What's new
What's new in version 1.3.15
-
Standard security updates are addressed.
-
Operator and operand version information is updated. For more information, see Version matrix page.
What's new in version 1.3.14
-
Red Hat® OpenShift® Container Platform version 4.13.x is supported on Linux® x86_64, Linux® on Power® (ppc64le), and Linux® on IBM® Z and LinuxONE platforms.
-
Standard security updates are addressed.
-
Operator and operand version information is updated. For more information, see Version matrix page.
What's new in version 1.3.13
- Red Hat® OpenShift® Container Platform version 4.12.x is supported on Linux® x86_64, Linux® on Power® (ppc64le), and Linux® on IBM® Z and LinuxONE platforms.
Fixes
Version 1.3.13 addresses standard security updates. For more information on the operator and operand matrix, see Version matrix page.
What's new in version 1.3.12
The following updates are made to meet the Federal Information Processing Standards (FIPS) compliance requirement: Note: FIPS compliance updates are applicable only to Linux® x86_64 platform.
-
Default TLS termination of the Elasticsearch route is changed from
passthrough
toreencrypt
to address FIPS Wall requirement. For more information, see FIPS Wall: Current IBM approach to FIPS compliance.- If you upgrade to version 1.3.12, the TLS termination is changed to
reencrypt
, which updates the Elasticsearch route. To prevent any route update, change the default annotation of the Elasticsearch route before you upgrade.- Log in to your cluster by using the
oc login
command. - Get the Elasticsearch route name.
oc get route -n <your-cloud-pak-namespace> | grep Elasticsearch
- Change the
app.kubernetes.io/managed-by
label value to any value other thanibm-elastic-operator
.
Theoc edit route <route-name> -n <your-cloud-pak-namespace>
ibm-elastic-operator
no longer reconciles the route.
Note: If you did not update the Elasticsearch route resource before you upgraded, you can modify it after upgrade by using the same commands. For example, change thespec.tls.termination
value topassthrough
.
- Log in to your cluster by using the
Note: If you change the
app.kubernetes.io/managed-by
label value back toibm-elastic-operator
, then the operator resumes reconciliation of the route and sets thespec.tls.termination
value toreencrypt
. - If you upgrade to version 1.3.12, the TLS termination is changed to
- To address the FIPS compliance for Flink, IBM Semeru JVM is upgraded to version 11.0.16.1.
- Version 1.3.12 also addresses standard security updates.
For more information about the operator and operand matrix, see Version matrix page.
What's new in version 1.3.11
- OpenShift version 4.11.x is supported.
Fixes
- Version 1.3.11 addresses standard security updates. For more information on the operator and operand matrix, see Version matrix page.
What's new in version 1.3.10
Fixes
-
This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
-
The issues related to
Golang
security vulnerabilities have been addressed by updating the following packages:Golang
version has been upgraded from1.17
to1.18
.
- Scaling up Elasticsearch from a single node failed if the original cluster nodes were down at the time of scaling up. The issue is now fixed.
What's new in version 1.3.9
Fixes
- This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
- Fixed an issue that prevented the ‘AutomationBase’ resource from reconciling when Kafka was not mentioned in the ‘AutomationBase CR’, resulting in a nil pointer in the logs.
What's new in version 1.3.8
Fixes
-
This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
-
The known issue Rotation of Kafka certificates is not automatic when the CA certificate and key changes is fixed as of IBM Automation foundation 1.3.8 operator version,
AutomationBase
2.0.6 operand version.
What's new in version 1.3.7
Fixes
-
This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
-
Upgrading IBM Automation Foundation to the latest operator version had issues when the operand versions were explicitly set to a lower version (1.3.0 to 1.3.6). This issue is now fixed.
-
Frequent deletion and re-creation of
iaf-zen-tour-customization-extensions
configmap is now fixed. The fix helps in getting a stable connection for the Zen plug-in and the Zen nginx configuration.
What's new in version 1.3.6
Fixes
- This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
What's new in version 1.3.5
Fixes
- This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
Miscellaneous
- IBM Automation foundation is now supported on Red Hat OpenShift version 4.10.3 onwards. For more information, see Platform support.
