Airship v1.0 Release
The Airship community is excited to announce its v1.0 release.
Contents
Airship v1.0 Release Notes
Below is a summary of high-level enhancements to the Airship platform between the 1.0 Release Candidate and the 1.0 Release. It builds of the v1.0 RC release notes: [[1]]
Platform security enhancements:
- Leverage Linux capabilities and pod security contexts for privileged operations where applicable
- Added Kubernetes audit logging and user context tracing
- Leverage OpenStack-Helm Network Policy primitives
- Implemented Kubernetes admission controller best practices
- Added HTTP Security Headers to the Shipyard API
- Tiller aligned into the Armada pod for restricted access/visibility
- Added Pegleg support for YAML encryption at rest in Git repos
- Added Pegleg support for random secret/PKI generation
- Pegleg can now pass YAMLs directly into Shipyard, for secure secret management
- Added support for etcd encryption
- Leverage Kubernetes PodSecurityPolicy
- Incorporated etcd encryption
Platform, Deployment, and Tooling enhancements:
- Pegleg enhanced to fetch declarative git repo cross-dependencies
- Pegleg CLI interface extended and improved
- Armada now deletes test pods from previous chart deployments automatically
- Added Divingbell Exec module
- Moved genesis.sh and PKI generation from Promenade to Pegleg
- Added the Spyglass component for generation of site-level YAML manifests
- Added Redfish as an OOB driver
- Added Shipyard support for invoking Helm Tests on-demand
- Laid groundwork for multi-OS support and added initial OpenSUSE support
- Integrated Kubernetes 1.11.6 by default
- Integrated Docker 17.03.3 by default
- Integrated Helm v2.13.1
Continuous integration improvements:
- Aligned Airskiff dev/test environment to Treasuremap globals
- Chart linting gates added
- Created automation to uplift Airship and OSH components in versions.yaml to latest master
- Began publishing test results and logs to upstream gerrit patchsets
Resiliency:
- Implemented etcd backup functionality
- Enhanced liveness and readiness probes
- Airflow and Shipyard lifecycles aligned for smooth upgrades
- Armada Wait logic enhanced with additional tunability and hardening
- Added functionality for resilient MaaS services and networking
Documentation:
- Added ops-focused guides for configuration updates and troubleshooting
- Cleaned and expanded Treasuremap reference deployment manifests
- Expanded documentation for individual Airship projects
- Added documentation for disk config,ceph partitioning, secret generation, and cert requirements
- Added a new lightweight, simple site definition for getting started, and documentation on how to use