preloader

K8SAAS Release Note

* *

Release Note

Dalim 4.5.9

Release date: 2024-06-19

Feature :

  • [New] Export control support

Service Stability & Improvements:

  • [Improvement] Stack deployment improvements

Dalim 4.4.4

Release date: 2024-04-02

Service Stability & Improvements:

  • [Improvement] Stack deployment improvements

Dalim 4.3.4

Release date: 2024-03-21

Feature :

  • [New] Datadog integration

Dalim 4.2.3

Release date: 2024-02-29

Feature :

  • [New] Conditional access on corporate clusters

Service Stability & Improvements:

  • [Improvement] k8saas-controller to dynamically support multiple aks version

Dalim 4.1.8

Release date: 2024-02-16

Service Stability & Improvements:

  • [Improvement] Migrated terraform module into gitops

Dalim 4.0.1

Release date: 2023-11-27

Feature :

Copernic 3.9.8

Release date: 2023-11-27

Feature :

Service Stability & Improvements:

  • [Improvement] Simplified deployment process
  • [Improvement] NGINX: fix CVE-2023-5044 and CVE-2023-5043
  • [Improvement] Change defautl DBAAS postgresql to burstable
  • [Improvement] COST update cert-manager, velero, external-dns and implement workloadId

Copernic 3.8

Release date: 2023-11-06

Feature :

Service Stability & Improvements:

  • [Improvement] Move nginx to gitops
  • [Improvement] Move fluentbit to gitops
  • [Improvement] Move hnc to gitops

Copernic 3.7.5

Release date: 2023-10-02

Feature :

Service Stability & Improvements:

Copernic 3.4.6

Release date: 2023-07-31

Feature :

Service Stability & Improvements:

  • [Improvement] Support AKS version 1.26
  • [Improvement] Upgrade keda to 20.10.1
  • [Improvement] Upgrade prometheus to 48.1.0

Copernic 3.3.4

Release date: 2023-07-14

Feature :

  • [New] Facilitate onboarding by granting access natively to the cluster grafana to user in the reader/developer/devops groups.

Service Stability & Improvements:

  • [Improvement] (internal) Add additional internal test cases for Kubernetes Hierarchical namespaces, storage classes and ArtiFactory images
  • [Improvement] (internal) Improve our secret management to easily initialize and udpate all service account credentials in all the subscriptions keyvault
  • [Improvement] (internal) Dynamically run all our release test case and generate our test case junit and markdown reports.

Deprecated:

  • [Deprecated] Kube event exporter logs removed

Copernic 3.2.3

Release date: 2023-06-21

Feature :

Service Stability & Improvements:

  • [New] Security improvement on kubernetes deployment: Added policy to warn about deprecated storage class

Copernic 3.1.4

Release date: 2023-06-06

Feature :

Service Stability & Improvements:

  • [Improvement] Upgrade: Velero to 1.10.2
  • [Improvement] Upgrade: Kube-event-exporter to 1.1.0
  • [Improvement] Upgrade: Cert-manager to 1.5.3

Security:

Copernic 3.0.5

Release date: 2023-05-15

New Major! New major release to support AKS 1.25 and the API depreciations that comes with it: https://kubernetes.io/blog/2022/08/04/upcoming-changes-in-kubernetes-1-25/ As usual, the major name is dedicated to a star: https://fr.wikipedia.org/wiki/55_Cancri

Breaking changes:

  • [New] Api depreciations in AKS 1.25:
    • CronJob - batch/v1beta1
    • EndpointSlice - discovery.k8s.io/v1beta1
    • Event - events.k8s.io/v1beta1
    • HorizontalPodAutoscaler - autoscaling/v2beta1
    • PodDisruptionBudget - policy/v1beta1
    • PodSecurityPolicy - policy/v1beta1
    • RuntimeClass - node.k8s.io/v1beta1

Service Stability & Improvements:

  • [New] API depreciation: Add policies to send warning about depreciations in the next AKS versions 1.26 and 1.27
  • [Improvement] Upgrade: Linkerd upgraded to stable-2.12.4
  • [Improvement] Upgrade: Nginx upgraded to 1.6.4
  • [Improvement] Upgrade: Gatekeeper upgraded to 3.11.0
  • [Improvement] Upgrade: Prometheus Operator upgraded to 0.63.0
  • [Improvement] Upgrade: Grafana upgraded to 9.3.6

Security:

  • [New] Security improvement on kubernetes deployment: Added policy to validate the ingress domain name

Babel 2.14.1

Release date: 2023-05-15 Keep support of AKS 1.24 and facilitate migration towards Copernic 3.0.5 and AKS 1.25.

