From d18753ee4093578da4fcd69b204e43892b54888e Mon Sep 17 00:00:00 2001 From: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Date: Wed, 23 Oct 2024 22:44:18 +1300 Subject: [PATCH 1/9] chore: update ui submodule for correct email and copyright year in the footer (#675) --- ui | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui b/ui index 76c886f69..32aa024ff 160000 --- a/ui +++ b/ui @@ -1 +1 @@ -Subproject commit 76c886f697a9cba354ea7affd6753fe51d132641 +Subproject commit 32aa024ffb2fca74fe1045ba7543688e063c2091 From c393f5ccf7e928a829b3528229e08b4d13d8145a Mon Sep 17 00:00:00 2001 From: Malte Sander Date: Wed, 23 Oct 2024 14:54:25 +0200 Subject: [PATCH 2/9] Add configuring cluster domain guide (#673) * initial cluster domain docs * add note in kubernetes section for cluster domain * fix link * fixes * Apply suggestions from code review Co-authored-by: Sebastian Bernauer * rename to kubernetes-cluster-domain.adoc * fix typo * review comments * remove auto-dectection explanation * Update modules/guides/pages/kubernetes-cluster-domain.adoc Co-authored-by: Sebastian Bernauer --------- Co-authored-by: Sebastian Bernauer Co-authored-by: Sebastian Bernauer --- modules/ROOT/pages/kubernetes/index.adoc | 5 +++++ modules/guides/nav.adoc | 1 + .../guides/pages/kubernetes-cluster-domain.adoc | 15 +++++++++++++++ 3 files changed, 21 insertions(+) create mode 100644 modules/guides/pages/kubernetes-cluster-domain.adoc diff --git a/modules/ROOT/pages/kubernetes/index.adoc b/modules/ROOT/pages/kubernetes/index.adoc index a515cf95b..a525bd2a1 100644 --- a/modules/ROOT/pages/kubernetes/index.adoc +++ b/modules/ROOT/pages/kubernetes/index.adoc @@ -77,3 +77,8 @@ Kubernetes control plane is running at https://127.0.0.1:6443 CoreDNS is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy Metrics-server is running at https://127.0.0.1:6443/api/v1/namespaces/kube-system/services/https:metrics-server:https/proxy ---- + +=== Configuring the cluster domain + +In case a non-default cluster domain is used as described in https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/[Customizing DNS Service], +Stackable operators can be configured accordingly. This is described in detail in the xref:guides:kubernetes-cluster-domain.adoc[Configuring the Kubernetes cluster domain] guide. diff --git a/modules/guides/nav.adoc b/modules/guides/nav.adoc index f61767420..12e65a172 100644 --- a/modules/guides/nav.adoc +++ b/modules/guides/nav.adoc @@ -4,3 +4,4 @@ ** xref:running-stackable-in-an-airgapped-environment.adoc[] ** xref:viewing-and-verifying-sboms.adoc[] ** xref:enabling-verification-of-image-signatures.adoc[] +** xref:kubernetes-cluster-domain.adoc[] diff --git a/modules/guides/pages/kubernetes-cluster-domain.adoc b/modules/guides/pages/kubernetes-cluster-domain.adoc new file mode 100644 index 000000000..d10e9fda7 --- /dev/null +++ b/modules/guides/pages/kubernetes-cluster-domain.adoc @@ -0,0 +1,15 @@ += Configuring the Kubernetes cluster domain +:description: Configure Stackable operators to use a different cluster domain other than 'cluster.local'. +:dns-custom-nameservers: https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/ +:dns-pod-service: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + +Stackable operators allow the configuration of a non-default cluster domain as described in {dns-custom-nameservers}[Customizing DNS Service] (and more in {dns-pod-service}[DNS for Services and Pods]). + +The cluster domain can be configured using an environment variable `KUBERNETES_CLUSTER_DOMAIN` set on the operators. +This environment variable can be configured via the helm values property `kubernetesClusterDomain` during the installation of the operators. + +``` +helm install -operator stackable-stable/-operator --set kubernetesClusterDomain="my-cluster.local" +``` + +If the environment variable `KUBERNETES_CLUSTER_DOMAIN` (or the helm property `kubernetesClusterDomain`) are not set / overriden, the operator will default the cluster domain to `cluster.local`. From eb2d2a79f5e59b0c7b99775d63cfe17920c37058 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Mon, 4 Nov 2024 12:23:22 +0100 Subject: [PATCH 3/9] Link to product image version concepts page from relevant ADRs (#676) * Link to product image version concepts page from relevant ADRs * newline --- modules/concepts/pages/product-image-selection.adoc | 2 +- .../pages/adr/ADR018-product_image_versioning.adoc | 7 +++++++ .../pages/adr/ADR023-product-image-selection.adoc | 4 +++- .../pages/adr/ADR028-automatic-stackable-version.adoc | 2 ++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/concepts/pages/product-image-selection.adoc b/modules/concepts/pages/product-image-selection.adoc index efcc62e40..31b532418 100644 --- a/modules/concepts/pages/product-image-selection.adoc +++ b/modules/concepts/pages/product-image-selection.adoc @@ -14,7 +14,7 @@ spec: # stackableVersion: 24.3.0 optional <.> ---- <.> The version of your product - consult the product operator documentation to find out about supported product versions. -<.> The version of the Stackable Data Platform. If you omit it, the operator will use it's own version together with the product version to select the product image. +<.