Deprecation notice
- Automation Assets are now deprecated from IBM Automation foundation and will continue to be a part of CP4I.
Note: A deprecation statement is provided to let you know that removal or replacement of the component is in consideration for the future release. This gives you the ability to make more informed decisions.
What's new in version 1.3.4
Fixes
- This version addresses the standard security updates. For more information on the operator and operand matrix, refer the Version matrix page.
What's new in version 1.3.3
Fixes
-
The EventProcessing operator has been updated to pick up the operand images with the Log4j fix by default in the v4.0 channel.
-
Refer here, for more details.
What's new in version 1.3.2
Fixes
-
The issues related to the vulnerability
Apache Log4j Remote Code Execution - Log4Shell
have been addressed by updating to Log4j version v2.17. -
Refer here, for more details.
What's new in version 1.3.1
Fixes
-
The vulnerability
Apache Log4j Remote Code Execution - Log4Shell
have been addressed and the required fixes have been delivered. -
For more information, refer the FAQ section.
What's new in version 1.3.0
Features
IBM Automation foundation Operator
-
Ephemeral storage limits and requests values have been set on all the IBM Automation foundation components.
-
You can now provide the field
spec.externalCartridges
in theCartridgeRequirements
CR.externalCartridges
is a list of Cartridge names that are expected to provideshared
data onto a predefined KafkaTopic, which would be relevant to the CartridgeRequirement’s corresponding Cartridge. Refer here for more details.
IBM Automation foundation Core
-
Each
Cartridge
can now create oneCartridgeRequirements
custom resource to specify the required capabilities. -
You can now provide custom parameters to the Zen service.
Elasticsearch
- Elasticsearch has been updated to provide the use of ELv2 7.15.1 version. Refer here for more details.
Miscellaneous
- IBM Automation foundation is now validated on the IBM Power Systems,
version Power10
.
What's new in version 1.2.1
Fixes
There are no code specific changes in this fix pack to the IBM Automation foundation components.
However, the refreshed UBI (Universal Base Image) versions that are published by Redhat have been updated in IBM Automation foundation to address the vulnerabilities.
Miscellaneous
- OpenShift version 4.9.x is supported.
What's new in version 1.2.0
Features
IBM Automation foundation Operator
- Improvements to TLS certificate handling.
- You can now safely provide a custom Issuer to an
AutomationBase
CR. - The number of self-signed CAs and certificate Issuer(s) is reduced.
- Separated the CA secret for consuming applications that can be edited to contain older CAs to aid with the certificate and key rotation. Therefore, it is not created by Cert Manager and , does not cause an automatic restart of pods.
- Documented steps for managing IBM Automation foundation certificates.
- You can now safely provide a custom Issuer to an
- Linux Z and P support capabilities to include IBM Automation foundation Base (Kafka, Elasticsearch, Apicurio, Flink) and providing parity with x86/amd64 as a platform.
EventProcessor and EventProcessingTask
- Support for IBM LinuxOne and Power little-endian systems.
- Apache Flink upgrade to 1.13.2.
- JRE version upgrade to 11.0.11.
- Removal of the Hadoop Distributed File System (HDFS) client in the Flink image.
- Major (v3) channel addition for operands.
- Metrics for TaskManagers and Jobs.
- Mutual TLS between JobManagers and TaskManagers.
- Support for SASL Plain authentication secured Kafka.
- The image field is now required while submitting an EventProcessingTask.
Elasticsearch
- Elasticsearch on multi-zone clusters is validated.
Bedrock
- You can opt to have separate common-services namespace for each of your IBM Automation Foundation instance.
Miscellaneous
- OpenShift version 4.8.x is supported.
Fixes
- Removing a node group from the Elasticsearch spec in an
AutomationBase
CR cleans up the resources for that node group correctly. - Ability to provide additional certificates and keys to an
EventProcessor
keystore. - The use of
EventProcessors
in thespec.requirements
ofCartridgeRequirements
CR is deprecated and is replaced byOperationalDataStore
. For more information, see CartridgeRequirements.