Service Stability & Improvements:

  • [New] API depreciation: Add policies to send warning about depreciations in the next AKS versions 1.25

Babel 2.13.2

Release date: 2023-04-17

Service Stability & Improvements:

  • [Fixed] Restrict stop-start right to be only available to Devops role

Babel 2.12

Release date: 2023-03-07

Features:

  • [New] Onboarding: Automatic process to add user as reader of k8saas resources when they are enrolled on a new project (enrolled on a TDF Account ID).
  • [New] Self-service: Create Azure AD “devops” and “reader” group by default with service owner as owner and member of both groups.

Operations:

  • [Process] Customer communication emails are now by TDF entity

Babel 2.11

Release date: 2023-02-10

Features:

Service Stability & Improvements:

  • [Improvement] Support AKS version 1.24
  • [Improvement] Upgrade Grafana to 9.2.4
  • [Improvement] Upgrade kube-state-metrics to 2.6.0
  • [Improvement] Upgrade prometheus to 2.39.1

Babel 2.10

Release date: 2023-01-16

Service Stability & Improvements:

  • [Improvement] Improve Grafana dashboards.
  • [Improvement] Improve Corporate Addon (certificate management)

Security:

  • [New] Security improvement on kubernetes deployment: Added policy to prevent service of type loadbalancer and nodeport

Operations:

  • [Process] Add preferred customer maintenance schedules for cluster upgrades

Babel 2.9

Release date: 2022-12-12

Service Stability & Improvements:

  • [Improvement] Improve Corporate Addon (monitoring, Software Factory c3 access)

Security:

  • [Improvement] Reduce secret lifecycle on internal technical accounts to 6 months

Operations:

  • [Milestone] 100% clusters migrated to AKS 1.22
  • [Milestone] 100% clusters migrated to k8saas Babel

Babel 2.8

Release date: 2022-11-21

Features:

  • [New] Expose your containers only to Thales corporate networks using the new Corporate Addon (user doc coming soon…). To understand what are the differences between c3 and corporate addon, have a look to Corporate Addon Feature page

Service Stability & Improvements:

  • [Improvement] Improve billing API performances using cache
  • [Improvement] Collect SSO v2 (based on Pomerium) metrics

Babel 2.7

Release date: 2022-10-31

Community:

  • [New] Discover how to collect & parse logs using the Punch language (Thales Technology uses in multiple CSOC). Tutorial

Features:

  • [New] K8SAAS log collection supports new outputs: Opensearch and EventHub. Discover how to enable the feature & access to your logs in Opensearch or EventHub
  • [New] Log Reduction. All verbosity levels have been reviewed to reduce the CPU & Memory consumption of the log collection (fluentbit).

Service Stability & Improvements:

  • [Improvement] Internal k8saas alerting is now connected to serviceNow/postIT to update the support level 2 team more quickly.
  • [Fixed] Grafana dashboard deployment issue in babel 2.5.4
  • [Fixed] Developer Role is now officially supported in babel

Breaking changes:

  • [New] Only nginx error logs will be collected by default (production mode). Breaking change doc
  • [New] FTP is no longer supported in k8saas. blog

Babel 2.6

Release date: 2022-09-29

Features:

  • [New] Visualize your k8saas cloud cost within Grafana! user doc

Service Stability & Improvements:

  • [Improvement] Improve billing API to avoid conflict with malformed configuration file
  • [Improvement] AKS version is now 1.23. detailed release note

Babel 2.5

Release date: 2022-09-07

Features:

  • [New] Discover the detailed consumption of k8saas using the new billing API endpoint. doc

Service Stability & Improvements:

  • [Improvement] Promote SSO new generation based on pomerium to General Available
  • [Improvement] To avoid conflict between hierarchical namespace and classic namespace, self-service namespace creation is now limited under customer-namespaces. doc
  • [Improvement] Security improvement of storage account use for backup. Details: use TLS 1.2 minimum + restrict access from AKS vnet only.

