Vault upgraded to 1.12.0
All Vault setups have been updated to the latest version 1.12.0. Please refer to the upstream changelogs to see what’s changed:
CVE-2022-27665 patches
A security issue was discovered in Golang where a user can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
More …Concourse upgraded to 7.8.3
We have upgraded our Concourse setups to the latest version 7.8.3. This patch release comes with some security fixes. You can check the full changelog in the Concourse releases page.
More …NLB compatibility in Nginx Ingress
We now offer the option to enable and use an AWS NLB as load balancer type for your ingress. This has a couple of benefits compared to an ELB.
More …Istio upgraded to version 1.15.2
We have upgraded Istio on all clusters that use it. The version was upgraded to 1.15.2 and comes with many security fixes.
Upgraded cluster add-ons
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. These changes have already been rolled out to all clusters.
More …New feature: Jaeger tracing
Today we’re adding a new feature in our Kubernetes AWS reference solution. It’s now possible to deploy one or more Jaeger setups on your EKS clusters. AKS clusters will follow in the near future, depending on customer demand.
More …Add support for hierarchical namespaces
As of today we offer the hierarchical namespace controller as an optional component to your cluster.
More …Concourse migrated from ECS to K8s
Today we can proudly say that the web component of Concourse is migrated from ECS to K8s for all our customers!
More …Upgraded Teleport to version 10.1.4
We’ve upgraded all Teleport clusters and nodes from version 9.3.7 to 10.1.4. Teleport is a tool we mostly use internally to provide secure and auditted access to (EC2) instances, Kubernetes clusters and several dashboards.
Upgraded cluster add-ons
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already rolled these out to all non-production clusters in the past days. Production upgrades are scheduled to happen next week during business hours. As usual, no workload interuptions are expected.
More …Upgraded AKS and EKS clusters to 1.22
We have started rolling out AKS and EKS 1.22. This brings our supported AKS platforms to v1.22.11 and EKS to v1.22.10.
Upgraded cluster add-ons
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already started rolling these out to all non-production clusters. Production upgrades are scheduled to happen next week during business hours. As usual, no workload interuptions are expected.
More …Upgraded Teleport to version 9.3.7
We’ve upgraded all Teleport clusters and nodes from version 8.2.0 to 9.3.7. Teleport is a tool we mostly use internally to provide secure and auditted access to (EC2) instances and Kubernetes clusters.
More …Calico NetworkPolicy controller upgraded on EKS
On AWS EKS clusters we use Calico for providing NetworkPolicy functionality as an optional feature. With these NetworkPolicies you can control the traffic flow within a Kubernetes cluster between Pods, Services and external resources.
Major Nginx Ingress Controller upgrade
We’re in the process of upgrading the Nginx Ingress Controller from the legacy v0.51.0 version to mainline v1.2.1. This is in preparation for the AKS and EKS upgrades to Kubernetes 1.22 which is following in the coming weeks.
Replacing eventrouter component for persisting K8s events
Kubernetes events are a great resource to debug and troubleshoot problems with workloads and other cluster components. The problem is that the K8s API stores them for only 1 hour. To be able to persist those events further in time, we used an open-source component called eventrouter, which streamed all cluster events into Loki. This project has been deprecated and unmaintained for a while now, so we needed to find a replacement for it.
Improving Loki performance and usability
Some of our customers have experienced performance-related limitations in our Loki & Fluent-bit setup, mainly on queries that require scanning a large volume of data. At the moment we run a monolith Loki architecture, so the single Loki Pod performs all the roles (ingester, querier, query-scheduler, frontend, …). This setup works good enough for most of our customers, but it shows its limitations on large-volume queries, which require some brute-force and could benefit from more parallelism.
More …Upgraded cluster add-ons
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. And it’s a big one! We’ve already rolled these out to all non-production clusters. Production upgrades are scheduled to happen on Monday 16/05 during business hours. As usual, no workload interuptions are expected.
More …[Action required] Final call - Deprecated API removal, upgrade your Ingresses etc.
We are preparing to upgrade our platforms to Kubernetes 1.22, which drops support for many deprecated API versions! This is the final call to make sure you’ve updated your manifests, Helm charts (*), etc. to make use of the newest APIs (mainly Ingress, but some others too). Make sure to check out the deprecated API migration guide for more info. Below you will find more details on some of the most common deprecated resources used by our customers.
More …