> The version of the Stackable Data Platform. If you omit it, the operator will use it's own version together with the product version to select the product image. It is recommended to omit this field, so that you are always using the correct, compatible version of the product image. This page explains the different ways of specifying product images and the components that are involved, starting from the simple way of using the default images to explaining how to use custom or mirrored registries as well as custom images. diff --git a/modules/contributor/pages/adr/ADR018-product_image_versioning.adoc b/modules/contributor/pages/adr/ADR018-product_image_versioning.adoc index 9e11d1f04..28a535405 100644 --- a/modules/contributor/pages/adr/ADR018-product_image_versioning.adoc +++ b/modules/contributor/pages/adr/ADR018-product_image_versioning.adoc @@ -14,6 +14,13 @@ v0.1, 04.05.2022 ** Natalie Klestrup-Röjiezon * Date: 04.05.2022 +[IMPORTANT] +==== +Please note that this ADR was overruled in the meantime. +We decided to release operators and product images in lockstep, with the primary reason being the maintenance and distribution of compatibility matrices is complex both for us and customers. +The current state of image versioning is documented in xref:concepts:product-image-selection.adoc[this concept guide]. +==== + == Glossary [cols="20%,80%"] diff --git a/modules/contributor/pages/adr/ADR023-product-image-selection.adoc b/modules/contributor/pages/adr/ADR023-product-image-selection.adoc index 90bdff002..16f139f3f 100644 --- a/modules/contributor/pages/adr/ADR023-product-image-selection.adoc +++ b/modules/contributor/pages/adr/ADR023-product-image-selection.adoc @@ -13,6 +13,8 @@ v0.1, 2022-08-31 Note: Parts of this ADR were expanded by xref:adr/ADR028-automatic-stackable-version.adoc[] +Note: The current state of image versioning is documented in xref:concepts:product-image-selection.adoc[this concept guide]. + == Context and Problem Statement Currently users have to specify the full image tag in the Products CRD, as described in xref:adr/ADR018-product_image_versioning.adoc[]. @@ -185,4 +187,4 @@ image: productVersion: 1.4.1 ---- -This resolves to enum variant 3. The product version is mandatory so the operator knows what to do. \ No newline at end of file +This resolves to enum variant 3. The product version is mandatory so the operator knows what to do. diff --git a/modules/contributor/pages/adr/ADR028-automatic-stackable-version.adoc b/modules/contributor/pages/adr/ADR028-automatic-stackable-version.adoc index 4fb5a659c..721797f17 100644 --- a/modules/contributor/pages/adr/ADR028-automatic-stackable-version.adoc +++ b/modules/contributor/pages/adr/ADR028-automatic-stackable-version.adoc @@ -14,6 +14,8 @@ Technical Story: https://github.com/stackabletech/issues/issues/404 Note: This ADR expands on parts of xref:adr/ADR023-product-image-selection.adoc[] +Note: The current state of image versioning is documented in xref:concepts:product-image-selection.adoc[this concept guide]. + == Context and Problem Statement // Describe the context and problem statement, e.g., in free form using two to three sentences. You may want to articulate the problem in form of a question. From e0b9e5e02e9948de97c7a52b4c02cfc4bd841d8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Wed, 13 Nov 2024 18:23:42 +0100 Subject: [PATCH 4/9] Rewrite "service exposition outlook" to clarify that the list-op migration has begun (#677) --- modules/concepts/pages/service-exposition.adoc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/concepts/pages/service-exposition.adoc b/modules/concepts/pages/service-exposition.adoc index 5520bc8e8..0c0f8e86f 100644 --- a/modules/concepts/pages/service-exposition.adoc +++ b/modules/concepts/pages/service-exposition.adoc @@ -63,5 +63,8 @@ For a production setup, it is recommended to use a LoadBalancer and the `externa == Outlook -These listener classes are hardcoded to expose certain Service types and do not offer any additional configuration. -In a future release, the `ListenerClass` provided by the xref:listener-operator:index.adoc[listener-operator] will allow you to create your own listener class variants, with more granual configuration options. +For most of the Stackable operators, these listener classes are hardcoded to expose certain Service types and do not offer any additional configuration. +However, some operators support specifying custom xref:listener-operator:listenerclass.adoc[ListenerClass]es with more granular configuration options, via the xref:listener-operator:index.adoc[listener-operator]. +In a future release, all Stackable operators are planned to be migrated over to this system. + +For more information on what is supported by any individual operator, please see that operator's documentation. From 27e4fcd83eb20901e07b9bddc3a4877df43cd0a0 Mon Sep 17 00:00:00 2001 From: Techassi Date: Thu, 14 Nov 2024 16:45:59 +0100 Subject: [PATCH 5/9] fix: Remove redirect_facility to fix broken redirects (#678) * fix: Remove redirect_facility to fix broken redirects This came up in https://github.com/stackabletech/crddocs/issues/44. Initial investigation revealed that the roles-and-role-groups.html file was not present in the stable (24.7) and nightly (soon 24.11) version of generated files when using the production antor playbook. This playbook is used when Netlify deploys the docs using 'make netlify-build'. Local builds using 'make' on the other hand included the file in both versions and as such, the redirect works. Finally, the 'redirect_facility: netlify' option was identified as the cause. The generated '_redirects' file only contained a redirect from concepts/roles-and-role-groups.html to concepts/stacklet. This matched with the behaviour we experiences when surfing the live site. Removing this option (and thus using the default facility) potentially fixes the issue. Netlify already provides redirect using the "Pretty URLs" post-processing feature. References: - https://docs.antora.org/antora/latest/playbook/urls-redirect-facility/#redirect-facility-key - https://docs.netlify.com/site-deploys/post-processing/#post-processing-features - https://docs.netlify.com/routing/redirects/#syntax-for-the-redirects-file * feat: Add 'html_extension_style: indexify' to playbook --- antora-playbook.