Documentation:

  • [New] Use SSO v2 based on pomerium using Azure AD groups. doc
  • [New] Use service account and hierarchical namespace. doc

Babel 2.4

Release date: 2022-08-18

Features:

  • [New] Look at your reserved instance using the updated billing API. doc

Service Stability & Improvements:

  • [New] kubernetes policy limiting the length of ingress hostnames of 64 char (due to cert-manager limitations). limitation doc and policy doc
  • [Improvement] SSO new generation (based on Pomerium) upgrade to 32.0.5

Breaking changes:

  • [New] New k8saas will be deployed using .k8saas.thalesdigital.io domain name (by default) rather than kaas.thalesdigital.io. doc
  • [New] Grafana dashboard will be deployed for new cluster with the URL: grafana.<short_instance_name>..k8saas.thalesdigital.io
  • [New] kubernetes policy forbidding the usage of node selector. Rational: High risk of outage during migration. Use taints&tolerations or affinity pattern instead. policy doc

Bonus:

  • [Blog] Thales K8SAAS contributes to Pomerium. link

Babel 2.3 Beta

Release date: 2022-07-28

Features:

  • [New] Manage your service accounts (with pre-defined roles) in self service. doc
  • [New] Stop & Start your AKS in self service. doc

Service Stability & Improvements:

  • [Improvement] Flux migration from 0.26 to 0.30.2
  • [Improvement] Restore the capacity to grant readonly permissions
  • [Improvement] Remove integration with Zendesk (legacy)

Babel 2.2 Beta

Release date: 2022-07-07

Service Stability & Improvements:

  • [Improvement] Fix bugs for “Manage k8saas namespaces in self-service”. doc

Documentation:

Babel 2.1 Beta

Release date: 2022-06-16

Features:

  • [New] Manage k8saas namespaces in self-service. doc
  • [New] k8saas Observability Stack Homepage to facilitate the navigation between the dashboards. doc

Service Stability & Improvements:

  • [Improvement] Prometheus upgrade to 2.34.0
  • [Improvement] Raise an alert when certificates used outside NGINX are about to expire. doc

Breaking changes:

  • [Deprecated] RBAC microservice is no longer available with Babel. doc

Babel 2.0 Beta

Release date: 2022-05-26

Features:

  • [New] Manage k8saas accesses in self-service. doc
  • [New] Backup are now done using incremental snapshots. Impact: Cost reduction
  • [New] Backup Dashboard in Grafana. Look at “K8SAAS / Velero” in your observability stack

Service Stability & Improvements:

Breaking changes:

  • [WARNING] kubernetes.io/ingress.class annotation is no longer accepted. Please update your configuration using our k8saas helper: here

Atik 1.33

Release date: 2022-05-05

Features:

  • [Improvement] New search engine for online documentation + Add tags to improve SEO

Service Stability & Improvements:

  • [Improvement] Improve Nginx Controller to avoid having 2 replicas on the same physical nodes.
  • [Improvement] Patch CVE-2022-24797 for SSO v2
  • [Fixed] Enable Prometheus Service Monitor for fluentbit (used for log collection)

Documentation:

  • [New] Discover our first edge use case on K8SAAS: Combat Digital Platform
  • [New] Kubernetes alternatives to docker commands: here
  • [Improvement] Increase your WAF paranoia level + perform an audit of your WAF. here. Example of reports
  • [Improvement] Discover how to deploy and use GeaMap series using Warp10 here
  • [Improvement] Learn step by step how to enable WAF, SSO, persistent storage and more using our hello world projects

Atik 1.32

Released date: 2022-04-14

Features:

  • [New] Discover the kubernetes CRD k8saas supports here

Service Stability & Improvements:

  • [Improvement] Use AKS 1.21. Microsoft AKS change log
  • [Improvement] Backup mechanism based on Velero upgrade to 1.8.1
  • [Improvement] Industrialize the deletion of inactive users / departure users
  • [Improvement] Minimum size of clusters is now 6vCPU & 24G of Memory (3xB2ms) to better support transversal services (monitoring, logging, backup, CSI driver, policy management)
  • [Improvement] Move few transversal services into gitops mechanisms (backup mechanism, monitoring, service mesh)

Atik 1.31

Released date: 2022-03-24

Features:

  • [New] Built-in SSO new generation. doc
  • [New] Collect kubernetes events and discover them in the observability stack. doc
  • [New] North Europe is now available. (name: prod-eu2)
  • [New] Query time range on Billing API v2. doc

Service Stability & Improvements:

  • [Improvement] Optimize Cpu/Memory for internal components (prometheus, grafana, fluentbit)
  • [Improvement] Randomize the cronjob when performing automatic backup
  • [Improvement] Support Thales Eyes Only Whitelisting officially (industrialization)

Documentation:

  • [New] Use k8saas with Gitlab CI & Artifactory doc

Deprecated:

  • [Deprecated] Billing v1 has been removed from k8saas API Portal

Atik 1.30

Released date: 2022-03-03

Features:

  • [New] Archive all applicatives logs in cold storage for 365 days. (required by Trustnest Blue Team / CSOC). doc
  • [New] New Design, new search capability and a dark mode for https://doc.kaas.thalesdigital.io

Service Stability & Improvements:

  • [Improvement] Grafana upgrade to 8.3.5. Release note
  • [Improvement] Exclude internal components from the backup mechanism to optimize internal costs (linkerd and gatekeeper-system)
  • [Improvement] Limit memory and cpu consumption for internal rbac-service. doc

Atik 1.29

Released date: 2022-02-17

Features:

  • [New] Size dynamically your workloads (by Keda). doc

Service Stability & Improvements:

  • [Improvement] Use AKS 1.20.15
  • [Improvement] Add helm-codes to innersource code. here
  • [Improvement] Technical Architecture and Security Document Update (TASD). doc

Documentation:

  • [New] Learn from Thomas Ehling how to scale dynamically your workloads blog

Atik 1.28

Released date: 2022-02-03

Features:

  • [New] Optimise your log management pricing by enabling a daily cap. doc
  • [New] Private access to your billing API to get your cloud consumption. doc

Service Stability & Improvements:

Breaking changes:

  • [WARNING] kubernetes.io/ingress.class annotation is deprecated. Please update your configuration using our k8saas helper: here

Atik 1.27

Released date: 2022-01-20

Features:

  • [New] Optimise cost by disabling log collection for specific containers. doc
  • [New] Monitor the malicious activity blocked by your WAF using our new builtin dashboard. doc
  • [New] Added a priority class for customer customer-high-priority. doc
  • [New] FTPS (port TCP/989 and TCP990) are now denied by default in outbound. doc

Service Stability & Improvements:

  • [Improvement] Granted permission to devops role for certificates deletion
  • [Improvement] Updated cluster security report to support AD groups (fix regression from 1.25)
  • [Improvement] Fixed certificate renewal date issue
  • [Improvement] fix log4j2 vulnerability on Billing API v1

Documentation:

  • [New] c3* documentation. doc

Atik 1.26

features:

  • [New] All new clusters will be deployed in AKS 1.20
  • [New] Restrict container images to trusted registries (provide your own). doc

Service Stability & Improvements:

  • [Improvement] Adapt default Azure Availability Zones for AKS cluster containing less than 3 nodes
  • [Improvement] Remove unused Prometheus metrics

Atik 1.25

features:

  • [New] Access to Azure Graph with Grafana

Service Stability & Improvements:

  • [Improvement] Billing API v2 improvement (tagging)
  • [Improvement] Managed users using AAD Groups
  • [Improvement] Rename AzureMonitoringDashboard to Azure Log Analytics

Documentation:

  • [New] Container Best Practices / Build your own helm chart link

Atik 1.24

features:

Service Stability & Improvements:

  • [Improvement] Support level 1 can now perform backup of your cluster
  • [Improvement] NSG and RDP are now blocked by default on all clusters

Atik 1.23 STABLE

features:

  • [New] Migration to Grafana 8. Please look at the full grafana release note
  • [New] Remove header from logs using cri parser on fluentbit
  • [New] New blog design link
  • [New] New Professional Services activities. We are now able to assist projects helping them for migration or gotoproduction gates
  • [New] Dashboard: Cluster / Overview used to show you alerts, certificates expiration, capacity planning
  • [New] Fluxcdv2 Dashboard. Discover the k8saas internal services deployed in your cluster.

