What's new

What's new in version 1.3.15

• Standard security updates are addressed.

• Operator and operand version information is updated. For more information, see Version matrix page.

What's new in version 1.3.14

• Red Hat® OpenShift® Container Platform version 4.13.x is supported on Linux® x86_64, Linux® on Power® (ppc64le), and Linux® on IBM® Z and LinuxONE platforms.

• Standard security updates are addressed.

• Operator and operand version information is updated. For more information, see Version matrix page.

What's new in version 1.3.13

• Red Hat® OpenShift® Container Platform version 4.12.x is supported on Linux® x86_64, Linux® on Power® (ppc64le), and Linux® on IBM® Z and LinuxONE platforms.

Fixes

Version 1.3.13 addresses standard security updates. For more information on the operator and operand matrix, see Version matrix page.

What's new in version 1.3.12

The following updates are made to meet the Federal Information Processing Standards (FIPS) compliance requirement: Note: FIPS compliance updates are applicable only to Linux® x86_64 platform.

• Default TLS termination of the Elasticsearch route is changed from passthrough to reencrypt to address FIPS Wall requirement. For more information, see FIPS Wall: Current IBM approach to FIPS compliance.

  • If you upgrade to version 1.3.12, the TLS termination is changed to reencrypt, which updates the Elasticsearch route. To prevent any route update, change the default annotation of the Elasticsearch route before you upgrade.
    1. Log in to your cluster by using the oc login command.
    2. Get the Elasticsearch route name.

       oc get route -n <your-cloud-pak-namespace> | grep Elasticsearch
       

    3. Change the app.kubernetes.io/managed-by label value to any value other than ibm-elastic-operator.

       oc edit route <route-name> -n <your-cloud-pak-namespace>
       

       The ibm-elastic-operator no longer reconciles the route.
       Note: If you did not update the Elasticsearch route resource before you upgraded, you can modify it after upgrade by using the same commands. For example, change the spec.tls.termination value to passthrough.

  Note: If you change the app.kubernetes.io/managed-by label value back to ibm-elastic-operator, then the operator resumes reconciliation of the route and sets the spec.tls.termination value to reencrypt.

• To address the FIPS compliance for Flink, IBM Semeru JVM is upgraded to version 11.0.16.1.
• Version 1.3.12 also addresses standard security updates.

For more information about the operator and operand matrix, see Version matrix page.

What's new in version 1.3.11

• OpenShift version 4.11.x is supported.

Fixes

• Version 1.3.11 addresses standard security updates. For more information on the operator and operand matrix, see Version matrix page.

What's new in version 1.3.10

Fixes

• This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.

• The issues related to Golang security vulnerabilities have been addressed by updating the following packages:

  • Golang version has been upgraded from 1.17 to 1.18.

• Scaling up Elasticsearch from a single node failed if the original cluster nodes were down at the time of scaling up. The issue is now fixed.

What's new in version 1.3.9

Fixes

• This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
• Fixed an issue that prevented the ‘AutomationBase’ resource from reconciling when Kafka was not mentioned in the ‘AutomationBase CR’, resulting in a nil pointer in the logs.

What's new in version 1.3.8

Fixes

• This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.

• The known issue Rotation of Kafka certificates is not automatic when the CA certificate and key changes is fixed as of IBM Automation foundation 1.3.8 operator version, AutomationBase 2.0.6 operand version.

What's new in version 1.3.7

Fixes

• This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.

• Upgrading IBM Automation Foundation to the latest operator version had issues when the operand versions were explicitly set to a lower version (1.3.0 to 1.3.6). This issue is now fixed.

• Frequent deletion and re-creation of iaf-zen-tour-customization-extensions configmap is now fixed. The fix helps in getting a stable connection for the Zen plug-in and the Zen nginx configuration.

What's new in version 1.3.6

Fixes

• This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.

What's new in version 1.3.5

Fixes

• This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.

Miscellaneous

• IBM Automation foundation is now supported on Red Hat OpenShift version 4.10.3 onwards. For more information, see Platform support.