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/antora-playbook.yml b/antora-playbook.yml index 10554f9c4..03b0d0f9c 100644 --- a/antora-playbook.yml +++ b/antora-playbook.yml @@ -10,17 +10,17 @@ site: # docs: https://docs.antora.org/antora/latest/playbook/configure-urls/ urls: # The symbolic name of the latest stable version, and how to redirect from/to it. - # with 'redirect:to', the _actual_ version link is a redirect, and the _actual_ link + # with 'redirect:to', the _actual_ version link is a redirect, and the _actual_ link # contains the symbolic name, i.e. stable. - # As the user browses the latest docs, there will be 'stable' in the links. Also + # As the user browses the latest docs, there will be 'stable' in the links. Also # search engines will see the 'stable' link and index those pages, so if we release # a new version, these links will be already in the index, which is good. # Linking to the latest version by version number is still possible, and after the # latest version is not latest anymore, the redirect is instead the actual URL. latest_version_segment: stable latest_version_segment_strategy: redirect:to - # We deploy our site on netlify, so we use their redirect config mechanism - redirect_facility: netlify + # See https://docs.antora.org/antora/latest/playbook/urls-html-extension-style/#html-extension-style-key + html_extension_style: indexify content: sources: - url: . From f512576917edf092c5da60cfd35ec877446e1a1f Mon Sep 17 00:00:00 2001 From: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Date: Wed, 27 Nov 2024 04:23:56 +1300 Subject: [PATCH 6/9] Add 24.11 Release Notes (#679) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add 24.11 release notes headings * airflow versions * druid versions * link supported versions * kafka versions * nifi versions * opa versions * spark versions * superset and zookeeper versions * airflow(oidc), nifi(oidc), kafka (kerberos) * improve supported versions text * add supported os / kubernetes versions * add more platform features * Apply suggestions from code review Co-authored-by: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> * linter * add missing platform features * improve links * fix sub headers * missing pr snippets * add missing issue 211 * mention hbase bug fix * mention crd size reduction * mention cve fixes * mention kafka bugfix * fix typo * fill in the Upgrade from 24.7 section * Apply suggestions from code review Co-authored-by: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Co-authored-by: Techassi * mention stackablectl patch release fixes * fix link rendering * add docs link for hdfs upgrade * move new sentences to new lines * Apply suggestions from code review * Apply suggestions from code review * restructure the headings, remove unordered lists with only single items * added last of missing PR/Issues * mention nifi reporting task regression * mention nifi OIDC problems * attempt to fix linter * attempt to fix linter 2 * Add notes about the service account and OIDC bugs that will appear in the patch release * make a sentence shorter * Use xrefs instead of direct links to docs * fix xrefs and use instead of _ for emphasis * replace html suffix with adoc * Try to fix the emphasis * Escape _ in one URL fragment to preent the emphasis breaking * Reword to remove broken emphasis * Apply suggestions from code review Thanks @adwk67 Co-authored-by: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> * Remove change from 24.7 release notes * fix list of changes for logging improvements * update template headings for breaking changes * Apply suggestions from code review Co-authored-by: Sebastian Bernauer Co-authored-by: Malte Sander * remove hello-world upgrade instructions * Restructure the Breaking changes section * add known issue abot nifi 2.0.0 renamed processors * add accidentally removed newline from previous fixup * Apply suggestions from code review add 8 bits Co-authored-by: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> * partially add a missing breaking change, needs revising. * Apply suggestions from code review Co-authored-by: Malte Sander * Apply suggestions from code review Co-authored-by: Natalie Klestrup Röijezon --------- Co-authored-by: Malte Sander Co-authored-by: Andrew Kenworthy <1712947+adwk67@users.noreply.github.com> Co-authored-by: Techassi Co-authored-by: Sebastian Bernauer Co-authored-by: Natalie Klestrup Röijezon --- modules/ROOT/pages/release-notes.adoc | 399 +++++++++++++++++++++++++- 1 file changed, 395 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/release-notes.adoc b/modules/ROOT/pages/release-notes.adoc index 35e0f9316..981e77830 100644 --- a/modules/ROOT/pages/release-notes.adoc +++ b/modules/ROOT/pages/release-notes.adoc @@ -10,7 +10,11 @@ Here are the headings you can use for the next release. Saves time checking inde == Release YY.M -=== New / extended platform features +=== New platform features + +=== Platform improvements + +=== Platform deprecations === Product versions @@ -28,18 +32,405 @@ Here are the headings you can use for the next release. Saves time checking inde === Breaking changes +Of the changes mentioned above, the following are breaking (or could lead to breaking behaviour), and you will need to adapt your existing CRDs accordingly: + +==== Stackable Operator for Example Product + +* Description of the change 1 +* Description of the change 2 + +.Breaking changes details +[%collapsible] +==== +* `spec.a`: This field has been removed. +* `spec.b`: This field has been changed to a number. +==== + === Upgrade from YY.M ==== Using stackablectl ==== Using Helm -==== Known upgrade issues - -===== All operators +=== Known issues //// +== Release 24.11 + +=== New platform features + +Authentication:: + +In this release we introduced several authentication mechanisms in different products: + +* Apache Airflow: https://github.com/stackabletech/airflow-operator/issues/337[OIDC support] +* Apache Kafka: https://github.com/stackabletech/kafka-operator/issues/655[Kerberos support] +* Apache NiFi: https://github.com/stackabletech/nifi-operator/issues/633[OIDC support] + +Security:: + +* The Stackable Data Platform now supports provisioning TLS certificates using https://cert-manager.io/[cert-manager]. +* Support has been added for customizing `sAMAccountName` generation in secret operator. +* The Stackable Secret Operator now requests permission to read Listeners, which is required to provision secrets for listener volumes with the `listeners.stackable.tech/listener-name` annotation. +* The RSA key length for generated key pairs can now be customized to 2048, 3072 or 4096 bits. The default is 2048 bits. + +Listener:: + +* The Stackable Operator for Kafka now uses the Stackable Listener Operator, allowing connectivity to be customized. +* Listeners can now be configured to use either IP addresses or fully qualified domain names (FQDNs). + +Dependencies:: + +Apache HBase: The hadoop-azure module was added to the image and is contained in the classpath. +This makes it possible to use the Azure Data Lake Storage Gen2 (ADLS) instead of HDFS. +See the xref:hbase:usage-guide/adls.adoc[usage guide] for detailed information. + +Operations:: + +The Stackable Operator for HDFS now supports upgrading existing HDFS installations. +However, this process requires some manual intervention as described in xref:hdfs:usage-guide/upgrading.adoc[Upgrading HDFS]. + +Miscellaneous:: + +* Apache NiFi: Permit users to configure allowed hosts when NiFi is running behind a proxy. + The proxy host check is now disabled by default. + See documentation xref:nifi:usage_guide/security#host-header-check[here]. +* Apache Airflow: Allow custom arbitrary python code in `webserver_config.py`. +* Apache Superset: Allow custom arbitrary python code in `superset_config.py`. + +Images:: + +Support the `restricted-v2` SecurityContextConstraint (SCC) in OpenShift. +Stackable currently defaults to the `nonroot-v2` SCC but we plan on migrating to the `restricted-v2` SCC in the future. + +* Our Docker images now exclusively make use of numeric user IDs in `USER` statements allowing the use of `securityContext.runAsNonRoot`. +* The group id of all files relevant to our products is now set to `0`. + This allows the images to be run with an arbitrary user as every container user will always belong to the root group (`0`). + This is required on OpenShift when migrating to the `restricted-v2` SCC. + +=== Platform improvements + +Vulnerabilities:: + +More than 142 CVEs were fixed in the Stackable product images. +This includes 11 critical and 55 high-severity CVEs. + +Authorization:: + +* The performance of the xref:hdfs:usage-guide/security.adoc#\_authorization[HDFS OPA Authorizer] has been greatly improved. + This can in some cases be a breaking change so please make sure to read the hdfs-utils https://github.com/stackabletech/hdfs-utils/releases/tag/v0.4.0[release notes] for details. +* The User Info Fetcher HTTP API has been replaced with a Rego library. Please see xref:opa:usage-guide/user-info-fetcher#_user_info_fetcher_api[user-info-fetcher API] for more information. + +Logging:: + +* Apache NiFi: The default size of ephemeral EmptyDir Volumes used to store log files before aggregation has been increased from 33 MiB to 500 MiB. + Additionally the interval in which Logback checks if the maximum log file size has been reached has been reduced from 60 seconds to 5 seconds. +* Apache NiFi: the create-reporting-task Job (and podOverrides on that Job) can now be disabled. + +Monitoring:: + +https://github.com/prometheus/jmx_exporter[JMX Exporter] is a tool which allows us to expose JMX metrics as Prometheus metrics. +It is used by the following products: Hadoop, HBase, Hive, Kafka, Spark, Trino and ZooKeeper. +In the previous SDP release (24.7) we upgraded JMX Exporter from 0.20 to 1.0.1. +Unfortunately version 1.0.1 has a severe performance degradation which has been https://github.com/prometheus/jmx_exporter/pull/1009[fixed upstream] but is not yet released. +This SDP release (24.11) contains a fixed version bringing performance back to normal levels. + +Listener:: + +The `ListenerClass.spec.serviceAnnotations` are now correctly propagated to created Service objects. + +Miscellaneous:: + +The size of the operator deployed CRDs was reduced significantly (see: https://github.com/stackabletech/issues/issues/627[stackabletech/issues#627]). + +Bug fixes:: + +* Apache Spark: Ensure Spark applications are submitted only once. + Reconciling applications after the corresponding Job objects have been recycled doesn't lead to the creation of new Job objects. + This behavior was triggered by different situations, such as when the operator was restarted. +* Trino, Spark, HBase, Airflow: The https://github.com/stackabletech/issues/issues/548[issues] where config and environment variable overrides did not work consistently have now been fixed. +* The cluster domain (default `cluster.local`) which caused problems in non-default cluster setups can now be configured in all operators. + Either set the ENV variable `KUBERNETES_CLUSTER_DOMAIN` or the helm value `kubernetesClusterDomain` during installation as described in xref:guides:kubernetes-cluster-domain.adoc[Configuring the Kubernetes cluster domain]. +* Apache Airflow: In release 24.7 Airflow did not propagate git credentials correctly to the gitsync containers. + This has now been corrected and works for both celery- and kubernetes workers. +* Operators now do not stop reconciling existing clusters if one of the https://github.com/stackabletech/issues/issues/211[cluster objects cannot be deserialized]. +* Apache HBase: The operator now does not https://github.com/stackabletech/hbase-operator/pull/584[ignore the `hbaseRootdir` config property at role level]. +* Apache Kafka: The bootstrap