Announcing Tectonic 1.6: Kubernetes 1.6 and more

• By Mackenzie Burnett

At the end of March we saw Kubernetes 1.6, the first release led by a non-Google employee (CoreOS’ own Dan Gillespie), released in upstream. Today we announce the release of CoreOS Tectonic 1.6.2.

The primary focus of this release, in addition to delivering the most current, upstream version of Kubernetes to Tectonic users, is to turn on a number of features that deliver enterprise Kubernetes.

The major updates that make up Tectonic 1.6.2 include:

Kubernetes 1.6.2

Backend Terraform support for Tectonic Installer on AWS and bare metal

Improved workload separation

Improved RBAC and audit logging

Update to Dex v2.4.1 to address security bug fix

Tectonic Installer now supported by Terraform

Tectonic installer can be used via the UI or the command line

By shipping Tectonic with Terraform, we are setting the stage for scriptable and customizable installations of self-hosted Kubernetes on AWS and bare metal. Now, in addition to the default stack template used to install Tectonic, users will be able to customize the published Terraform Configurations. This work included releasing Matchbox v0.6.0 with new Terraform integrations last week to better enable Tectonic bare-metal installs.

To ensure automated updates are not affected, we will very soon be releasing documentation providing detailed guidance on how to customize the Terraform configurations.

Improved workload separation

Tectonic 1.6.2 leverages new beta support for Kubernetes taints, tolerations, and pod affinity to guarantee a clear separation between control-plane and user workloads, as well as improve the reliability of the control plane by spreading the services across multiple nodes. Workload separation is enabled by default when users deploy multiple controllers and worker nodes.

Improved RBAC and audit logging

Tectonic has always enabled Role Based Access Control (RBAC). With today’s release, the larger Kubernetes community has joined us and RBAC is on by default for all users. To celebrate this milestone, we redesigned the experience of creating, editing and assigning the roles in your cluster.

The redesigned console makes it easy to assign roles cluster wide or into specific namespaces

Granting access to a cluster with RBAC is just half of the story. Auditing cluster usage is a key best practice and required in certain industries. Audit logging support is now enabled in Tectonic, with the ability to optionally stream these logs back to a number of log aggregation backends.

Check out the docs for sending these logs to Elasticsearch or hosted services such as Loggly and AWS Cloudwatch.

Dex has been updated with more options for enterprise authentication. Tectonic supports a new SAML connector in addition to existing LDAP support.

A security bug fix was shipped in Tectonic 1.5.7 via a self-driving update and the same update is also available in 1.6.2. A rare combination of LDAP server settings and the Dex LDAP connector could yield elevated access to the cluster. See the project’s release notes for more information

Upgrading to Tectonic 1.6.2

Tectonic does not provide a self-driving upgrade path from Tectonic 1.5 releases to Tectonic 1.6 releases. We hope to be able to enable minor version upgrades for later minor versions in the coming months. To upgrade from earlier versions of Tectonic to Tectonic 1.6, we suggest spinning up a new Tectonic 1.6 cluster and migrating workloads over from your older clusters. From there, if you enable our experimental Operators, you should be able to use our signature auto-upgrade capabilities in Tectonic to upgrade to future patch releases of 1.6. Note that we only support updates for Tectonic clusters deployed using an official installer release downloaded from our website.

When upgrading your clusters, do keep in mind these notes from the recent Kubernetes 1.6 release.

Start using Tectonic for free today

Deploy self-driving Kubernetes with Tectonic today for free up to 10 nodes, and start exploring containerization in your company. For help getting started, use our new set of hands-on tutorials available here.

Register for CoreOS Fest

CoreOS Fest is a few weeks away! Join us in San Francisco on May 31 and June 1, and be part of the containerized applications and Kubernetes conversation. We’ll be gathered on Pier 27 for two days of talks, panels and chats on how the community is building, running and securing distributed applications, and you won’t want to miss it. Register today!

Interested in hosting your own meetup, or want to learn more about getting involved with the CoreOS Community? Email us at community@coreos.com.