From 220a5f75285321363cdd51f17a6f13a9a0dd0026 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 1 Nov 2018 16:42:51 -0700 Subject: [PATCH] CHANGELOG: Document changes since v0.3.0 Through 024ef636 (Merge pull request #715 from wking/drop-deprecated-commands, 2018-11-21). --- CHANGELOG.md | 162 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 158 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 38a91fc46cc..9124c5c72fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,151 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 0.4.0 - 2018-11-22 + +### Added + +- The creation targets have been moved below a new `create` subcommand + (e.g. `openshift-install create cluster` instead of the old + `openshift-install cluster`). This makes them easier to distinguish + from other `openshift-install` subcommands and also mirrors the + approach taken by `destroy` in 0.3.0. +- A new `manifest-templates` target has been added to `create`, + allowing users to edit templates and have descendant assets + generated from their altered templates during [a staged + install](docs/user/overview.md#multiple-invocations). +- [The ingress operator][ingress-operator] is no longer masked. The + old Tectonic ingress operator has been removed. +- The [the registry operator][registry-operator] has been added, and + the kube-addon operator which used to provide a registry (among + other things) has been removed. +- The [checkpointer operator][checkpointer-operator] is no longer + masked. It runs on the production cluster, but not on the bootstrap + node. +- Cloud credentials are now pushed into a secret where they can be + consumed by cluster-API operators and other tools. +- OpenStack now has `destroy` support. +- We log verbosely to `${INSTALL_DIR}/.openshift_install.log` for most + operations, giving access to the logs for troubleshooting even if + you neglected to run with `--log-level=debug`. +- We've grown [troubleshooting + documentation](docs/user/troubleshooting.md). + +### Changed + +- For consistency with 0.3.0's `destroy`, the the old + `install-config`, `manifests`, `ignition-configs`, and `cluster` + commands have been pushed down under a new `create` subcommand. For + example, you should now use `openshift-install create cluster` + instead of `openshift-install cluster`. The old commands are + deprecated. +- The `create cluster` subcommand now waits for the + `bootstrap-complete` event and automatically removes the bootstrap + assets after receiving it. This means that after `create cluster` + returns successfully, the cluster has its production control plane + and topology (although there may still be operators working through + their initialization). The `bootstrap-complete` event was new in + 0.3.0, and it is now pushed at the appropriate time (it was too + early in 0.3.0). The `destroy bootstrap` subcommand is still + available, to allow users to manually trigger bootstrap deletion if + the automatic removal fails for whatever reason. +- On AWS, bootstrap deletion now also removes the S3 bucket used for + the bootstrap node's Igntition configuration. +- Asset state is preserved even while moving backwards through [a + staged install](docs/user/overview.md#multiple-invocations). For + example: + + ```sh + openshift-install --dir=example create ignition-configs + openshift-install --dir=example create install-config + ``` + + now preserves the full state including the generated Ignition + configuration. In 0.3.0, the `install-config` call would have + removed the Ignition configuration and other downstream assets + from the stored state. +- Some asset state is removed by successful `destroy cluster` runs. + This reduces the change of contaminating future cluster creation + with assets left over from a previous cluster, but users are [still + encouraged](README.md#cleanup) to remove state between clusters to + avoid accidentally contaminating the subsequent cluster's state. +- etcd discovery now happens via `SRV` records. On libvirt, this + requires a new Terraform provider, so users with older providers + should [install a newer + version](docs/dev/libvirt-howto.md#install-the-terraform-provider). + This also allows all masters to use a single Ignition file. +- On AWS, the API and service load balancers have been changed from + [classic load balancers][aws-elb] to [network load + balancers][aws-nlb]. This should avoid [some latency issues we were + seeing with classic load balancers][aws-elb-latency], and network + load balancers are cheaper. +- On AWS, master `Machine` entries now include load balancer + references, ensuring that new masters created by [the AWS + cluster-API provider][cluster-api-provider-aws] will be attached to + the load balancers. +- On AWS and OpenStack, the default network CIDRs have changed to + 172.30.0.0/16 for services and 10.128.0.0/14 for the cluster, to be + consistent with previous versions of OpenStack. + - The bootstrap kubelet is no longer part of the production cluster. + This reduces complexity and keeps production pods off of the + temporary bootstrap node. +- [The cluster-version operator][cluster-version-operator] now runs in + a static pod on the bootstrap node until the production control + plane comes up. This breaks a cyclic dependency between the + production API server and