Deprecation notice

• Automation Assets are now deprecated from IBM Automation foundation and will continue to be a part of CP4I.

Note: A deprecation statement is provided to let you know that removal or replacement of the component is in consideration for the future release. This gives you the ability to make more informed decisions.

What's new in version 1.3.4

Fixes

• This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.

What's new in version 1.3.3

Fixes

• The EventProcessing operator has been updated to pick up the operand images with the Log4j fix by default in the v4.0 channel.

• Refer here, for more details.

What's new in version 1.3.2

Fixes

• The issues related to the vulnerability Apache Log4j Remote Code Execution - Log4Shell have been addressed by updating to Log4j version v2.17.

• Refer here, for more details.

What's new in version 1.3.1

Fixes

• The vulnerability Apache Log4j Remote Code Execution - Log4Shell have been addressed and the required fixes have been delivered.

• For more information, refer the FAQ section.

What's new in version 1.3.0

Features

IBM Automation foundation Operator

• Ephemeral storage limits and requests values have been set on all the IBM Automation foundation components.

• You can now provide the field spec.externalCartridges in the CartridgeRequirements CR. externalCartridges is a list of Cartridge names that are expected to provide shared data onto a predefined KafkaTopic, which would be relevant to the CartridgeRequirement’s corresponding Cartridge. Refer here for more details.

IBM Automation foundation Core

• Each Cartridge can now create one CartridgeRequirements custom resource to specify the required capabilities.

• You can now provide custom parameters to the Zen service.

Elasticsearch

• Elasticsearch has been updated to provide the use of ELv2 7.15.1 version. Refer here for more details.

Miscellaneous

• IBM Automation foundation is now validated on the IBM Power Systems, version Power10.

What's new in version 1.2.1

Fixes

There are no code specific changes in this fix pack to the IBM Automation foundation components.

However, the refreshed UBI (Universal Base Image) versions that are published by Redhat have been updated in IBM Automation foundation to address the vulnerabilities.

Miscellaneous

• OpenShift version 4.9.x is supported.

What's new in version 1.2.0

Features

IBM Automation foundation Operator

• Improvements to TLS certificate handling.
  • You can now safely provide a custom Issuer to an AutomationBase CR.
  • The number of self-signed CAs and certificate Issuer(s) is reduced.
  • Separated the CA secret for consuming applications that can be edited to contain older CAs to aid with the certificate and key rotation. Therefore, it is not created by Cert Manager and , does not cause an automatic restart of pods.
  • Documented steps for managing IBM Automation foundation certificates.
• Linux Z and P support capabilities to include IBM Automation foundation Base (Kafka, Elasticsearch, Apicurio, Flink) and providing parity with x86/amd64 as a platform.

EventProcessor and EventProcessingTask

• Support for IBM LinuxOne and Power little-endian systems.
• Apache Flink upgrade to 1.13.2.
• JRE version upgrade to 11.0.11.
• Removal of the Hadoop Distributed File System (HDFS) client in the Flink image.
• Major (v3) channel addition for operands.
• Metrics for TaskManagers and Jobs.
• Mutual TLS between JobManagers and TaskManagers.
• Support for SASL Plain authentication secured Kafka.
• The image field is now required while submitting an EventProcessingTask.

Elasticsearch

• Elasticsearch on multi-zone clusters is validated.

Bedrock

• You can opt to have separate common-services namespace for each of your IBM Automation Foundation instance.

Miscellaneous

• OpenShift version 4.8.x is supported.

Fixes

• Removing a node group from the Elasticsearch spec in an AutomationBase CR cleans up the resources for that node group correctly.
• Ability to provide additional certificates and keys to an EventProcessor keystore.
• The use of EventProcessors in the spec.requirements of CartridgeRequirements CR is deprecated and is replaced by OperationalDataStore. For more information, see CartridgeRequirements.

