Added OCP 3.7 Release Notes #6008
Conversation
ahardin-rh
force-pushed
the
ocp-3-7-release-notes
branch
from
f530799 to
a4b2ee7
Compare
ahardin-rh
changed the title
ahardin-rh
changed the title
ahardin-rh
force-pushed
the
ocp-3-7-release-notes
branch
from
a4b2ee7 to
748599a
Compare
ahardin-rh
force-pushed
the
ocp-3-7-release-notes
branch
7 times, most recently
from
96d3634 to
13677bf
Compare
| applications at scale. This is due to the introduction of brick-multiplexing | ||
| support in GlusterFS. | ||
|
|
||
| Over 1,000 volumes in a 3-node cluster with 32 GB per node available to |
There was a problem hiding this comment.
32 GB per node -> 32 GB RAM per node?
|
|
||
| Over 1,000 volumes in a 3-node cluster with 32 GB per node available to | ||
| GlusterFS has been successfully tested. Also, 300 Block PVs are supported now on | ||
| 3-node CNS . |
| ==== CNS Multi-protocol (File, Block, and S3) Support for OpenShift | ||
|
|
||
| Container-native storage (CNS) is now extended support iSCSI and S3 back end for | ||
| {product-title}. Heketi is enhanced to support persistent volume (PV) expansion, |
There was a problem hiding this comment.
The PV resize feature will land in 3.8.
| that can be run and output can be sent as file-based output. | ||
|
|
||
| ---- | ||
| $ ansible-playbook playbooks/byo/openshift-checks/adhoc.yml |
There was a problem hiding this comment.
Known issue: https://bugzilla.redhat.com/show_bug.cgi?id=1509157
|
|
||
| .Namespece-specific Example | ||
| ---- | ||
| piVersion: v1 |
| Alternatively, they can use an external provisioner and feed it the node | ||
| configuration via `configMaps`. | ||
|
|
||
| Example persistent volume named `example-local-pv` that some tenant can now claim: |
|
Are we still encourage customers use quick installer in 3.7? Know issues: |
| ---- | ||
| $ oc create -f snapshot.yaml | ||
| apiVersion: volume-snapshot-data.external-storage.k8s.io/v1 |
There was a problem hiding this comment.
apiVersion: volumesnapshot.external-storage.k8s.io/v1
all-in-one cluster "# ETCD_DIR=/var/lib/origin/openshift.local.etcd" Shouldbe: From v3.7 there is no embedded etcd now. If older version is embedded etcd, user need to migrate embedded etcd to external etcd first. And we still support two deployed external etcd (etcd on master & etcd not on master).
[1]https://bugzilla.redhat.com/show_bug.cgi?id=1496372
|
| defined in a role. | ||
|
|
||
| [[ocp-37-flexvolume-support-for-non-stotage-use-cases]] | ||
| ==== Official FlexVolune Support for Non-storage Use Cases |
There was a problem hiding this comment.
This is more like a storage feature, but for the security part, maybe we can write something about "SCC now support flexVolume" that we did in this card: https://trello.com/c/YT6sNEay/61-5-scc-flex-volume-support-sccfsi37
| traffic to allow. The annotation is as follows: | ||
|
|
||
| ---- | ||
| $ oc annotate namespace ${ns} 'net.beta.kubernetes.io/network-policy={"ingress":{"isolation":"DefaultDeny"}}' |
There was a problem hiding this comment.
The annotation is not needed now when we are using the v1 api.
| Example: | ||
|
|
||
| ---- | ||
| clusterNetworkCIDR: 10.1.0.0/24, 10.1.5.0/24, 10.2.1.0/24 … |
There was a problem hiding this comment.