Kafka service is now included in https://github.com/stackabletech/kafka-operator/pull/741[certificate SANs]. +* Trino: Do not print credentials to STDOUT during startup. + +=== Platform deprecations + +Commons:: + +Pod Enrichment is now deprecated, and will be removed in the next release. +Once removed, the SDP will no longer set any `enrichment.stackable.tech/` annotations on Pods. + +=== Product versions + +As with previous SDP releases, many product images have been updated to their latest versions. +The LTS version has in many cases also been adjusted in line with our xref:ROOT:policies.adoc[support policy]. + +Refer to the xref:operators:supported_versions.adoc[supported versions] documentation for a complete overview including LTS versions or deprecations. + +==== New versions + +The following new product versions are now supported: + +* Apache Airflow: https://github.com/stackabletech/airflow-operator/pull/494[2.9.3 (LTS)], https://github.com/stackabletech/airflow-operator/pull/512[2.10.2 (experimental)] +* Apache Druid: https://github.com/stackabletech/druid-operator/pull/631[30.0.0 (LTS)] +* Apache Hive: https://github.com/stackabletech/hive-operator/pull/508[4.0.0 (experimental)] +* Apache Kafka: https://github.com/stackabletech/kafka-operator/pull/753/[3.8.0] +* Apache NiFi: https://github.com/stackabletech/nifi-operator/pull/702[2.0.0 (experimental)] +* Open Policy Agent: https://github.com/stackabletech/opa-operator/pull/616[0.67.1] +* Trino: https://github.com/stackabletech/trino-operator/pull/638[455] +* Apache Spark: https://github.com/stackabletech/spark-k8s-operator/pull/459[3.5.2 (LTS)] + +==== Deprecated versions + +The following product versions are deprecated and will be removed in a later release: + +* Apache Airflow: 2.9.2 +* Apache Druid: 26.0.0 +* Open Policy Agent: 0.66.0 + +==== Removed versions + +The following product versions are no longer supported (although images for released product versions remain available https://repo.stackable.tech/#browse/browse:docker:v2%2Fstackable[here]): + +* Apache Airflow: 2.8.4, 2.8.1, 2.6.3 +* Apache Druid: 28.0.1 +* Apache Kafka: 3.6.2, 3.6.1, 3.4.1 +* Apache NiFi: 2.0.0-M4, 1.25.0, 1.21.0 +* Open Policy Agent: 0.61.0 +* Trino: 442, 414 +* Apache Spark: 3.4.3, 3.4.2 +* Apache Superset: 3.1.3, 3.1.0, 2.1.3 +* Apache ZooKeeper: 3.8.4 + +=== stackablectl + +* Bump Rust dependencies to fix critical vulnerability in quinn-proto, see https://github.com/advisories/GHSA-vr26-jcq5-fjj8[CVE-2024-45311] (https://github.com/stackabletech/stackable-cockpit/pull/318). +* We now provide additional completions for Nushell and Elvish, support using SOCK5 and HTTP proxies, and have improved the sorting of release versions. + +=== Supported Kubernetes versions + +This release supports the following Kubernetes versions: + +* `1.31` +* `1.30` +* `1.29` + +These Kubernetes versions are no longer supported: + +* `1.26` +* `1.25` as we removed internal forks required to support Kubernetes `1.25` and below. + This includes OpenShift `4.12`, which is using Kubernetes `1.25`. + +=== Supported OpenShift versions + +This release is available in the RedHat Certified Operator Catalog for the following OpenShift versions: + +* `4.15` +* `4.14` + +These OpenShift versions are no longer supported: + +* `4.13` +* `4.12` + +=== Breaking changes + +Of the changes mentioned above, the following are breaking (or could lead to breaking behaviour), and you will need to adapt your existing CRDs accordingly: + +==== Kafka operator + +* Existing Kafka clusters will need to be migrated to using the Listener Operator. + Kafka clients will need to re-read settings from the discovery configmap (restart required). + Existing Kafka StatefulSets must be deleted manually. This will cause some downtime. +* Kafka is now only accessible from within the Kubernetes cluster by default. + +.Breaking changes details +[%collapsible] +==== +Migrating Kafka clusters to use the Listener Operator is done by deleting the Kafka StatefulSet after the new Stackable Operator for Kafka has been installed, by running the following: + +[source,console] +.... +kubectl delete --all-namespaces StatefulSet --selector=app.kubernetes.io/managed-by=kafka.stackable.tech_kafkacluster +.... + +The operator will then recreate it. +Please note that the Kafka cluster will be unavailable during the procedure. + +After the upgrade, Kafka clusters will default to only being accessible from inside the Kubernetes cluster. + +To make the cluster accessible from the outside, set the following _before deleting the StatefulSet_: + +* `KafkaCluster.spec.brokers.config.bootstrapListenerClass: external-stable` +* `KafkaCluster.spec.brokers.config.brokerListenerClass: external-unstable` + +Please note that this upgrade will randomize the address that users will have to connect to, so any external clients must re-read it from the discovery configuration after the upgrade has been completed. +This can be done by restarting the client. +==== + +==== Listener operator + +All ListenerClasses now default to using Fully Qualified Domain Names (FQDNs). +Previously, NodePort ListenerClasses (such as external-unstable) would use the IP addresses. + +All Nodes must now have resolvable hostnames, or the NodePort ListenerClasses must be configured with `spec.preferredAddressType: IP`. + +.Breaking changes details +[%collapsible] +==== +* `spec.preferredAddressType`: Defaults to `HostnameConservative`, but can be set to `Hostname` or `IP`. +==== + +=== Upgrade from 24.7 + +==== Using stackablectl + +Uninstall the `24.7` release + +[source,console] +---- +$ stackablectl release uninstall 24.7 + +Uninstalled release '24.7' + +Use "stackablectl release list" to list available releases. +# ... +---- + +Afterwards you will need to upgrade the CustomResourceDefinitions (CRDs) installed by the