operators. +- The bootstrap control plane now waits for some core pods to come up + before exiting. +- [The machine-API operator][machine-api-operator] now reads the + install-config from the `cluster-config-v1` config-map, instead of + from an operator-specific configuration. +- AWS AMIs and libvirt images are now pulled from the new [RHCOS + pipeline][rhcos-pipeline]. +- Updated the security contact information for CoreOS -> Red Hat. +- We push a `ClusterVersion` custom resource. The old `CVOConfig` is + still being pushed, but it is deprecated. +- OpenStack credentials are loaded from standard system paths. +- On AWS and OpenStack, ports 9000-9999 are now open for host network + services. +- Lots of doc and internal cleanup and minor fixes. + +### Fixed + +- On AWS, `destroy cluster` is now more robust, removing resources with + either the `tectonicClusterID` or `kubernetes.io/cluster/: + owned` tags. It also removes pending instances as well (it used to + only remove running instances). +- On libvirt, `destroy cluster` is now more precise, only removing + resources which are prefixed by the cluster name. +- Bootstrap Ignition edits (via `create ignition-configs`) no longer + suffer from a `worker.ign` dependency cycle, which had been + clobbering manual `bootstrap.ign` changes. +- The state-purging implementation respects `--dir`, avoiding `remove + ...: no such file or directory` errors during [staged + installs](docs/user/overview.md#multiple-invocations). +- Cross-filesystem Terraform state recovery during `destroy bootstrap` + no longer raises `invalid cross-device link`. +- Bootstrap binaries are now located under `/usr/local/bin`, avoiding + SELinux violations on RHEL 8. + +### Removed + +- All the old Tectonic operators and the `tectonic-system` namespace + have been removed. +- On libvirt, the image URI prompt has been removed. You can still + control this via the `OPENSHIFT_INSTALL_LIBVIRT_IMAGE` environment + variable, but too many users were breaking their cluster by pointing + the installer at an outdated RHCOS, so we removed the prompt to make + that knob less obvious. +- On libvirt, we've removed `.gz` suffix handling for images. The new + RHCOS pipeline supports `Content-Encoding: gzip`, so the + suffix-based hack is no longer necessary. +- The `destroy-cluster` command, which was deprecated in favor of + `destroy cluster` in 0.3.0, has been removed. +- The creation target subcommands of `openshift-install` have been + removed. Use the target subcommands of `create` instead + (e.g. `openshift-install create cluster` instead of + `openshift-install cluster`). + ## 0.3.0 - 2018-10-22 ### Added @@ -22,8 +167,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - The installer creates worker `MachineSet`s, instead of leaving that to [the machine-API operator][machine-api-operator]. -- Creates master `Machine`s and tags masters to be picked up by the - [AWS cluster-API provider][cluster-api-provider-aws]. +- The installer creates master `Machine`s and tags masters to be + picked up by the [AWS cluster-API + provider][cluster-api-provider-aws]. ### Changed @@ -63,8 +209,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). and the new service is labeled so [Prometheus][] will scrape it. - The `service-serving-cert-signer-signing-key` secret is now available in the `openshift-service-cert-signer` namespace, which - gives [the service-serving cert signer][] the keys it needs to mint - and manage certificates for Kubernetes services. + gives [the service-serving cert signer][service-serving-cert-signer] + the keys it needs to mint and manage certificates for Kubernetes + services. - The etcd-serving certificate is now passed through to [the kube-controller-manager operator][kube-controller-manager-operator]. - We disable some components which [the cluster-version @@ -136,12 +283,19 @@ installer and follow along as it guides you through the process. The `tectonic` command and tarball distribution are gone. Please use the new `openshift-install` command instead. +[aws-elb]: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/introduction.html +[aws-elb-latency]: https://github.com/openshift/installer/pull/594#issue-227786691 +[aws-nlb]: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html +[checkpointer-operator]: https://github.com/openshift/pod-checkpointer-operator [cluster-api-provider-aws]: https://github.com/openshift/cluster-api-provider-aws [cluster-version-operator]: https://github.com/openshift/cluster-version-operator [dot]: https://www.graphviz.org/doc/info/lang.html +[ingress-operator]: https://github.com/openshift/cluster-ingress-operator [kube-apiserver-operator]: https://github.com/openshift/cluster-kube-apiserver-operator [kube-controller-manager-operator]: https://github.com/openshift/cluster-kube-controller-manager-operator [machine-api-operator]: https://github.com/openshift/machine-api-operator [machine-config-operator]: https://github.com/openshift/machine-config-operator [Prometheus]: https://github.com/prometheus/prometheus +[registry-operator]: https://github.com/openshift/cluster-image-registry-operator +[rhcos-pipeline]: https://releases-rhcos.svc.ci.openshift.org/storage/releases/maipo/builds.json [service-serving-cert-signer]: https://github.com/openshift/service-serving-cert-signer