The example should be like this:
networkConfig:
clusterNetworkCIDR: 10.128.0.0/24
clusterNetworks:
- cidr: 11.128.0.0/24
hostSubnetLength: 6
- cidr: 12.128.0.0/24
hostSubnetLength: 6
- cidr: 13.128.0.0/24
hostSubnetLength: 4
externalIPNetworkCIDRs:
- 0.0.0.0/0
hostSubnetLength: 6
| There are multiple comma-delimited CIDRs in the configuration file. Each node is | ||
| allocated only a single subnet from within any of the available ranges. You can | ||
| not allocate different-sized host subnets, or use this to change the host subnet | ||
| size The `clusterNetworkCIDRs` can be different sizes, but must be equal to or |
There was a problem hiding this comment.
Nodes could allocate different-sized subnets by setting different hostSubnetLength
Lack of period between size The
| allocated only a single subnet from within any of the available ranges. You can | ||
| not allocate different-sized host subnets, or use this to change the host subnet | ||
| size The `clusterNetworkCIDRs` can be different sizes, but must be equal to or | ||
| larger than the host subnet size It is not allowed to have some nodes use |
| their current application. | ||
|
|
||
| An external provisioner is used to access the EBS, GCE pDisk, HostPath, and | ||
| Cinder snapshotting API. This Technology Preview feature has tested EBS and |
There was a problem hiding this comment.
As far as I can see, Cinder is not supported at the moment. https://trello.com/c/owCRnP8I/521-13-snapshot-implement-the-out-of-tree-snapshotting-controller
There was a problem hiding this comment.
@xltian what test cases do we have in this area?
| ---- | ||
| $ oc create -f snapshot.yaml | ||
| apiVersion: volume-snapshot-data.external-storage.k8s.io/v1 |
There was a problem hiding this comment.
The apiVersion has changed to "volumesnapshot.external-storage.k8s.io/v1"
| The `generatedeploymentconfig` API endpoint is now removed | ||
|
|
||
| [discrete] | ||
| [[deprecating-some-plicy-related-apis]] |
| data centers, enabling organizations to implement a private PaaS that meets | ||
| security, privacy, compliance, and governance requirements. | ||
|
|
||
| [[ocp-36-about-this-release]] |
| xref:../install_config/index.adoc#install-config-index[Installation and | ||
| Configuration] documentation. | ||
|
|
||
| [[ocp-36-new-features-and-enhancements]] |
| CRI-O v1.0 (currently in xref:ocp-37-technology-preview[Technology Preview]) is a | ||
| lightweight, native Kubernetes container runtime interface. By design, it | ||
| provides only the runtime capabilities needed by the kublet. CRI-O is designed | ||
| to be part of Kubernetes and evolve in lock-step with the platform. |
| clusterNetworkCIDR: 10.1.0.0/24, 10.1.5.0/24, 10.2.1.0/24 … | ||
| ---- | ||
|
|
||
| [[ocp-37-routes-alloed-to-set-cookie-names-for-session-stickiness]] |
|
|
||
| * To set parameters, create a secret with values. | ||
| * Create a `TemplateInstance` containing the whole template you want to | ||
| instantiate, and a reference to the secret created above. |
There was a problem hiding this comment.
this references "the secret created above" but there are no instructions for creating the secret. Anyway we have official docs for this, can we just point there instead of duplicating it here?
https://docs.openshift.org/latest/rest_api/examples.html#template-instantiation
| {product-title} now includes needed Prometheus monitoring and alerting. Expose | ||
| build step timings (time to pull images, fetch sources, run assemble, commit | ||
| images, push images). Expose failure reasons (for example, see that builds are | ||
| consistently failing due to failure to fetch source). |
There was a problem hiding this comment.
the build step timings are not exposed as prometheus metrics. So this is two things:
- prometheus metrics that show you the health of builds in the system (number running, failing, failure reasons, etc)
- timing information on build objects themselves to show how long they spent in various steps (not exposed as prometheus metrics)
| break down an entire configuration map or secret into environment variables without | ||
| explicitly setting `env name` to `key mappings`. | ||
|
|
||
| [[ocp-36-notable-technical-changes]] |
There was a problem hiding this comment.