Stackable Platform. +The reason for this is that helm will uninstall the operators but not the CRDs. +This can be done using `kubectl replace`. + +[source] +---- +kubectl replace -f https://raw.githubusercontent.com/stackabletech/airflow-operator/24.11.0/deploy/helm/airflow-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/commons-operator/24.11.0/deploy/helm/commons-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/druid-operator/24.11.0/deploy/helm/druid-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/hbase-operator/24.11.0/deploy/helm/hbase-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/hdfs-operator/24.11.0/deploy/helm/hdfs-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/hive-operator/24.11.0/deploy/helm/hive-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/kafka-operator/24.11.0/deploy/helm/kafka-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/listener-operator/24.11.0/deploy/helm/listener-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/nifi-operator/24.11.0/deploy/helm/nifi-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/opa-operator/24.11.0/deploy/helm/opa-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/secret-operator/24.11.0/deploy/helm/secret-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/spark-k8s-operator/24.11.0/deploy/helm/spark-k8s-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/superset-operator/24.11.0/deploy/helm/superset-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/trino-operator/24.11.0/deploy/helm/trino-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/zookeeper-operator/24.11.0/deploy/helm/zookeeper-operator/crds/crds.yaml +---- + +[source,console] +---- +customresourcedefinition.apiextensions.k8s.io "airflowclusters.airflow.stackable.tech" replaced +customresourcedefinition.apiextensions.k8s.io "airflowdbs.airflow.stackable.tech" replaced +customresourcedefinition.apiextensions.k8s.io "authenticationclasses.authentication.stackable.tech" replaced +customresourcedefinition.apiextensions.k8s.io "s3connections.s3.stackable.tech" replaced +... +---- + +Install the `24.11` release + +[source,console] +---- +$ stackablectl release install 24.11 + +Installed release '24.11' + +Use "stackablectl operator installed" to list installed operators. +---- + +==== Using Helm + +Use `helm list` to list the currently installed operators. + +You can use the following command to uninstall all operators that are part of the `24.3` release: + +[source,console] +---- +$ helm uninstall airflow-operator commons-operator druid-operator hbase-operator hdfs-operator hive-operator kafka-operator listener-operator nifi-operator opa-operator secret-operator spark-k8s-operator superset-operator trino-operator zookeeper-operator +release "airflow-operator" uninstalled +release "commons-operator" uninstalled +... +---- + +Afterward you will need to upgrade the CustomResourceDefinitions (CRDs) installed by the Stackable Platform. +The reason for this is that helm will uninstall the operators but not the CRDs. This can be done using `kubectl replace`: + +[source] +---- +kubectl replace -f https://raw.githubusercontent.com/stackabletech/airflow-operator/24.11.0/deploy/helm/airflow-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/commons-operator/24.11.0/deploy/helm/commons-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/druid-operator/24.11.0/deploy/helm/druid-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/hbase-operator/24.11.0/deploy/helm/hbase-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/hdfs-operator/24.11.0/deploy/helm/hdfs-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/hive-operator/24.11.0/deploy/helm/hive-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/kafka-operator/24.11.0/deploy/helm/kafka-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/listener-operator/24.11.0/deploy/helm/listener-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/nifi-operator/24.11.0/deploy/helm/nifi-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/opa-operator/24.11.0/deploy/helm/opa-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/secret-operator/24.11.0/deploy/helm/secret-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/spark-k8s-operator/24.11.0/deploy/helm/spark-k8s-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/superset-operator/24.11.0/deploy/helm/superset-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/trino-operator/24.11.0/deploy/helm/trino-operator/crds/crds.yaml +kubectl replace -f https://raw.githubusercontent.com/stackabletech/zookeeper-operator/24.11.0/deploy/helm/zookeeper-operator/crds/crds.yaml +---- + +[source,console] +---- +customresourcedefinition.apiextensions.k8s.io "airflowclusters.airflow.stackable.tech" replaced +customresourcedefinition.apiextensions.k8s.io "airflowdbs.airflow.stackable.tech" replaced +customresourcedefinition.apiextensions.k8s.io "authenticationclasses.authentication.stackable.tech" replaced +customresourcedefinition.apiextensions.k8s.io "s3connections.s3.stackable.tech" replaced +... +---- + +Install the `24.11` release + +[source,console] +---- +helm repo add stackable-stable https://repo.stackable.tech/repository/helm-stable/ +helm repo update stackable-stable +helm install --wait airflow-operator stackable-stable/airflow-operator --version 24.11.0 +helm install --wait commons-operator stackable-stable/commons-operator --version 24.11.0 +helm install --wait druid-operator stackable-stable/druid-operator --version 24.11.0 +helm install --wait hbase-operator stackable-stable/hbase-operator --version 24.11.0 +helm install --wait hdfs-operator stackable-stable/hdfs-operator --version 24.11.0 +helm install --wait hive-operator stackable-stable/hive-operator --version 24.11.0 +helm install --wait kafka-operator stackable-stable/kafka-operator --version 24.11.0 +helm install --wait listener-operator stackable-stable/listener-operator --version 24.11.0 +helm install --wait nifi-operator stackable-stable/nifi-operator --version 24.11.0 +helm install --wait opa-operator stackable-stable/opa-operator --version 24.11.0 +helm install --wait secret-operator stackable-stable/secret-operator --version 24.11.0 +helm install --wait spark-k8s-operator stackable-stable/spark-k8s-operator --version 24.11.0 +helm install --wait superset-operator stackable-stable/superset-operator --version 24.11.0 +helm install --wait trino-operator stackable-stable/trino-operator --version 24.11.0 +helm install --wait zookeeper-operator stackable-stable/zookeeper-operator --version 24.11.0 +---- + +=== Known issues + +* The Apache NiFi operator currently cannot share an https://github.com/stackabletech/nifi-operator/issues/716[OIDC AuthenticationClass with other products]. + This is due to an inconsistent implementation in the NiFi operator. +* Apache NiFi: In the experimental NiFi version `2.0.0`, the `PrometheusReportingTask` (which was used to activate a Prometheus metrics endpoint) has been removed. + NiFi now has its own API to directly access metrics. In contrast to previous versions, the metrics endpoints now requires authentication. + This is not supported by the Stackable operator for Apache NiFi in this release. +* Apache NiFi: In the experimental NiFi version `2.0.0`, some processors have been renamed or have a different class path since NiFi 1.x.x. + Flows affected by these changes will need manually updating. + See https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version2.0.0[NiFi 2.0.0 Release Notes] for further details. +* https://github.com/stackabletech/issues/issues/675[serviceAccount and roleBinding objects can accidentally get deleted]: + During the release, a bug was reported which affects multiple deployments of the same product sharing a namespace. + This is actively being worked on and will appear in a patch release. +* https://github.com/stackabletech/operator-rs/pull/910[fix!: Correctly construct OIDC endpoints]: + During the release, it was discovered that some OIDC endpoint URLs were constructed in a way that was not compatible with some tooling. + This has been fixed and will appear in a patch release. + == Release 24.7 === New / extended platform features From 321800a97dee5d68e634260004c5d08ea3e45310 Mon Sep 17 00:00:00 2001 From: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Date: Wed, 27 Nov 2024 05:12:13 +1300 Subject: [PATCH 7/9] docs(getting-started): Update version references (#685) --- modules/ROOT/pages/getting-started.adoc | 40 ++++++++++++------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/modules/ROOT/pages/getting-started.adoc b/modules/ROOT/pages/getting-started.adoc index 360354f6c..4ca972df2 100644 --- a/modules/ROOT/pages/getting-started.adoc +++ b/modules/ROOT/pages/getting-started.adoc @@ -32,11 +32,11 @@ Install the Stackable command line utility xref:management:stackablectl:index.ad The Stackable operators are components that translate the service definitions deployed via Kubernetes into deploy services on the worker nodes. These can be installed on any node that has access to the Kubernetes control plane. In this example we will install them on the controller node. -Stackable operators can be installed using `stackablectl`. Run the following commands to install ZooKeeper, Kafka and NiFi from the Stackable 24.7 release. +Stackable operators can be installed using `stackablectl`. Run the following commands to install ZooKeeper, Kafka and NiFi from the Stackable 24.11 release. [source,bash] ---- -stackablectl release install -i commons -i secret -i listener -i zookeeper -i kafka -i nifi 24.7 +stackablectl release install -i commons -i secret -i listener -i zookeeper -i kafka -i nifi 24.11 ---- .Using Helm instead @@ -55,12 +55,12 @@ Install the operators: [source,bash] ---- -helm install zookeeper-operator stackable-stable/zookeeper-operator --version=24.7.0 -helm install kafka-operator stackable-stable/kafka-operator --version=24.7.0 -helm install secret-operator stackable-stable/secret-operator --version=24.7.0 -helm install listener-operator stackable-stable/listener-operator --version=24.7.0 -helm install commons-operator stackable-stable/commons-operator --version=24.7.0 -helm install nifi-operator stackable-stable/nifi-operator --version=24.7.0 +helm install zookeeper-operator stackable-stable/zookeeper-operator --version=24.11.0 +helm install kafka-operator stackable-stable/kafka-operator --version=24.11.0 +helm install secret-operator stackable-stable/secret-operator --version=24.11.0 +helm install listener-operator stackable-stable/listener-operator --version=24.11.0 +helm install commons-operator stackable-stable/commons-operator --version=24.11.0 +helm install nifi-operator stackable-stable/nifi-operator --version=24.11.0 ---- ==== @@ -69,12 +69,12 @@ You can check which operators are installed using `stackablectl operator install [source,console] ---- OPERATOR VERSION NAMESPACE STATUS LAST UPDATED -commons 24.7.0 default deployed 2024-03-30 17:58:32.916032854 +0100 CET -kafka 24.7.0 default deployed 2024-03-30 17:58:55.036115353 +0100 CET -listener 24.7.0 default deployed 2024-03-30 17:59:18.136775259 +0100 CET -nifi 24.7.0 default deployed 2024-03-30 17:59:51.927081648 +0100 CET -secret 24.7.0 default deployed 2024-03-30 18:00:05.060241771 +0100 CET -zookeeper 24.7.0 default deployed 2024-03-30 18:00:08.425686918 +0100 CET +commons 24.11.0 default deployed 2024-11-30 17:58:32.916032854 +0100 CET +kafka 24.11.0 default deployed 2024-11-30 17:58:55.036115353 +0100 CET +listener 24.11.0 default deployed 2024-11-30 17:59:18.136775259 +0100 CET +nifi 24.11.0 default deployed 2024-11-30 17:59:51.927081648 +0100 CET +secret 24.11.0 default deployed 2024-11-30 