Deprecation notice
-
The AI Operators that are used in previous releases are withdrawn in favor of Watson Core Operators for AI. Use the Watson Core operators for AI. You may get in touch with Hans Urlig for more details
-
Event Processing Operand versions
1.0.0
and2.0.0
are now deprecated in favor of Event Processing Operand version3.0.0
. However, you can continue to use these Operand versions until they are removed in 6 months from the release of IBM Automation Foundation v1.2.
What's new in version 1.1.0
Features
Event Processor
- New operand version
2.0.0
is introduced for theEventProcessor
andEventProcessingTask
custom resources. This new Operand version introduces the following features.- High Availability (HA) supported through
EventProcessor
CR. - Flink image version that is used, by default, is
1.13.0
. Flink jobs that are compiled on earlier versions of Flink do not run in the newer version unless you recompile it on version1.13.0
. For more information, see EventProcessor and EventProcessingTask Operand version 2.0.0. - Ability to configure the maximum request body size accepted by the Flink Cluster. For more information, see EventProcessor and EventProcessingTask Operand version 2.0.0.
- High Availability (HA) supported through
- With the
Event Processor
v2.0.0
operand, you don't need to specify thestorage
field for high-availability with Flink1.13.0
. For more information, see configuring high availability with Flink. - The Nginx client_max_body_size directly maps to the
CLIENT_MAX_BODY_SIZE
environment variable, which can be configured by using theEventProcessor
CR to configure the maximum request body size accepted by the Flink cluster.
IBM Automation foundation Core
- When you install the IBM Automation foundation Core Operator, the default behavior is for it to install Platform UI. You can choose to not install Platform UI by configuring
zen: false
in theAutomationUIConfig
CR YAML. - IBM Automation foundation Core Operator is now supported on IBM Z and Power Systems having a suitable OpenShift Container Platform version. For more information, see System requirements. For storage on Z and
P, you can use any available
RWX
storage class such as a managed-nfs. - Added get, list, and watch
ClusterRole
permissions to the IBM Automation foundation Core Operator forStorageClass
resources. - Added
1.1.0
version andv1.1
channel forCartridge
andAutomationUIConfig
operands.
IBM Automation foundation AI
- IBM Automation foundation AI uses the AI model training and serving capabilities from Watson Machine Learning (WML) Core. You require the WML Training and WML Serving Operators to be installed as a prerequisite before you install the IBM Automation foundation AI capability.
- The APIs provided by IBM Automation foundation AI Operators are updated from
v1aplha1
tov1beta1
to support WML Core components.
UI
- The default Platform UI home page illustration is replaced with the IBM Automation foundation illustration.
- A guided tour on the home page is introduced.
- Support for Platform UI
4.0.0
from IBM Cloud Pak foundational servicesv3.8
.
Miscellaneous
- OpenShift versions 4.7.x and 4.8.x supported. For more information, see Platform support.
- Apicurio is now made optional. The
AutomationBase
CR in IBM Automation foundation Operator is modified to make Apicurio an optional component. For the changes to theAutomationBase
CR, see Custom Resources. -
The current CRD for
Cartridge
has an inconsistency in the definition of endpoints in the status. Currently, it looks like the following.status: components: zen: endpoints: - name: cpd casecret: secretname: my-secret key: ca.crt
Where it must be like the other CRs, such as the following.
status: components: zen: endpoints: - name: cpd caSecret: secretName: my-secret key: ca.crt
casecret -> caSecret
,secretname -> secretName
Therefore, to make the transition without breaking existing users, the Cartridge 1.1.0 operand has both, such as the following.
status: components: zen: endpoints: - name: cpd casecret: secretname: my-secret key: ca.crt caSecret: secretName: my-secret key: ca.crt
Both the pairs (
casecret
,caSecret
andsecretname
,secretName
) are configured with the same values. Both the versions of the fields are completed for1.1.x
to allow the time to change tocaSecret
andsecretName
. Eventually, the incorrect version will not be completed with the value (though it is not removed from the CRD).The plan is to remove the incorrect fields with v1 of CRDs.
