Vault upgraded to 1.9.4
All Vault setups have been updated from 1.9.0 to the latest patch version 1.9.4.
Upgraded cluster add-ons
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already rolled these out to all non-production clusters. Production upgrades will happen on Monday 21/03 during business hours.
More …Horizontal event-based scaling with KEDA
As of today we offer KEDA as a default component for horizontally scaling your Pods.
More …Hotfix for Grafana and InfoInhibitor alert info
There are no actions to take, and all changes have been rolled out to all environments.
More …Allow for more fine-tuning of cluster-autoscaler params
We have exposed more parameters to the cluster-autoscaler, allowing for more fine-grained control. initially, only the scale_down_utilization_threshold could be configured. Now this is extended with the following parameters:
AKS component upgrades
As part of our regular upgrade cycle, the following Azure specific Kubernetes cluster components have been updated. We’ve already rolled these out to all non-production clusters. Production clusters will follow once we validated everything is stable. There are no actions for you to take.
More …EKS component upgrades
As part of our regular upgrade cycle, the following AWS specific Kubernetes cluster components have been updated. We’ve already rolled these out to all non-production clusters. Production clusters will follow once we validated everything is stable. There are no actions for you to take.
More …Upgraded Grafana and Prometheus
As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already rolled these out to all non-production clusters. Production clusters will follow once we validated everything is stable. There are no actions for you to take.
More …Upgraded Teleport to version 8.2.0
We’ve upgraded all Teleport clusters from version 8.0.7 to 8.2.0. This is a minor release, coming with mostly bug and performance fixes.
More …Github Actions Runner Controller
We’re adding support for the Github actions-runner-controller as a managed add-on for our Kubernetes platforms. With this controller, the customers using Github Actions will be able to easily deploy self-hosted runners on their clusters. This is useful for deploying workloads on a private-endpoint cluster, since the runner will execute the deploy task from within the cluster itself.
AKS rollouts are now automated
We manage multiple Kubernetes clusters and regularly set up new ones from scratch. There are also a bunch of extra components deployed on each cluster, that we also need to maintain and keep up to date.
More …Calico NetworkPolicy controller upgraded on EKS
On AWS EKS clusters we use Calico for providing NetworkPolicy functionality. With these NetworkPolicies you can control the traffic flow within a Kubernetes cluster between Pods, Services and external resources.
VPA enabled by for metrics-server
We have already configured the VPA for many of our workloads (ExternalDNS, cert-manager, Prometheus and more). Today we also configured this for the metrics-server workload. This means that for those workloads we need less manual configuration changes when the cluster scales and therefore will result in a more stable cluster.
More …Adding support for the AWS Load Balancer controller
The AWS Load Balancer Controller is the successor of the ALB Ingress Controller, with many new features. This controller allows creating both ALBs and NLBs dynamically.
More …Let's Encrypt revocations affecting TLS-ALPN-01 certificates
On 26 January 2022, Let’s Encrypt notified subscribers that most certificates issued in the last 90 days and validated with the TLS-ALPN-01 challenge will be revoked on 28 January 2022 and should be immediatelly renewed. This revocation only affects certificates issued and validated with the TLS-ALPN-01 challenge.
CVE-2021-25742 in ingress-nginx
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
More …Standardizing on Fluent Bit and Loki updates
For a while we’ve offered Grafana Loki as default logging solution. For shipping logs to Loki we were using the included Promtail. However, more recently, we’ve also supported other logging solutions, like Elasticsearch and Logz.io for customers with more advanced needs. To facilitate this we use the Fluent Bit log processor.
More …Upgraded Teleport to version 8.0.7
We’ve upgraded all Teleport clusters from version 8.0.0 to 8.0.7. This is a minor release, coming with mostly bug and security fixes.
More …VPA enabled for Vault
We have added Vault to the list of autoscaling rules we deploy by default. By doing this we can allow the VPA to set the optimal resource requests and limits within the boundaries that we provide.
More …Module updated for AWS OpenSearch and started upgrades
AWS ElasticSearch Service has been rebranded to AWS OpenSearch for some time now, and thus we’ve decided to rename our Terraform module for managing this service accordingly.
More …