18:00:05.060241771 +0100 CET +zookeeper 24.11.0 default deployed 2024-11-30 18:00:08.425686918 +0100 CET ---- == Deploying Stackable Services @@ -130,7 +130,7 @@ metadata: name: simple-kafka spec: image: - productVersion: 3.7.1 + productVersion: 3.8.0 clusterConfig: zookeeperConfigMapName: simple-kafka-znode tls: @@ -279,13 +279,11 @@ Apache NiFi provides a web interface and the easiest way to test it is to view t To access the web interface we first need to get the ip address and port Nifi is listening on. To get the IP address we need to connect to (in this case `172.18.0.2`), run: -[source,bash] ----- -kubectl get nodes -o wide ----- +[source,console] ---- -NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -quickstart-control-plane Ready control-plane 9m59s v1.25.3 172.18.0.2 Ubuntu 22.04.1 LTS 5.14.0-1052-oem containerd://1.6.9 +$ kubectl get nodes -o wide +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +quickstart-control-plane Ready control-plane 4d18h v1.30.0 172.18.0.2 Debian GNU/Linux 12 (bookworm) 6.11.3 containerd://1.7.15 ---- From bf8e8ad6823785f5c1e2ede1becdb6902358fb8e Mon Sep 17 00:00:00 2001 From: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Date: Wed, 27 Nov 2024 05:44:46 +1300 Subject: [PATCH 8/9] chore: Add release branches to the playbooks for release 24.11 (#684) * Add release branches to the playbooks for release 24.11 * trigger checks again --- antora-playbook.yml | 17 +++++++++++++++++ local-antora-playbook.yml | 17 +++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/antora-playbook.yml b/antora-playbook.yml index 03b0d0f9c..167b62fb9 100644 --- a/antora-playbook.yml +++ b/antora-playbook.yml @@ -26,6 +26,7 @@ content: - url: . branches: - HEAD + - release/24.11 - release/24.7 - release/24.3 - release/23.11 @@ -41,6 +42,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -52,6 +54,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -62,6 +65,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -72,6 +76,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -83,6 +88,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -93,6 +99,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -103,6 +110,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -113,6 +121,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -123,6 +132,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -133,6 +143,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -143,6 +154,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -153,6 +165,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -163,6 +176,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -173,6 +187,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -183,6 +198,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -193,6 +209,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 diff --git a/local-antora-playbook.yml b/local-antora-playbook.yml index 2b3668278..9a6abb2dd 100644 --- a/local-antora-playbook.yml +++ b/local-antora-playbook.yml @@ -15,6 +15,7 @@ content: - url: ./ branches: - HEAD + - release/24.11 - release/24.7 - release/24.3 - release/23.11 @@ -30,6 +31,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -41,6 +43,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -51,6 +54,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -61,6 +65,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -72,6 +77,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -82,6 +88,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -92,6 +99,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -102,6 +110,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -112,6 +121,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -122,6 +132,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -132,6 +143,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -142,6 +154,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -152,6 +165,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -162,6 +176,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -172,6 +187,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 @@ -182,6 +198,7 @@ content: start_path: docs branches: - main + - release-24.11 - release-24.7 - release-24.3 - release-23.11 From 8b307104cc19f3b75c2ed0426794f10d56f4a3d6 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 27 Nov 2024 11:27:37 +0100 Subject: [PATCH 9/9] Add docs on how to mark StorageClass as default in AWS (#683) --- modules/ROOT/nav1.adoc | 1 + modules/ROOT/pages/kubernetes/eks.adoc | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 modules/ROOT/pages/kubernetes/eks.adoc diff --git a/modules/ROOT/nav1.adoc b/modules/ROOT/nav1.adoc index c18a9532d..5b280941b 100644 --- a/modules/ROOT/nav1.adoc +++ b/modules/ROOT/nav1.adoc @@ -1,6 +1,7 @@ * xref:quickstart.adoc[] * xref:kubernetes/index.adoc[] ** xref:kubernetes/aks.adoc[] +** xref:kubernetes/eks.adoc[] ** xref:kubernetes/gke.adoc[] ** xref:kubernetes/huawei-cloud.adoc[] ** xref:kubernetes/ibm-cloud.adoc[] diff --git a/modules/ROOT/pages/kubernetes/eks.adoc b/modules/ROOT/pages/kubernetes/eks.adoc new file mode 100644 index 000000000..1160120a1 --- /dev/null +++ b/modules/ROOT/pages/kubernetes/eks.adoc @@ -0,0 +1,17 @@ += Amazon Elastic Kubernetes Service (EKS) + +Please make sure that you have a default StorageClass in your cluster, so that PVCs will be provisioned. + +You can list available StorageClasses using the command + +```bash +➜ ~ kubectl get storageclasses +NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE +gp2 (default) kubernetes.io/aws-ebs Delete WaitForFirstConsumer false 9h +``` + +In case you don't have a StorageClass marked as `default`, you can change a StorageClass to the default using the following command (make sure to update it to your StorageClass name): + +```bash +➜ ~ kubectl patch storageclass gp2 -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' +```