Service Stability & Improvements:

  • [Improvement] Robustness of Billing API

Documentation:

  • [New] Choose your AKS node type. doc
  • [New] Vulnerability Management page. doc
  • [New] Access to Transversal Resources. doc

Atik 1.22 STABLE

features:

  • [New] New type of AKS node available: High Memory type! (4vCPU with 32G of memory)
  • [New] Configuration Reporting Feature. Look at the doc

Service Stability & Improvements:

  • [Improvement] Update tagging convention with the accountID
  • [Improvement] Add pods/attach rights to developer-role
  • [Improvement] Trial/Discover is now able to manage both UPN and ObjectID for new users
  • [Improvement] Improve Nginx ingress Controller robustness (spread controller by azure zone)

Documentation:

  • [New] Use Thales Container Base Image (from DIS). doc
  • [New] Use K8saas with Visual Studio Code. doc

Atik 1.21 STABLE

features:

  • [New] Multi region supported (transversal components are migrating to per region deployment)
  • [Alpha] RBAC microservice is now part of the Atik. This microservice is used to display the k8saas rights.

Service Stability & Improvements:

  • [New] Provide us some feedback on the website and online documentation using the “feedback button” (on the right)
  • [Improvement] Compatibility with gitlab runner using chart 0.30.0
  • [Improvement] Cert-manager migration from 1.1.0 to 1.5.0
  • [Improvement] Add kubernetes events in the k8saas logging capability. doc

Atik 1.20 STABLE

features:

  • [Preview] Enabled automatic AKS node upgrades only on sandbox clusters
  • [New] Compatibility with kubelogin command (skip MFA)

Service Stability & Improvements:

  • [New] Doc for automatic backup - doc
  • [New] Doc to skip MFA - doc
  • [New] k8saas use cases documentation: BYOD, k8saas & azure bastion, k8saas & azure cosmoDB : link
  • [New] Document automatic backup with velero - doc
  • [Improvement] Migration to Terraform 14, enable prometheus compression, Observability Stack has been migrated to Cortex, Deploy a tagging strategy on cloud resources
  • [New] Provide a Shared Responsibility Model - SRM

Atik 1.19 STABLE

Features:

  • [New] Use a custom DNS domain with k8saas
  • [Preview] Scheduled AKS scaling (weekend vs weekday / day vs night)

Service Stability & Improvements:

  • [New] Add AccountID in Billing API

Atik 1.18 STABLE

Features:

  • [New] Policy enforced. Privileged containers are now forbidden by default
  • [New] Internal RBAC API (summarize the k8saas accesses)
  • [New] Thales Employees App registration on demand

Service Stability & Improvements:

  • [Improvement] Bug fixes for k8saas trial (UPN with capital letters)

Atik 1.17 STABLE

Features:

  • [Preview] Trial version available for all @thalesdigital.io email address
  • [New] 4 builtin grafana dashboards: Nginx, Linkerd, fluentbit, coreDNS
  • [New] Manage your own dashboard with infrastructure as code - link
  • [New] Automatic malicious IP blacklisting (ips provided by the trustnest blueteam)
  • [New] DNS isolation between clusters
  • [New] Support of @thalesgroup.com email address for admin

Service Stability & Improvements:

  • [Improvement] AKS migration version from 1.19.7 to 1.19.11
  • [Improvement] Linkerd migration version from 2.9.1 to 2.10.2
  • [Improvement] fluentd & fluentbit migration version from 1.11.5 to 1.12.3
  • [Improvement] Allow the support level 1 to get/list aks nodes

Documentation:

  • [New] Pod to pod encryption - link
  • [New] TLS Certificate generation - link

Atik 1.16.3 STABLE

Product Owning:

  • [New] Start using Customer Evaluation Plan to drive PoC

Features:

  • [Preview] Trial version in self service

Service Stability & Improvements:

  • [New] Add Service Monitor to nginx controllers
  • [Improvement] Security Alerting on service account usage outside the TDP

Atik 1.16 STABLE

Product Owning:

Documentation:

  • [New] Get service accounts by the end user link

Service Stability & Improvements:

  • [New] Add option to use Ephemeral disks for AKS nodes
  • [New] Configuration to configure the size of the OS disk for AKS nodes (previously 30G by default)
  • [Fix] Nginx-ingress-controller internal and external didn’t get the default values (HSTS, TLS cipher etc…)
  • [Improvement] Prometheus: configuration to expose API using ingress controller
  • [Improvement] Grafana: persist dashboards on persistent storage
  • [Improvement] Fluent: exclude tunnelfront logs

Atik 1.13 STABLE

Product Owning:

  • [Preview] New Elasticsearch as a Service in Atik release here

Documentation:

  • [New] Nginx ingress controller annotation link

Service Stability & Improvements:

  • [Improvement] Dedicated nginx ingress controller per namespace (for reliability)
  • [Preview] New terraform module for peering
  • [Improvement] Clean deployment scripts
  • [Improvement] Linkerd, Prometheus fixes
  • [Improvement] Grafana rights on Log Analytics
  • [Improvement] Disable Auto scaling by default for AKS (azure limitation)

Atik 1.12 STABLE

Product Owning:

  • [New] Chatbot when asking for a cluster creation
  • [New] Documentation to raise a ticket using the TDP portal here
  • [Preview] Contribute to TDP documentation portal
  • [New] Service Review Meeting Organization for continuous improvements
  • [New] Terragrunt Modules move in InnerSource

Features:

  • [New] BYOK for storage (C3 requirement)
  • [New] Customer based security detection rules (ask us to implement security or business alerts)
  • [Improvement] Grafana integration (still in preview)

Security:

  • [New] ISSC C3 preparation / Cybersecurity documentation (TASD)

Service Stability & Improvements:

  • [Improvement] Backup architecture evolution (velero)
  • [New] Give reader access to NSG and impersonate rights for support level 1
  • [Improvement] Remove internal default unused namespaces
  • [Improvement] Update Hello world project with new kubernetes networking API
  • [Improvement] Increase the prometheus local retention from 2h to 2 days

Atik 1.8 STABLE

Features:

  • [Preview] Discover Pack (Shared Cluster) now available in Atik 1.8
  • [GA] Access to your applicatives logs across a dedicated log analytics workspace

Security:

  • [Preview] Automatic backups (every 2 hours)
  • [Preview] WAF documentation + default nginx logs routing to customer log analytics

Service Stability & Improvements:

  • [Improvement] Monitoring Contributor Role for Dedicated Log Analytics
  • [Improvement] TDP Checkmarx default NSG rules
  • [Improvement] AKS migration version from 1.19.6 to 1.19.7

Atik 1.6 STABLE

Product Owning:

Features:

  • [Preview] Azure Spot Compatibility
  • [Preview] Multiple AKS node pools compatibility
  • [Preview] Access to your applicatives logs across a dedicated log analytics workspace
  • [Preview] Access to your applivatives metrics across a dedicated grafana and prometheus
  • [Improvement] Billing API update

Security:

  • [Improvement] Increase retention period to 365days for terraform states
  • [Improvement] Store AKS public and private SSH keys into Azure Keyvault
  • [Improvement] Allow only TCP/443 & 80 by default + be protected against vnet peering
  • [Improvement] No clear secrets on any laptop - SOPS integration

Service Stability & Improvements:

  • [Improvement] Reduce the cooldown of the AKS autoscaler to 60m.
  • [Preview] Support Level 1 in Follow the Sun

Subscribe to an environment !

Start using one of MCS service by subscribing to a managed kubernetes, an APIM subscription key or a landing zone…

Subscribe
*

TrustNest Digital Platform © 2024