[DRBD-announce] linstor-operator v1.1.0 release

Moritz Wanzenböck moritz.wanzenboeck at linbit.com
Thu Oct 15 15:03:37 CEST 2020 

Dear LINSTOR on Kubernetes users

We just released version 1.1.0 of our operator! If you are new to the 
LINSTOR Operator, check out the users guide[1].

This release, we focused on integrating with existing authorization 
tools in your Kubernetes cluster. All containers are started with the 
minimum set of privileges required to run. We also provide integration 
for Pod Security Policies and Security Context Constraints if required.

Another improvement we made: You can now run the LINSTOR Controller as 
a deployment with multiple replicas! This requires a very recent 
version of the LINSTOR image, so make sure to update to LINSTOR v1.9.0 
in advance.

For details on upgrading from a previous version, check out the upgrade 
guide[2].
To get a full list of all available options, you can check out the 
settings reference[3].

The latest releases of linstor-operator are available here[4].
Upstream code can be found here[5].

Best regards,
Moritz

[1]: 
https://www.linbit.com/drbd-user-guide/linstor-guide-1_0-en/#ch-kubernetes
[2]: 
https://github.com/piraeusdatastore/piraeus-operator/blob/v1.1.0/UPGRADE.md#upgrade-from-v10-to-v11
[3]: 
https://github.com/piraeusdatastore/piraeus-operator/blob/v1.1.0/doc/helm-values.adoc
[4]: https://charts.linstor.io/
[5]: https://github.com/piraeusdatastore/piraeus-operator

The changes in detail:

Breaking changes
----------------
* The LINSTOR Controller deployment requires a recent image version (>= 
v1.9.0). Older images
  will fail to register with the Kubernetes service.

Added
-----
* LINSTOR controller can be started with multiple replicas. Set 
'operator.controller.replicas'.
* The pv-hostpath helper chart automatically sets up permissions for 
non-root etcd containers.
* Disable securityContext enforcement by setting 
'global.setSecurityContext=false'.
* Add cluster roles to work with OpenShifts SCC system.
* Control volume placement and accessibility by using CSIs Topology 
feature. Controlled by setting 'csi.enableTopology=true'.
* All pods use a dedicated service account to allow for fine-grained 
permission control.
* The new helm section 'psp.*' can automatically configure the 
ServiceAccount of all components to use the appropriate PSP roles.

Changed
-------
* Default values:
  - 'operator.controller.controllerImage': 
drbd.io/linstor-controller:v1.9.0
  - 'operator.satelliteSet.satelliteImage': 
drbd.io/linstor-satellite:v1.9.0
  - 'stork.storkImage': docker.io/openstorage/stork:2.5.0
* linstor-controller no longer starts a privileged container.

Removed
-------
* legacy CRDs (LinstorControllerSet, LinstorNodeSet) have been removed.
* v1alpha CRD versions have been removed.

More information about the drbd-announce mailing list