What's new in version 3.1.2
Get a quick overview of what's added, changed, improved, or deprecated in this release.
IBM® Cloud Private Version 3.1.2 introduces the following new features and enhancements:
- Installation and upgrade
- Security and compliance
- Network
- Storage
- Performance improvements
- Azure as a cloud provider
- IBM Cloud Private on AWS Quick Start
- IBM Cloud Private management console
- IBM Cloud Private CLI (cloudctl)
- Package version changes
- IBM Cloud Private Cloud Foundry
- IBM Multicloud Manager
- Technology preview
- Troubleshooting and support
Installation and upgrade
Application availability during IBM Cloud Private upgrade
When you upgrade from version 3.1.0 and higher to version IBM Cloud Private in a high availability IBM Cloud Private cluster, application pods continue to run during the upgrade. In general, traffic to applications continues to be routed even as management components are upgraded. During the upgrade, a brief outage can occur during the kube-dns upgrade; and a brief interruption can occur if an external load balancer is used to manage traffic to the cluster ingress.
Multi-release upgrade
IBM Cloud Private now supports upgrading from 3.1.0 to 3.1.2 in addition to upgrading from 3.1.1 to 3.1.2. For more information, see Upgrading.
Manage from Linux® on IBM® Z and LinuxONE
You can install a complete IBM Cloud Private cluster on Linux® on IBM® Z and LinuxONE, as introduced in a technology preview in IBM Cloud Private 3.1.1. You can install the cluster in a high availability configuration. For production environments, installing Z worker nodes with either a Linux® or Linux on Power® management plan is supported. For the instructions on how to install the IBM Cloud Private on Linux® on IBM® Z and LinuxONE, see Installing IBM Cloud Private on Linux® on IBM® Z and LinuxONE .
Password changes at installation time
New for 3.1.2, you must define the default cluster administrator password during IBM Cloud Private and IBM Cloud Private with OpenShift installation. The IBM Cloud Private installer no longer supplies a default password that could be changed before
starting the installation. You can set the default admin password in the config.yaml file when you configure your cluster before deployment. The password also has new enforcement rules. You can change the default password rules by
using a new password_rules parameter in the config.yaml file. After installation, you can change the default password by using the IBM Cloud Private CLI (cloudctl) pm commands. For more information, see the following
topics:
- Installing IBM Cloud Private Cloud Native, Enterprise, and Community editions
- Installing IBM Cloud Private with OpenShift
- Customizing the cluster with the config.yaml file
- Changing the cluster administrator access credentials
IBM Power installation requirements
There are some recommendations for configuration settings when you are installing IBM Cloud Private in an IBM Power environment. These recommendations apply to both the operating system and the IBM Cloud Private installation. See Configuring for an IBM Power environment for more information.
Security and compliance
Key rotation support
IBM Cloud Private now supports rotating client root keys that are managed by the IBM Cloud Private Key Protect service. For more information, see Rotating a key.
System use notification message
IBM Cloud Private supports configuring a system use notification message for your environment. For more information, see Configuring a system use notification message.
Mutation Advisor whitelist support
IBM Cloud Private Mutation Advisor now supports configuring whitelists of common file and process mutations to reduce false alarms. The system generates candidate whitelists that can be either enabled or disabled in the management console. For more information, see Configuring Mutation Advisor whitelists.
Cluster endpoints and ConfigMap
You can find information about the endpoints in your IBM Cloud Private cluster. See IBM Cloud Private endpoints.
The ibmcloud-cluster-info ConfigMap includes configuration information about your IBM Cloud Private cluster. See Cluster configuration ConfigMap.
Audit
Audit logging adoption guide is added. For more information, see Audit logging adoption guide.
Additional security and compliance changes
IBM Cloud Private Vulnerability Advisor now supports scanning images based on the Alpine 3.8 operating system.
You must use port 8443 to access OpenID Connect (OIDC) services.
Direct access to all Identity and Access Management (IAM) services in the kube-system namespace by using the internal cluster network are deprecated. Use must use the management ingress controller endpoint on port 8443 to access these
services.