-37- (probably need to grep the whole file for these)
| ==== Official FlexVolune Support for Non-storage Use Cases | ||
|
|
||
| There is now a supported interface to allow you to bind and mount in content | ||
| from a running pod. FlexVolume is a script interface that runs on the kublet and |
| xref:../admin_guide/managing_networking.adoc#admin-guide-manage-networking[Managing | ||
| Networking] for more information. | ||
|
|
||
| [[ocp-27-cluster-ip-range-more-flexible]] |
| Me Again* per quota type. Administrators can create custom messages to the quota | ||
| warning. | ||
|
|
||
| [[ocp-47-environment-variable-editor-added-to-stateful-sets-page]] |
| [[ocp-37-installation]] | ||
| === Installation | ||
|
|
||
| [[ocp-37-migrate-etcd-before-upgarde]] |
| === Metrics and Logging | ||
|
|
||
| [[ocp-37-journald-system-logs]] | ||
| ==== Jouranld for System Logs and JSON File for Container Logs |
| on OpenShift] for more information. | ||
|
|
||
| [[ocp-37-integrated-approach-to-adding-hosa]] | ||
| ==== Integrated Approach to Adding Hawkular OpenShift Agent (Techology Preview) |
| consisting of: | ||
|
|
||
| * a simple directory structure with named action playbooks. | ||
| * metadata (required and optional parameters, as well asdependencies). |
There was a problem hiding this comment.
Missing space between "asdependencies"
| manually using standardized container creation tooling, or with APB tooling that | ||
| Red Hat will deliver, which provides a guided approach to creation. | ||
|
|
||
| [[ocp-37-iopenshift-template-broker]] |
|
|
||
| image::3.7-bind-mongodb-nodejs-at-creation.gif[connect a service] | ||
|
|
||
| [[ocp-37-include-templates-from-oter-projects]] |
| {product-title} 3.7 introduces the following notable technical changes. | ||
|
|
||
| [discrete] | ||
| [[ocpapi-connectivity-variables-now-deprecated]] |
| than the published OpenShift API service endpoints. To connect to the OpenShift | ||
| API in these contexts, use | ||
| xref:../dev_guide/service_accounts.adoc#dev-guide-service-accounts[service DNS] | ||
| or the automatically exposed `KUBERENTES` |
|
Hello, is encrypting_data section supposed to say "This is an alpha feature and may change in future" in 3.7 (it was mentioned as alpha in 3.6 as well)? |
|
|
||
| Docker log driver is set to `json-fiile` as the default for all nodes. Docker | ||
| `log-driver` can be set to `journal`, but there is no log rate throttling with | ||
| journal driver. So, there is always a risk for denial-of-service attacks from |
ahardin-rh
force-pushed
the
ocp-3-7-release-notes
branch
from
13677bf to
a1b3d34
Compare
openshift-ci-robot
added
the
size/XXL
ahardin-rh
force-pushed
the
ocp-3-7-release-notes
branch
4 times, most recently
from
a6e0124 to
d0effbb
Compare
ahardin-rh
changed the title
ahardin-rh
force-pushed
the
ocp-3-7-release-notes
branch
from
d0effbb to
08d40a6
Compare
|
🔥 🔥 🔥 🔥 🔥 🔥 🔥 |
|
@adellape the default logger driver is Journald in v3.7. https://bugzilla.redhat.com/show_bug.cgi?id=1513409. |
| ==== Jourald for System Logs and JSON File for Container Logs | ||
|
|
||
| Docker log driver is set to `json-file` as the default for all nodes. Docker | ||
| `log-driver` can be set to `journal`, but there is no log rate throttling with |
19 participants
Preview Build: http://file.rdu.redhat.com/~ahardin/11142017/ocp-3-7-release-notes/release_notes/ocp_3_7_release_notes.html