What's new in version 3.1.0
Get a quick overview of what's added, changed, improved, or deprecated in this release.
IBM® Cloud Private Version 3.1.0 introduces the following new features and enhancements:
New features
Memory
Ensure you review and verify that you meet the increased memory requirements. For more information, see Hardware requirements.
Kubernetes
-
IBM Cloud Private Version 3.1.0 is now upgraded to use Kubernetes Version 1.11.1. For more information about the features that are introduced in Kubernetes 1.11.1, see Kubernetes v1.11 Release Notes .
-
Dynamically update the Kubelet configuration on a node. See Reconfiguring Kubelet in a live cluster.
Catalog
You can now view the catalog by category. See Managing charts and apps.
Image management
You can now control where images are deployed from, enforce Vulnerability Advisor (VA) policies. See Enforcing container image security .
Network
-
The encryption of data network traffic by using IPsec can now be made Federal Information Processing Standard (FIPS) compliant. See Encrypting cluster data network traffic with IPsec.
-
VMware NSX-T is upgraded to Version 2.3.
-
You can integrate IBM Cloud Private with F5 BIG-IP Controller for Kubernetes. See Integrating IBM Cloud Private with F5 BIG-IP Controller for Kubernetes.
Storage
-
You can now configure GlusterFS by installing the GlusterFS Helm chart. See Configuring GlusterFS after IBM Cloud Private installation.
-
Minio is a lightweight, Amazon S3-compatible object storage server. Configure Minio by installing the Helm chart. See Minio.
-
You can now use a vSphere storage policy to dynamically provision a persistent volume. For more information about storage policy based management (SPBM), see Storage Policy Based Management for dynamic provisioning of volumes .
Security
You can now configure single sign-on (SSO) between IBM Cloud Private and your enterprise identity source. For more information, see Configuring single sign-on.
You can now generate and manage certificates with the shared Kubernetes and IBM Cloud Private service cert-manager (certificate manager). To use cert-manager, see Creating certificates.
IBM Cloud Private enforces image policies. There are multiple ways to create an image enforcement policy and you can create a policy by using the IBM Cloud Private Web console. For more information, see Image security enforcement by using the IBM Cloud Private Web console .
IBM Cloud Private CLI
The bx pr
command is now cloudctl
. You can run cloudctl
to view information about your cluster, manage your cluster, install Helm charts, and more. The IBM Cloud Private command line interface (CLI) supports,
but no longer requires, the IBM Cloud CLI. For more information, see Managing your cluster with the IBM Cloud Private CLI.
Changes to the IBM Cloud Private CLI are described in the following list:
-
From the IBM Cloud Private management console, you can install multiple CLI tools. Click Menu > Command Line Tools > Cloud Private CLI to learn how to install the following command line tools:
- IBM Cloud Private CLI and plug-ins
- Helm
- Kubectl CLI
- Istio CLI
-
All
bx pr
commands are nowcloudctl
. Many commands now contain namespaces, such ascloudctl catalog load-chart
. Runcloudctl -h
for a complete list of commands. - The
cluster-config
command was removed. You can now runcloudctl login
to configure kubectl and Helm. - The process to load Helm charts improved, specifically for users without Internet connectivity. For example, with the IBM Cloud Private CLI, you can create archives of Helm charts that include chart images, and you can load them into the cluster without connection. See Adding featured applications to clusters without Internet connectivity for more commands.
Istio
You can now connect, secure, control and observe your microservices with Istio service mesh. Istio makes it easy to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without any changes in service code. See Working with Istio for more information.
Vulnerability Advisor
Vulnerability Advisor (VA) now supports cross-architecture image scanning by using QEMU (Quick EMUlator). You can scan Linux® on Power® (ppc64le) CPU architecture images with VA running on Linux® x86_64 nodes. Alternatively, you can scan Linux® x86_64 CPU architecture images with VA running on Linux® on Power® (ppc64le) nodes.
You can also use the Mutation Advisor, a change detection mechanism, to alert personnel to unauthorized modification of critical system files, configuration files, content files, and OS process. See Mutation Advisor.
