mirror of
https://github.com/openshift/installer.git
synced 2026-02-05 15:47:14 +01:00
CHANGELOG: Document changes since 0.13.1
Throughc8b3b553(Merge pull request #1338 from flaper87/sec-groups-update, 2019-05-01). I've left8d0847c02(openstack: Support setting network UUID via terraform variable, 2018-12-05, #794) undocumented, since it seems like an unstable-enough user-facing API approach that I don't think we want to noise it about and deal with the fall-out when we change the API ;). That commit also made it into this history via44a9cd38(#1294). I've also left offeecf4968(openstack: remove neutron dns, 2019-02-19, #1294), because I have no idea what that's about ;). I'll fill in an entry for it later once one of the OpenStack devs explains it to me :p.
This commit is contained in:
W. Trevor King
44
CHANGELOG.md
44
CHANGELOG.md
@@ -4,6 +4,50 @@ All notable changes to this project will be documented in this file.
|
||||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## 0.14.0 - 2019-03-05
|
||||
|
||||
### Changed
|
||||
|
||||
- A new, long-lived, self-signed certificate authority has been added
|
||||
to sign kubelet certificate-signing requests. This works around the
|
||||
current lack of certificate rotation in the machine-config operator.
|
||||
- Machine(Set) labels have been migrated from
|
||||
`sigs.k8s.io/cluster-api-...` to `machine.openshift.io`, continuing
|
||||
the transition begun in 0.13.0.
|
||||
- On AWS, control-plane nodes are now based on encrypted AMIs. These
|
||||
AMIs are copied into the target account from unencrypted, public
|
||||
AMIs provided by Red Hat. To support the copy and post-cluster
|
||||
cleanup, the installer requires the following additional AWS
|
||||
credentials: ec2:CopyImage, ec2:DeregisterImage, and
|
||||
ec2:DeleteSnapshot. 0.14.0 doesn't actually clean up the snapshots
|
||||
associated with the copied AMIs yet, but we have a fix for that
|
||||
landed for the next release. In the meantime, you should manually
|
||||
prune your snapshots after destroying a cluster.
|
||||
- On AWS, the security-group simplification from 0.13.1 accidentially
|
||||
removed global SSH access to the bootstrap machine. We've fixed
|
||||
that with this release. Unfortunately, this release also moves the
|
||||
bootstrap machine into the same subnet as the first control-plane
|
||||
node, and since 0.13.0, control-plane nodes are in private subnets.
|
||||
So SSH access to the bootstrap machine from outside the cluster is
|
||||
still broken, but we've landed a fix to get it working again in the
|
||||
next release. In the meantime, you can set up a SSH bastion or
|
||||
debug pod if you need SSH access to cluster machines.
|
||||
|
||||
- On OpenStack, the Machine(Set)s have been updated to track provider
|
||||
changes. For example, the `SecurityGroups` schema has changed, as
|
||||
has the schema for selecting subnets.
|
||||
|
||||
- Several doc and internal cleanups.
|
||||
|
||||
### Fixed
|
||||
|
||||
- On AWS, we now respect the availability zones configured in the
|
||||
control-plane Machine manifests, which are in turn fed by the
|
||||
install-config (previously control-plane nodes were always striped
|
||||
over zones regardless of the configuration).
|
||||
- On AWS, the credentials-checking logic now uses the standard logger
|
||||
instead of creating its own custom logger.
|
||||
|
||||
## 0.13.1 - 2019-02-28
|
||||
|
||||
### Changed
|
||||
|
||||
Reference in New Issue
Block a user