ⓘ You are viewing the documentation for older DKP releases. If you're looking for the new help center that includes the latest DKP release, go to https://docs.d2iq.com.
Update Debian base container images to version stable-20191118-slim.
Remove timeout option from dcos kubernetes cluster update command. Now you need to check the status of deployment plan after initiating a package options update or a package version update. Use dcos kubernetes cluster debug plan show deploy to check when the update operation finished. This is in line with other DC/OS frameworks behavior.
Add node controller from calico/kube-controllers that watches for the removal of Kubernetes nodes and removes corresponding data from Calico.
Bug Fixes
Fix a bug where sometimes a Kubernetes pod is assigned an IP from a calico-node. Changes the default Calico CNI plugin from host-local to calico-ipam. When upgrading to this MKE version installing the mandatory-addons will take longer since it has to ensure Calico deployment finishes upgrading to calico-ipam before proceeding.
Documentation
Add instructions to install Gatekeeper and how to use it as a replacement for Kubernetes PodSecurity policies.
Changelog since 2.4.4-1.15.4
Improvements
Kubernetes 1.15.5
Docker 19.03.3
Bug Fixes
Fix an issue where the kubelets running in control-plane tasks sometimes report invalid allocatable resources for pods.
Ensure that control-plane kubelets are always labeled correctly.
Changelog since 2.4.3-1.15.3
Improvements
Kubernetes 1.15.4
Bug Fixes
Disable Api server insecure port. It was only accessible via localhost on the kube-control-plane task, but to be CIS compliant, we now set the --insecure-port flag to 0.
Changelog since 2.4.2-1.15.3
Improvements
dcos-commons 0.57.0
Adds configuration options for DC/OS Quota support. See Quota Support for more details.
Control Plane tasks are now launched with labels that support auto exposure of Kubernetes API via EdgeLB
Version 2.4.2-1.15.3
Changelog since 2.4.1-1.15.2
Improvements
Kubernetes 1.15.3
dcos-commons 0.56.3
Adds configuration options to enable Kubernetes auditing. Kubernetes auditing provides a security-relevant chronological set of records. These document the sequence of activities that have affected the system by users, administrators or other components of the system.
Changelog since 2.4.0-1.15.1
Improvements
Kubernetes 1.15.2
Docker 19.03.1
Calico 3.8.1
CoreDNS 1.6.1
dcos-commons 0.56.2
Improve security of kube-nodes by mounting required host volumes read only.
Bug Fixes
Fix a bug where a custom OIDC certificate file isn’t available to the Kubernetes Apiserver when OIDC support is enabled.
Changelog since 2.3.3-1.14.3
Improvements
Kubernetes v1.15.1
CoreDNS v1.5.0
Calico v3.8.0
dcos-commons v0.56.1
Add option to deploy etcd cluster with 5 nodes. When high_availability is set to “true” in the package JSON, a Kubernetes cluster with 3 etcd nodes will be created. However, some Kubernetes clusters require more than 3 etcd nodes for production. Cluster administrators can use this option for those scenarios. This option will provision 5 etcd nodes for the Kubernetes cluster instead. Deploying an etcd cluster with 5 nodes requires a cluster with at least 5 private agents.
Add required options to configure an OIDC authentication provider for the Kubernetes API Server. See Configuring the API Server for more information.
Bug Fixes
Disable API server anonymous authentication
Fix a bug where Kubernetes clusters created under a DC/OS folder don’t export metrics with the correct Kubernetes cluster name.
Changelog since 2.3.2-1.14.1
Improvements
Kubernetes 1.14.3.
Calico 3.7.2.
Changelog since 2.3.1-1.14.2
Improvements
Add media types required to show dropdown box in secrets and service account configuration. This UI feature will ship as an update and with DC/OS 1.13.1. It is not part of 1.13.0. It is backwards compatible such that a simple text input is displayed on older versions of the UI.
Bug Fixes
Downgrade to Kubernernetes 1.14.1 to mitigate https://github.com/kubernetes/kubernetes/issues/78308.
Correctly configure TLS for the Kubernetes API server to work with intermediate CA certificates.
Add option to expose Kubernetes cluster metrics. If dcos-monitoring package is installed, the Kubernetes cluster metrics are automatically ingested by DC/OS metrics pipeline.
Allow for defining the maximum amount of disk space taken by pods’ containers’ log files (defaults to 1MB).
The default can be overriden by setting the kubernetes.maximum_container_log_size configuration option.
Expose the Kubernetes controller manager secure port to access metrics with authentication and authorization, and disable the localhost insecure port.
Expose the scheduler secure port to access metrics with authentication and authorization, and disable the localhost insecure port.