Deprecation notice

• The AI Operators that are used in previous releases are withdrawn in favor of Watson Core Operators for AI. Use the Watson Core operators for AI. You may get in touch with Hans Urlig for more details

• Event Processing Operand versions 1.0.0 and 2.0.0 are now deprecated in favor of Event Processing Operand version 3.0.0. However, you can continue to use these Operand versions until they are removed in 6 months from the release of IBM Automation Foundation v1.2.

What's new in version 1.1.0

Features

Event Processor

• New operand version 2.0.0 is introduced for the EventProcessor and EventProcessingTask custom resources. This new Operand version introduces the following features.
  • High Availability (HA) supported through EventProcessor CR.
  • Flink image version that is used, by default, is 1.13.0. Flink jobs that are compiled on earlier versions of Flink do not run in the newer version unless you recompile it on version 1.13.0. For more information, see EventProcessor and EventProcessingTask Operand version 2.0.0.
  • Ability to configure the maximum request body size accepted by the Flink Cluster. For more information, see EventProcessor and EventProcessingTask Operand version 2.0.0.
• With the Event Processor v2.0.0 operand, you don't need to specify the storage field for high-availability with Flink 1.13.0. For more information, see configuring high availability with Flink.
• The Nginx client_max_body_size directly maps to the CLIENT_MAX_BODY_SIZE environment variable, which can be configured by using the EventProcessor CR to configure the maximum request body size accepted by the Flink cluster.

IBM Automation foundation Core

• When you install the IBM Automation foundation Core Operator, the default behavior is for it to install Platform UI. You can choose to not install Platform UI by configuring zen: false in the AutomationUIConfig CR YAML.
• IBM Automation foundation Core Operator is now supported on IBM Z and Power Systems having a suitable OpenShift Container Platform version. For more information, see System requirements. For storage on Z and P, you can use any available RWX storage class such as a managed-nfs.
• Added get, list, and watch ClusterRole permissions to the IBM Automation foundation Core Operator for StorageClass resources.
• Added 1.1.0 version and v1.1 channel for Cartridge and AutomationUIConfig operands.

IBM Automation foundation AI

• IBM Automation foundation AI uses the AI model training and serving capabilities from Watson Machine Learning (WML) Core. You require the WML Training and WML Serving Operators to be installed as a prerequisite before you install the IBM Automation foundation AI capability.
• The APIs provided by IBM Automation foundation AI Operators are updated from v1aplha1 to v1beta1 to support WML Core components.

UI

• The default Platform UI home page illustration is replaced with the IBM Automation foundation illustration.
• A guided tour on the home page is introduced.
• Support for Platform UI 4.0.0 from IBM Cloud Pak foundational services v3.8.

Miscellaneous

• OpenShift versions 4.7.x and 4.8.x supported. For more information, see Platform support.
• Apicurio is now made optional. The AutomationBase CR in IBM Automation foundation Operator is modified to make Apicurio an optional component. For the changes to the AutomationBase CR, see Custom Resources.

• The current CRD for Cartridge has an inconsistency in the definition of endpoints in the status. Currently, it looks like the following.

    status:
      components:
        zen:
          endpoints: 
            - name: cpd
              casecret:
                secretname: my-secret
                key: ca.crt
  

  Where it must be like the other CRs, such as the following.

    status:
      components:
        zen:
          endpoints: 
            - name: cpd
              caSecret:
                secretName: my-secret
                key: ca.crt
  

  casecret -> caSecret, secretname -> secretName

  Therefore, to make the transition without breaking existing users, the Cartridge 1.1.0 operand has both, such as the following.

    status:
      components:
        zen:
          endpoints: 
            - name: cpd
              casecret:
                secretname: my-secret
                key: ca.crt
              caSecret:
                secretName: my-secret
                key: ca.crt
  

  Both the pairs (casecret, caSecret and secretname, secretName) are configured with the same values. Both the versions of the fields are completed for 1.1.x to allow the time to change to caSecret and secretName. Eventually, the incorrect version will not be completed with the value (though it is not removed from the CRD).

