to 1.10.0. The new version comes with some features meant for operators and no breaking changes that you should be aware of.
More …Vault upgraded to 1.7.2
We have upgraded our Kubernetes based Vault setups to the latest version 1.7.2.
Upgraded several cluster components
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already rolled these out to all non-prod clusters and production will follow in the coming days.
More …Adding support for EFS backed Persistent Volumes in Kubernetes
We’ve added a new component to our AWS Kubernetes reference solution, the EFS CSI driver. This adds support for using EFS file systems in EKS clusters with PersistentVolumes.