Fixes
- Elasticsearch snapshot storage that is defined with
volumeClaimTemplate
failed to create PVC. This issue is now fixed. - IBM Automation foundation failed installation on all namespaces on OpenShift
4.7.8
, this issue is now fixed. - All namespace installation that failed for Event Processor and Flink Operators on OpenShift
4.7.11
, is fixed. - CartridgeRequirements had a misleading
ElasticUserReady
in itsStatus
, which is now corrected. - Updated the Flink image in IBM Automation foundation to Flink
1.13.0
GA version. - With Flink HA configured, the Flink JobManager was unavailable when leader election occurs, this issue is now fixed.
- Fixed certificate renewal behavior for
EventProcessor
. Before the fix, only the first pod that is defined in the StatefulSet would have the new certificate and you had to manually restart the other JobManager pods, this issue is now fixed.
What's new in version 1.0.2
Fixes
The following fixes are included in this fix pack.
- The
CartridgeRequirements
CR is not deleted if there exists no Elasticsearch component that is installed as part of theAutomationBase
CR. This issue is now resolved and theCartridgeRequirements
CR can be deleted. - Deletion of an
AutomationUIConfig
CR orCartridge
CR creates a null pointer exception in the IBM Automation foundation Core Operator causing it to restart. The Operator now handles the deletion of those CRs correctly and no longer causes the Operator pods to restart. - When the IBM Automation foundation Core Operator processes the
AutomationUIConfig
CR, which would occur on a change of the CR or on a restart of the IBM Automation foundation Core Operator, it would restart theibm-nginx
config pods that caused potential Platform UI access issues. The processing of theAutomationUIConfig
CR now no longer causes unnecessary restart of theibm-nginx
config pods. - The
Ready
condition on theAutomationUIConfig
CR was not being set until after the Platform UI wasReady
. This behavior caused some cartridges to not be able to install. The IBM Automation foundation Core Operator now sets theReady
condition on theAutomationUIConfig
CR when it is ready and doesn't wait for Platform UI to becomeReady
first. This behavior is reverting to the same behavior provided in1.0.0
. - Some of the IBM Automation foundation Operators failed installation on OpenShift version 4.7.6+ with a status of
CreateContainerError
. This error was caused due to insufficient memory that was requested by the pods on the cluster. This issue is fixed in IBM Automation foundationv1.0.2
. If you are attempting to install IBM Automation foundation on OpenShift v4.7.6+, you must use Automation foundationv1.0.2
and not the earlier versions.
What's new in version 1.0.1
Fixes
The following fixes are included in this fix pack.
- When a Platform UI instance is being created by applying a
Cartridge
CR, the status of the CR sometimes showed an error similar toiaf-zen-cpdservice not found
. This behavior was documented as a known issue in release 1.0.0. This issue is now fixed in IBM® Automation foundation Core. - IBM Automation foundation Core generated a self-signed certificate chain that was missing the CA certificate during the creation of the
AutomationUIConfig
CR. Also, it was not allowing the user to use custom certificates to configureexternal-tls
inAutomationUIConfig
CR. With this Fix Pack, the support for use of custom certificates inAutomationUIConfig
CR is added. Documentation is updated to add instructions on updating the certificates after theAutomationUIConfig
CR is created. - The Apicurio internal URL displayed in the status (
status.components.apicurio.endpoints
) of IBM Automation foundation instance was incorrectly getting set to Automation foundation instance name. This behavior is now corrected to carry the right Apicurio internal URL. - Removed Redis from the CASE dependency for IBM Automation foundation CASE bundle.
No changes in this fix pack to the following IBM Automation foundation components.
- IBM Process Mining
- IBM Robotic Process Automation
- IBM Automation assets
What's in version 1.0
IBM® Automation foundation includes an event framework that consists of Apache Kafka&REg;, Apache Flink®, Apicurio registry, and Elasticsearch.
It builds on IBM Cloud Pak foundational services, which includes the Platform UI.
It also includes the ability to train and serve AI models by using Open Data Hub.