Skip to Content

Google Cloud Updates on December 10, 2021

Google Cloud Platform Subprocessors list

We are adding Webhelp Israel LTD, Productive Playhouse India Private Limited and Productive Playhouse (Thailand) Ltd. You can find information about the tasks our Subprocessors perform on our Google Cloud Platform Subprocessors list.

Anthos on bare metal

Feature

Release 1.10.0

Anthos clusters on bare metal 1.10.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.0 runs on Kubernetes 1.21.

Improved cluster lifecycle functionalities:

  • GA: Enabled Node Problem Detector to run by default on all nodes. You can check if a problem was detected on a node by running the kubectl describe command for the node. Then look for NodeConditions or Events reported by Node Problem Detector.
  • GA: Added bmctl backup cluster and bmctl restore cluster commands to facilitate disaster recovery for clusters.
  • Preview: Added the ability to reset individual nodes using the SSH key.
  • Updated the bmctl check cluster command so that the snapshot of a cluster includes the cluster’s YAML file and logs that are in the bmctl-workspace directory.
  • Added a new status field cluster.gkeHubRegistrationStatus. The command kubectl get cluster now shows information about the cluster’s membership to GKE Hub.

Networking:

  • Preview: Enabled Anthos multi-cluster connectivity to provide Anthos clusters a way to connect to another Anthos cluster in the same data center (intra-site, cluster-to-cluster). Pods in connected clusters can reach each other over pod IP addresses without using native address translation (NAT) in between.
  • Preview: Enabled IPv4/IPv6 dual stack support. Customers can deploy clusters in a dual-stack network, where IPv4 and IPv6 addresses can be assigned to both nodes and pods.
  • Preview: Enabled “flat mode” (a simplified network topology) for IPv4 , where the pod’s IPv4 address is visible and routable without masquerading as node IP within the same Layer 2 domain.
  • Preview: Enabled SR-IOV. This feature lets you configure Virtual Functions (VFs) on the supported devices on the nodes of their cluster. This feature also lets you define the kernel module you want to bind to the VF.

Observability:

  • GA: Added ability to show severity level of an issue in Cloud Logging. Severity level is extracted from containerd and kubelet node logs.
  • GA: Changed collection of application metrics to use a more scalable monitoring pipeline based on OpenTelemetry. This change significantly reduces the amount of resources required to collect metrics.

Security:

  • GA: Enhanced the capability to rotate cluster certificate authorities (CAs). Updates include support for all cluster types, rotation of front-proxy and etcd CAs, and changes to the bmctl command syntax.
  • Preview: Enabled installation of Anthos clusters on bare metal using a short-lived Google Service Account token instead of using Google Service Account keys.
  • Enabled Kubernetes control plane and most Anthos system containers to run as non-root users. For details, see Don’t run containers as root user.

VM Runtime:

  • Preview: Supported enabling or disabling Anthos VM Runtime on user clusters.
  • Preview: Enabled Anthos VM Runtime to support QEMU Copy On Write (QCOW2) format, which is a storage format for virtual disks on virtual machines. Some benefits of virtual disk capabilities are independent thin provisioning, better compression, and encryption at rest.
  • Preview: Enabled VMRuntime custom resource and the Network custom resource, which let you create VMs on either the node network with a static IP address or the default pod network.
  • Preview: Enabled VM pods audit logs for VM runtime resources.
  • Preview: Expanded guest OS versions that can run on the virtual machine. We support Windows Server 2019, 2016, Windows 10, Red Hat Enterprise Linux (RHEL) 8, Centos 8, and Ubuntu 20.04 as guest OS.
  • Preview: Enabled virtual machine high availability to provide greater uptime for virtual machines instances (VMIs) by automatically detecting and recovering from a range of host machine failures.

Breaking changes:

The gateway capability used by the egress NAT gateway and Bundled load balancing with BGP Preview features have changed in this release. The NetworkGatewayGroup custom resource replaces AnthosNetworkGateway and the capability is enabled with a new advancedNetworking field in the cluster configuration file, instead of an annotation. These changes affect the ability to upgrade clusters that use earlier versions of the features.

Anthos clusters on bare metal blocks cluster upgrades from version 1.9 to version 1.10 for clusters that use either of these two advanced networking features. You can upgrade a version 1.9 admin cluster that is managing 1.9 user clusters that use these features to version 1.10, but object reconciliation breaks for the AnthosNetworkGateway custom resource. Object reconciliation is the mechanism whereby admin clusters automatically copy/restore objects on managed user clusters when the objects have been defined alongside the cluster configuration. Any AnthosNetworkGateway custom resources are still functional and can be modified with kubectl.

To bring a version 1.9 cluster that uses either advanced networking Preview feature up to version 1.10, reset or delete the cluster and create a new 1.10 cluster.

Preview features and products are subject to change and are provided for testing and evaluation purposes only. Do not use Preview features on your production clusters.

Functionality changes:

  • Version 1.10.0 admin clusters aren’t visible from the Cloud Console or when performing gcloud container hub memberships list operations.
  • Enabled use of ADMIN_KUBECONFIG environment variable to reduce the number of bmctl command flags.
  • The cluster reconciliation process now checks for differences in the GKEHub membership before attempting to update it. If the GKEHub membership needs to be changed, the cluster is unregistered and then re-registered.
  • The advancedNetworking field in the cluster configuration file replaces the deprecated baremetal.cluster.gke.io/enable-anthos-network-gateway annotation for enabling advanced networking capabilities.
  • The NetworkGatewayGroup custom resource replaces the AnthosNetworkGateway custom resource.

Fixed cluster lifecycle functionalities:

  • Outputs from all bmctl commands except bmctl version are now written to log files.
  • Fixed strict mode for decoding the cluster YAML file. Extraneous information in the cluster YAML file now results in an error.
  • Fixed preflight check so that it no longer ignores the no_proxy setting.
  • Binaries in cluster provision no longer run from /tmp, which is often mounted with noexec options. This change fixes a preflight check “permission denied” error.
  • Switched the default server-side containerRuntime value from docker to containerd.

Observability:

  • Increased the priority of the kube-state-metrics service to keep it from being stuck in a pending state. This service generates metrics about Kubernetes API objects such as deployments, nodes, and pods.
  • Upgraded metrics-server to version 0.3.6 to fix a missing metrics issue that occurs when a duplicated pod name is present.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.