You can find information about updating the LDAP search cache variable values. See Changing LDAP search cache variable values.
You can change Logjam, and LDAP cache and search settings. For more information, see IAM for IBM Cloud Private platform users and Troubleshooting users and user groups search issues.
Added instructions for specifying TLS ciphers for etcd and Kubernetes after the installation of your IBM® Cloud Private cluster. For more information, see Specifying TLS ciphers for etcd and Kubernetes after IBM Cloud Private installation.
NodePort connection enabled to communicate with Tiller
By using a NodePort connection with Tiller, team administrators and operators do not need access to the kube-system namespace to manage Helm charts with the IBM Cloud Private CLI. See Configuring nodePort for installing Helm charts for more information.
Network
IPsec mesh can be enabled or disabled after IBM Cloud Private installation. For more information, see Enabling IPsec mesh after IBM Cloud Private installation.
Storage
Metering support for storage
IBM Cloud Private is now able to report on storage usage by tracking persistent volume claims. For more information, see Viewing metering reports.
Gluster storage cluster
The default configuration is to use three storage nodes to configure GlusterFS storage cluster. However, you can now use less than three storage nodes to configure GlusterFS storage cluster. The minimum requirement is one storage node.
External Ceph RBD
You can now integrate your external Ceph RBD cluster with your IBM Cloud Private cluster. For more information, see External Ceph RBD.
Performance improvements
Support for Solution Paks
IBM Cloud Private now supports installing Solution Paks, which are bundled Cloud Paks (software products) that are enterprise grade, secure, lifecycle-managed, and integrated. Solution Paks are installed by using the Catalog in the management console. See Identifying IBM Solution Paks for more information.
Use CRDs for Grafana dashboard and alert rules
Now you can create your own custom Grafana dashboards and alert rules by using CRDs and have them installed and managed by IBM Cloud Private. For more information, see Managing Grafana dashboards and Alerts.
Helm release list
In earlier releases of IBM Cloud Private, large numbers of Helm releases had to be viewed by using the CLI. Beginning with IBM Cloud Private 3.1.2, you can view a much larger number of Helm release entries when you select Workloads > Helm Releases in the IBM Cloud Private web console menu.
Azure as a cloud provider
You can now enable Microsoft Azure as a cloud provider for IBM Cloud Private deployment and take advantage of all the IBM Cloud Private features on the Azure public cloud. For more information, see IBM Cloud Private on Azure.
IBM Cloud Private on AWS Quick Start
This Quick Start automatically deploys IBM Cloud Private into a new virtual private cloud (VPC) on the Amazon Web Services (AWS) Cloud. A regular deployment takes about 60 minutes, and a high availability (HA) deployment takes about 75 minutes to complete. The Quick Start includes AWS CloudFormation templates and a deployment guide. For more information, see IBM Cloud Private on AWS.
IBM Cloud Private management console
You can now click anywhere in a row on a table to view details. The entire row links to the appropriate details for the row that you selected.
IBM Cloud Private CLI (cloudctl)
The product documentation and the IBM Cloud Private management console now point to the CLI tools guide, where you can find installation instructions for all available CLI tools, and references to the IBM Cloud Private CLI (cloudctl). For more information, see the CLI tools guide.
You now need to run the cloudctl helm-init command after you run cloudctl login to get your defined NodePort to allow the Helm client to access the Tiller service. The cloudctl helm-init command returns the
Helm Tiller NodePort value that you need to use to define the environment variable HELM_HOST. The HELM_HOST variable configures the Helm CLI to connect to the cluster. See Configuring nodePort for installing Helm charts for more information.
Additionally, IBM Cloud Private CLI auto-complete for Bash and Zsh is now available to help you complete commands. To set up auto-complete, see the cloudctl completion command description in IBM Cloud Private general CLI commands (cloudctl).
Smaller archive images
The method for creating archive files has been improved to save images in batch to avoid duplication in shared layers. This substantially reduces the overall size of the archive file. To enable space-saving, you can add the --batch-images flag to the cloudctl catalog create-archive command.
