Difference between revisions of "Airship v1.0 Release"
m (→Airship v1.0 Release Notes) |
|||
| Line 1: | Line 1: | ||
| − | The Airship community is excited to announce its v1.0 release. | + | The Airship community is excited to announce its v1.0 release in conjunction with the Open Infrastructure Summit Denver. Airship v1.0 delivers a wide range of enhancements to security, resiliency, continuous integration, and documentation as well as upgrades to the platform, deployment and tooling features. The v1.0 milestone marks production readiness of Airship for the enterprise. |
== Release Notes == | == Release Notes == | ||
Below is a summary of high-level enhancements to the Airship platform between the 1.0 Release Candidate and the 1.0 Release. | Below is a summary of high-level enhancements to the Airship platform between the 1.0 Release Candidate and the 1.0 Release. | ||
| − | It builds of the v1.0 RC release notes: [[https://wiki.openstack.org/wiki/Airship_Release_Candidate]] | + | It builds of functionality detailed in the v1.0 RC release notes: [[https://wiki.openstack.org/wiki/Airship_Release_Candidate]] |
=== Platform security enhancements: === | === Platform security enhancements: === | ||
| Line 17: | Line 17: | ||
* Pegleg can now pass YAMLs directly into Shipyard, for secure secret management | * Pegleg can now pass YAMLs directly into Shipyard, for secure secret management | ||
* Added support for etcd encryption | * Added support for etcd encryption | ||
| − | * Leverage Kubernetes PodSecurityPolicy | + | * Leverage the Kubernetes PodSecurityPolicy admission controller |
| − | |||
===Platform, Deployment, and Tooling enhancements:=== | ===Platform, Deployment, and Tooling enhancements:=== | ||
| Line 39: | Line 38: | ||
* Created automation to uplift Airship and OSH components in versions.yaml to latest master | * Created automation to uplift Airship and OSH components in versions.yaml to latest master | ||
* Began publishing test results and logs to upstream gerrit patchsets | * Began publishing test results and logs to upstream gerrit patchsets | ||
| + | * Added non-voting Airskiff lightweight integration checks to individual projects | ||
===Resiliency:=== | ===Resiliency:=== | ||
| Line 51: | Line 51: | ||
* Cleaned and expanded Treasuremap reference deployment manifests | * Cleaned and expanded Treasuremap reference deployment manifests | ||
* Expanded documentation for individual Airship projects | * Expanded documentation for individual Airship projects | ||
| − | * Added documentation for disk config,ceph partitioning, secret generation, and cert requirements | + | * Added documentation for disk config, ceph partitioning, secret generation, and cert requirements |
| − | * Added a new lightweight, simple | + | * Added a new lightweight, simple bare-metal definition (Airsloop) for getting started, and documentation on how to use |
Revision as of 18:06, 27 April 2019
The Airship community is excited to announce its v1.0 release in conjunction with the Open Infrastructure Summit Denver. Airship v1.0 delivers a wide range of enhancements to security, resiliency, continuous integration, and documentation as well as upgrades to the platform, deployment and tooling features. The v1.0 milestone marks production readiness of Airship for the enterprise.
Contents
Release Notes
Below is a summary of high-level enhancements to the Airship platform between the 1.0 Release Candidate and the 1.0 Release. It builds of functionality detailed in the v1.0 RC release notes: [[1]]
Platform security enhancements:
- Leverage Linux capabilities and pod security contexts for privileged operations where applicable
- Added Kubernetes audit logging and user context tracing
- Leverage OpenStack-Helm Network Policy primitives
- Implemented Kubernetes admission controller best practices
- Added HTTP Security Headers to the Shipyard API
- Tiller aligned into the Armada pod for restricted access/visibility
- Added Pegleg support for YAML encryption at rest in Git repos
- Added Pegleg support for random secret/PKI generation
- Pegleg can now pass YAMLs directly into Shipyard, for secure secret management
- Added support for etcd encryption
- Leverage the Kubernetes PodSecurityPolicy admission controller
Platform, Deployment, and Tooling enhancements:
- Pegleg enhanced to fetch declarative git repo cross-dependencies
- Pegleg CLI interface extended and improved
- Armada now deletes test pods from previous chart deployments automatically
- Added Divingbell Exec module
- Moved genesis.sh and PKI generation from Promenade to Pegleg
- Added the Spyglass component for generation of site-level YAML manifests
- Added Redfish as an OOB driver
- Added Shipyard support for invoking Helm Tests on-demand
- Laid groundwork for multi-OS support and added initial OpenSUSE support
- Integrated Kubernetes 1.11.6 by default
- Integrated Docker 17.03.3 by default
- Integrated Helm v2.13.1
Continuous integration improvements:
- Aligned Airskiff dev/test environment to Treasuremap globals
- Chart linting gates added
- Created automation to uplift Airship and OSH components in versions.yaml to latest master
- Began publishing test results and logs to upstream gerrit patchsets
- Added non-voting Airskiff lightweight integration checks to individual projects
Resiliency:
- Implemented etcd backup functionality
- Enhanced liveness and readiness probes
- Airflow and Shipyard lifecycles aligned for smooth upgrades
- Armada Wait logic enhanced with additional tunability and hardening
- Added functionality for resilient MaaS services and networking
Documentation:
- Added ops-focused guides for configuration updates and troubleshooting
- Cleaned and expanded Treasuremap reference deployment manifests
- Expanded documentation for individual Airship projects
- Added documentation for disk config, ceph partitioning, secret generation, and cert requirements
- Added a new lightweight, simple bare-metal definition (Airsloop) for getting started, and documentation on how to use
