Kublr Release 1.28.1 (2024-06-15)

Kublr Quick Start

To quickly get started with Kublr, run the following command in your terminal:

sudo docker run --name kublr -d --restart=unless-stopped -p 9080:9080 kublr/kublr:1.28.1

The Kublr Demo/Installer docker container can be run on ARM-based machines, such as MacBook M1.

Follow the full instructions in Quick start for Kublr Demo/Installer.

Overview

The Kublr 1.28.1 release introduces several new features and improvements, including:

Support for STS role in AWS secrets
Bumped go version to v1.22.3
Added k8s v1.27.4 and v1.28.10
AWS AmazonLinux AMI filer updated to use 2024 images

All Kublr components are checked for vulnerabilities using Aquasecurity trivy scaner. In addition to these major features, the release also includes various other improvements and fixes.

Supported Kubernetes Versions

Version	Kublr Agent	Notes
1.28	1.28.10-2	Default version: v1.28.10
1.27	1.27.14-2
1.26	1.26.15-2
1.25	1.25.16-2	Deprecated in 1.29.0
1.24	1.24.13-8	End of support in 1.29.0

Important Changes

New versions of Kubernetes:
- Kubernetes v1.28 (v1.28.10 by default) support
  Kublr 1.28 CNCF Kubernetes conformance
- Kubernetes v1.27 (v1.27.14 by default) support
  Kublr 1.27 CNCF Kubernetes conformance
  Before upgrading your managed cluster, make sure to upgrade all Kublr components to v1.26.0 or above. Note that if you use Pod Security Policies (PSP) in your application deployments, be aware of the PSP end of support in Kubernetes v1.25.0.
Deprecations:
- Kubernetes v1.23 (v1.23.17/agent 1.23.17-6) has reached End of Support.
- Kubernetes v1.23 (v1.24.13 by default) deprecated and will be removed in Kublr v1.29.0
STS role support in AWS credentials added, please refer to our solution portal for detailed examples usage: Integrate Kublr Cluster with AWS IAM
Kublr ControlPlane with empty hostname Ingress rule fixed
Go version bumped to v1.22.3

Components versions

Kublr Control Plane

Component	Version
Kublr Operator	1.28.1
Kublr Control Plane	1.28.1

Kublr Platform Features

Component	Version
Kubernetes
Dashboard	v2.7.0
Kublr System	1.28.1
LocalPath Provisioner (helm chart version)	0.0.24
Ingress	1.28.1
nginx ingress controller (helm chart version)	4.8.0
cert-manager (helm chart version)	1.13.2
Centralized Logging	1.28.1
ElasticSearch	7.10.2
SearchGuard	53.6.0
Kibana	7.10.2
SearchGuard Kibana plugin	53.0.0
SearchGuard Admin	7.10.2-53.6.0
OpenSearch (helm chart version)	2.13.3
OpenSearch Dashboards	(helm chart version)
RabbitMQ	3.9.5
Curator	5.8.1
Logstash	7.10.2
Fluentd	1.16.3
Fluentbit	2.1.8
Centralized Monitoring	1.28.1
Prometheus	2.45.0 LTS
Kube State Metrics (helm chart version)	5.16.4
AlertManager	0.27.0
Grafana (helm chart version)	7.3.5
Victoria Metrics
Cluster	0.11.13
Agent	0.10.3
Alert	0.9.3

AirGap Artifacts List

To use Kublr in an airgap environment, you will need to download the following BASH scripts from the repository at https://repo.kublr.com:

You will also need to download the following Helm package archive and Docker images lists:

Supported Kubernetes Versions

v1.28

v1.27

v1.26

v1.25 (Deprecated in 1.29.0)

v1.24 (Deprecated in 1.28.0, End of support in 1.29.0)

Known Issues and Limitations

Kublr Helm manager have not Proxy server support
GCP CPD CSI driver can’t run on ARM instances with k8s prior 1.28.10 GCP compute-persistent-disk-csi-driver:v1.9.2 have not ARM manifest, and can’t be running on ARM based VM. Please use custom builded images in this case:
```
spec:
  KublrAgentConfig:
    kublr:
      docker_image:
        gce_csi_pd_driver: registry.k8s.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver:v1.9.2
```

vSphere CSI driver’s can’t propogate volume in topology aware vCenter infrastructure.

If you use CSI drivers with Topology in some cases new PVC/PV create failed with error:

Warning ProvisioningFailed   22s (x6 over 53s) csi.vsphere.vmware.com_vsphere-csi-controller failed to provision volume with StorageClass "kublr-system": 
rpc error: code = Internal desc = failed to get shared datastores for topology requirement: requisite:<segments:<key:"topology.csi.vmware.com/zone" value:"zone-key" >>
preferred:<segments:<key:"topology.csi.vmware.com/zone" value:"zone-key" > > . Error: <nil>  
Normal  ExternalProvisioning 14s (x5 over 53s) persistentvolume-controller waiting for a volume to be created, either by external provisioner "csi.vsphere.vmware.com" or manually created by system administrator

In this case, you have to delete csinode resources in your k8s API and restart all csi-node pod’s

# kubectl delete csinode --all
# kubectl delete po -n kube-system -l app=vsphere-csi-node,role=vsphere-csi