  The plan is to remove the incorrect fields with v1 of CRDs.

Fixes

• Elasticsearch snapshot storage that is defined with volumeClaimTemplate failed to create PVC. This issue is now fixed.
• IBM Automation foundation failed installation on all namespaces on OpenShift 4.7.8, this issue is now fixed.
• All namespace installation that failed for Event Processor and Flink Operators on OpenShift 4.7.11, is fixed.
• CartridgeRequirements had a misleading ElasticUserReady in its Status, which is now corrected.
• Updated the Flink image in IBM Automation foundation to Flink 1.13.0 GA version.
• With Flink HA configured, the Flink JobManager was unavailable when leader election occurs, this issue is now fixed.
• Fixed certificate renewal behavior for EventProcessor. Before the fix, only the first pod that is defined in the StatefulSet would have the new certificate and you had to manually restart the other JobManager pods, this issue is now fixed.

What's new in version 1.0.2

Fixes

The following fixes are included in this fix pack.

• The CartridgeRequirements CR is not deleted if there exists no Elasticsearch component that is installed as part of the AutomationBase CR. This issue is now resolved and the CartridgeRequirements CR can be deleted.
• Deletion of an AutomationUIConfig CR or Cartridge CR creates a null pointer exception in the IBM Automation foundation Core Operator causing it to restart. The Operator now handles the deletion of those CRs correctly and no longer causes the Operator pods to restart.
• When the IBM Automation foundation Core Operator processes the AutomationUIConfig CR, which would occur on a change of the CR or on a restart of the IBM Automation foundation Core Operator, it would restart the ibm-nginx config pods that caused potential Platform UI access issues. The processing of the AutomationUIConfig CR now no longer causes unnecessary restart of the ibm-nginx config pods.
• The Ready condition on the AutomationUIConfig CR was not being set until after the Platform UI was Ready. This behavior caused some cartridges to not be able to install. The IBM Automation foundation Core Operator now sets the Ready condition on the AutomationUIConfig CR when it is ready and doesn't wait for Platform UI to become Ready first. This behavior is reverting to the same behavior provided in 1.0.0.
• Some of the IBM Automation foundation Operators failed installation on OpenShift version 4.7.6+ with a status of CreateContainerError. This error was caused due to insufficient memory that was requested by the pods on the cluster. This issue is fixed in IBM Automation foundation v1.0.2. If you are attempting to install IBM Automation foundation on OpenShift v4.7.6+, you must use Automation foundation v1.0.2 and not the earlier versions.

What's new in version 1.0.1

Fixes

The following fixes are included in this fix pack.

• When a Platform UI instance is being created by applying a Cartridge CR, the status of the CR sometimes showed an error similar to iaf-zen-cpdservice not found. This behavior was documented as a known issue in release 1.0.0. This issue is now fixed in IBM® Automation foundation Core.
• IBM Automation foundation Core generated a self-signed certificate chain that was missing the CA certificate during the creation of the AutomationUIConfig CR. Also, it was not allowing the user to use custom certificates to configure external-tls in AutomationUIConfig CR. With this Fix Pack, the support for use of custom certificates in AutomationUIConfig CR is added. Documentation is updated to add instructions on updating the certificates after the AutomationUIConfig CR is created.
• The Apicurio internal URL displayed in the status (status.components.apicurio.endpoints) of IBM Automation foundation instance was incorrectly getting set to Automation foundation instance name. This behavior is now corrected to carry the right Apicurio internal URL.
• Removed Redis from the CASE dependency for IBM Automation foundation CASE bundle.

No changes in this fix pack to the following IBM Automation foundation components.

• IBM Process Mining
• IBM Robotic Process Automation
• IBM Automation assets

What's in version 1.0

IBM® Automation foundation includes an event framework that consists of Apache Kafka&REg;, Apache Flink®, Apicurio registry, and Elasticsearch.

It builds on IBM Cloud Pak foundational services, which includes the Platform UI.

It also includes the ability to train and serve AI models by using Open Data Hub.