Retrieve metering reports
You can now use the IBM Cloud Private CLI to retrieve metering reports so that you can view and download detailed usage metrics for your applications and cluster. For a complete list of commands and command usage, see IBM Cloud Private metering commands. See IBM Cloud Private metering service to learn more about metering.
Package version changes
With the introduction of IBM Cloud Private version 3.1.2, the following package versions changed:
| Package | Version | Note |
|---|---|---|
| Kubernetes | 1.12.4 | Upgraded from version 1.11.3. |
| NGINX Ingress controller | 0.21.0 | Upgraded from version 0.19.0 |
| GlusterFS | 4.1.5 | Upgraded from version 4.0.2 |
| Calico | 3.3.1 | Upgraded from version 3.1.3 |
| Helm CLI | 2.9.1 | Upgraded from version 2.7.2 |
| Helm Tiller | 2.9.1 | |
| Istio | 1.0.2 | Upgraded from version 1.0.0 |
IBM Cloud Private Cloud Foundry
For the details of changes to IBM Cloud Private Cloud Foundry, see What's new in IBM Cloud Private Cloud Foundry Version 3.1.2.
IBM Multicloud Manager
Visualize and monitor multiple clusters with IBM Multicloud Manager. You can ensure that your clusters are secure, operating efficiently, and delivering the service levels that applications expect when you install IBM Multicloud Manager on your IBM Cloud Private clusters. See IBM Multicloud Manager getting started for more information.
IBM Multicloud Manager-CE optional configuration:
IBM Cloud Private users now have access to IBM Multicloud Manager-CE, which provides user visibility, application-centric management (policy, deployments, health, operations), and policy-based compliance across clouds and clusters, and is available at no charge. Note: You must have IBM Cloud Private monitoring enabled.
After you install IBM Cloud Private with monitoring enabled, click Catalog from the IBM Cloud Private management console. Find the following charts in All Categories > DevOps for optional configuration:
- IBM Multicloud Manager controller chart, which is the hub-cluster:
ibm-mcm-dev - IBM Multicloud Manager Klusterlet chart, which is the managed-cluster:
ibm-mcmk-dev
Configuration from IBM Cloud Private management console is the best-practice configuration, but you can also enable the following management services to use IBM Multicloud Manager, which are disabled by default during IBM Cloud Private installation.
Note: You must enable each one during two seperate IBM Cloud Private cluster installations. You cannot enable both the hub and endpoint in the same installation procedure:
multicluster-hub: disabled
multicluster-endpoint: disabled
See Configuring IBM Multicloud Manager-CE for instructions to enable in the IBM Cloud Private management console and the config.yaml file.
Technology preview
The following technology previews are new for this version. For all of the features that are available in IBM® Cloud Private as technology preview code (TPC) only, see the Technology preview section.
Windows node
IBM Cloud Private now supports Windows™ worker nodes as a technology preview. You can add a Windows worker node to an existing IBM Cloud Private cluster. Afterward, you can deploy a Windows application to the Windows node. For more information, see Adding a Windows worker node to the IBM Cloud Private cluster.
IBM Cloud Private node problem detector and Draino
When problems are detected, IBM Cloud Private can use the node problem detector and Draino to identify problem nodes and then unschedule and drain them so that the issues can be resolved and the pods rescheduled. For more information, see IBM Cloud Private node problem detector and Draino.
Restricting access to platform services
Configure platform security network policies to restrict access to platform services. For more information, see Restricting access to platform services.
Featured applications
Kibana Helm chart removed from the public repository
Beginning March 8, 2019, the ibmcom/ibm-icplogging-kibana was removed from the public repository in the IBM Cloud Private Catalog. The Kibana instance is installed automatically, and can be enabled. See Kibana for more information.
Moved Helm charts
- The
ibmcom/ibm-icploggingchart was moved from the public repository to themgmt-chartsrepository. - The
ibmcom/ibm-icpmonitoringchart was moved from the public repository to themgmt-chartsrepository.
Troubleshooting and support
To debug your issues, you can see whether your reported problem was fixed in the release. For the list, see Fixed reported problems.