Improve security of kubelet unauthenticated healthz endpoint by only binding to localhost.
Improve security of kube-proxy unauthenticated healthz endpoint by only binding to localhost.
Enable unauthenticated etcd /metrics endpoint on port 2381 by default. Available using DCOS VIP http://etcd-N-peer.${KUBERNETES_CLUSTER_NAME}.autoip.dcos.thisdcos.directory:2381/metrics where N is the task instance index.
Changelog since 2.2.0-1.13.3
Improvements
Kubernetes v1.13.4
Docker v18.09.3
Calico v3.5.2
Support for Mesos pre-reserved roles for etcd, control-plane, public-node and private-node, and placement rules for etcd.
Modify how etcd placement constraints are defined, there is now a separate etcd.placement option. For backwards compatibility, if left empty, the value from kubernetes.control_plane_placement will be used.
Bug Fixes
Fix a bug where sometimes Kubernetes workloads running on public agents would not have access to Kubernetes workloads running on private agents.
Fix a bug where using --path-to-custom-ca in dcos kubernetes cluster kubeconfig resulted in an improperly encoded certificate-authority-data in the generated kubeconfig file.
Add section Mesos Roles to Advanced Installation page.
Version 2.2.0-1.13.3
Changelog since 2.1.1-1.12.5
Improvements
Kubernetes v1.13.3
dcos-commons v0.55.4
CoreDNS v1.3.1
Enable CSI features required for CSI integration.
Automate the task replacement when a DC/OS agent is decommissioned.
Allow changing automated DC/OS proxy configuration into Kubernetes cluster tasks.
Bug Fixes
Fix a bug where providing --aws-session-token for cluster backup and cluster restore commands did not actually work.
Fix a bug affecting clusters in which the Kubernetes service CIDR or Calico network CIDR overlapped with Docker’s default bridge network by disabling the bridge.
Documentation
Add a Storage page documenting Container Storage Interface (CSI).
Version 2.1.1-1.12.5
Changelog since 2.1.0-1.12.3
Improvements
dcos-commons v0.55.0
Kubernetes v1.12.5
Docker v18.09.1
Kubernetes Dashboard v1.10.1
Enable local-dns-dispatcher in control plane tasks.
Bug Fixes
Fix a bug that might cause pods that have resource limits crash on RHEL based systems. The issue is related to Linux kmem accounting turned-on by default by runc. We now turn-off kmem accounting on RHEL-based systems, and on these systems alone. No user intervention is needed, however all of Kubernetes cluster tasks will be replaced, which may cause some downtime.
Version 2.1.0-1.12.3
Changelog since 2.0.1-1.12.2
Improvements
dcos-commons v0.54.3
Kubernetes v1.12.3
CoreDNS v1.2.6
Calico v3.2.4
Enable --peer-client-cert-auth for etcd. When set, etcd will check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA.
Enable the selection of the desired region where to deploy the Kubernetes cluster.
Add the new flag --force in the cluster update command to force the update of the cluster configuration.
Support relative paths in --path-to-custom-ca for cluster kubeconfig command, e.g. --path-to-custom-ca=./my-custom-ca.pem.
Move the validation of the service configuration to the Mesosphere Kubernetes Engine.
Enable --aws-session-token for cluster backup and cluster restore commands. The AWS session token can now be used as part of the AWS credentials.
Increase the number of retries an etcd task will perform during installation to resolve its own DNS name. This should prevent etcd tasks from getting stuck in a retry loop on larger clusters.
Bug Fixes
Fix a bug that might cause segfault when running dcos kubernetes cluster kubeconfig.
Documentation
Documentation section on how to upgrade the kubernetes package.
Version 2.0.1-1.12.2
Changelog since 2.0.0-1.12.1
Improvements
dcos-commons v0.54.2.
Kubernetes v1.12.2
Bug Fixes
Fix a bug affecting use of private Docker registries.
Public Kubernetes nodes now reserve ports 80 and 443 of the underlying public DC/OS agent to help prevent issues with port binding, and to making them available for Ingress.
Installation and package options upgrades are now faster.
Scaling up a cluster is now performed in parallel and therefore faster. Scaling down a cluster is still performed serially to ensure workload stability while decommissioning Kubernetes nodes.
Bug Fixes
Fix a bug that might cause kube-node and kube-node-public tasks to freeze in the STARTED state, causing installations or upgrades to stop indefinitely.
Fix a bug that could forever fail to run public Kubernetes node tasks.
Fix a bug affecting node decommission that could cause Kubernetes apps temporary downtime.
Documentation
Add an Overview page explaining in detail what changed since the 1.x series of releases.
Add a CLI page detailing the new Mesosphere Kubernetes Engine CLI.
Kubernetes Documentation