Management services
There is a updated format for listing the management services in the config.yaml
file. See Enabling and disabling IBM Cloud Private management services.
IBM Cloud Private Web console
-
You can create a Service ID by using the IBM Cloud Private Web console. See Creating a service ID by using the IBM Cloud Private Web console.
-
You can manage your image security enforcement by using the IBM Cloud Private Web console. See Enforcing container image security.
Audit logging
The audit logging feature in IBM Cloud Private provides the capability to collect audit logs generated by various management services and the Kubernetes API server and send them to Elasticsearch. See Audit logging in IBM Cloud Private.
NVIDIA GPU device plug-in
IBM Cloud Private now uses Kubernetes device plug-in framework for managing graphical processing unit (GPU) devices. For more information about Kubernetes device plug-ins, see Device Plugins .
Supported operating systems
IBM Cloud Private now supports Ubuntu 18.04 LTS.
Supported environments
IBM Cloud Private with OpenShift
IBM® and Red Hat have partnered to provide a joint solution that uses IBM Cloud Private and OpenShift. You can now deploy IBM certified software containers that are running on IBM Cloud Private onto Red Hat OpenShift. When you install IBM Cloud Private with OpenShift, IBM Cloud Private provides the IBM Cloud Private experience, management, and operations for applications and uses OpenShift's Kubernetes and Docker registry that is already installed by Red Hat. For more information, see IBM Cloud Private with OpenShift overview.
IBM Cloud Private on AWS Quick Start
This Quick Start automatically deploys IBM Cloud Private into a new virtual private cloud (VPC) on the Amazon Web Services (AWS) Cloud. A regular deployment takes about 60 minutes, and a high availability (HA) deployment takes about 75 minutes to complete. The Quick Start includes AWS CloudFormation templates and a deployment guide. For more information, see IBM Cloud Private on AWS.
Technology previews
The following technology previews are new for this version. For all of the features that are available in IBM® Cloud Private as technology preview code (TPC) only, see the Technology preview section.
- Running kube-proxy in IP Virtual Server (IPVS) mode. See Manage kube-proxy by using IPVS.
- Manage and secure microservices with Istio. See Working with Istio.
- Pod auto scaling by using custom metrics. See Horizontal pod auto scaling by using custom metrics.
- Using containerd as a runtime for cluster nodes. See Installing IBM Cloud Private by using containerd.
- Isolating network and compute environments. See Isolating network and compute environments.
Federal Information Processing Standards (FIPS)
Federal Information Processing Standards (FIPS) are information technology standards that are developed by the United States federal government. See IBM Cloud Private platform considerations for FIPS compliance for information about FIPS compliance in IBM Cloud Private.
IBM Cloud Private Cloud Foundry changes
For the details of changes to IBM Cloud Private Cloud Foundry, see What's new in IBM Cloud Private Cloud Foundry Version 3.1.0.
Featured applications
Kibana Helm chart removed from the public repository
Beginning March 8, 2019, the ibmcom/ibm-icplogging-kibana
was removed from the public repository in the IBM Cloud Private Catalog. The Kibana instance is installed automatically, and can be enabled. See Kibana for more information.
Moved Helm charts
- The
ibmcom/ibm-icplogging
chart was moved from the public repository to themgmt-charts
repository. - The
ibmcom/ibm-icpmonitoring
chart was moved from the public repository to themgmt-charts
repository.
What changed
-
With the introduction of IBM Cloud Private Version 3.1.0, the following package versions changed:
-
Kubernetes is upgraded from Version 1.10.0 to Version 1.11.0.
- NGINX Ingress controller is upgraded from Version 0.13.0 to Version 0.16.2.
- GlusterFS is upgraded from Version 3.12 to Version 4.0.2.
- Calico is upgraded from Version 3.0.4 to Version 3.1.3.
-
Helm CLI is upgraded from Version 2.7.2 to 2.9.1.
-
The
Logs
tab for platform UI pages is no longer available. For information about viewing logs, see Events and logs (cluster management console).