[DRBD-announce] linstor-operator v1.1.0 release
Moritz Wanzenböck
moritz.wanzenboeck at linbit.com
Thu Oct 15 15:03:37 CEST 2020
Dear LINSTOR on Kubernetes users
We just released version 1.1.0 of our operator! If you are new to the
LINSTOR Operator, check out the users guide[1].
This release, we focused on integrating with existing authorization
tools in your Kubernetes cluster. All containers are started with the
minimum set of privileges required to run. We also provide integration
for Pod Security Policies and Security Context Constraints if required.
Another improvement we made: You can now run the LINSTOR Controller as
a deployment with multiple replicas! This requires a very recent
version of the LINSTOR image, so make sure to update to LINSTOR v1.9.0
in advance.
For details on upgrading from a previous version, check out the upgrade
guide[2].
To get a full list of all available options, you can check out the
settings reference[3].
The latest releases of linstor-operator are available here[4].
Upstream code can be found here[5].
Best regards,
Moritz
[1]:
https://www.linbit.com/drbd-user-guide/linstor-guide-1_0-en/#ch-kubernetes
[2]:
https://github.com/piraeusdatastore/piraeus-operator/blob/v1.1.0/UPGRADE.md#upgrade-from-v10-to-v11
[3]:
https://github.com/piraeusdatastore/piraeus-operator/blob/v1.1.0/doc/helm-values.adoc
[4]: https://charts.linstor.io/
[5]: https://github.com/piraeusdatastore/piraeus-operator
The changes in detail:
Breaking changes
----------------
* The LINSTOR Controller deployment requires a recent image version (>=
v1.9.0). Older images
will fail to register with the Kubernetes service.
Added
-----
* LINSTOR controller can be started with multiple replicas. Set
'operator.controller.replicas'.
* The pv-hostpath helper chart automatically sets up permissions for
non-root etcd containers.
* Disable securityContext enforcement by setting
'global.setSecurityContext=false'.
* Add cluster roles to work with OpenShifts SCC system.
* Control volume placement and accessibility by using CSIs Topology
feature. Controlled by setting 'csi.enableTopology=true'.
* All pods use a dedicated service account to allow for fine-grained
permission control.
* The new helm section 'psp.*' can automatically configure the
ServiceAccount of all components to use the appropriate PSP roles.
Changed
-------
* Default values:
- 'operator.controller.controllerImage':
drbd.io/linstor-controller:v1.9.0
- 'operator.satelliteSet.satelliteImage':
drbd.io/linstor-satellite:v1.9.0
- 'stork.storkImage': docker.io/openstorage/stork:2.5.0
* linstor-controller no longer starts a privileged container.
Removed
-------
* legacy CRDs (LinstorControllerSet, LinstorNodeSet) have been removed.
* v1alpha CRD versions have been removed.
More information about the drbd-announce
mailing list