Jump to: navigation, search

Airship v1.0 Release

The Airship community is excited to announce its v1.0 release in conjunction with the Open Infrastructure Summit Denver. Airship v1.0 delivers a wide range of enhancements to security, resiliency, continuous integration, and documentation as well as upgrades to the platform, deployment and tooling features. The v1.0 milestone marks production readiness of Airship for the enterprise.

The community has been actively developing toward the v1.0 release since the project was introduced as an OSF pilot project in May 2018, and has achieved security at scale, scalable operations and reliable upgrades, as well nightly CI/CD validation of integrations and example deployments. The release is ready to use, and the community has developed several CI-integrated reference manifests that have been documented as examples to get started.

The deployment manifests for the v1.0 release can be found here, and they may be deployed by following the Airship Site Deployment Guide.

Release Notes

Below is a summary of high-level enhancements to the Airship platform between the 1.0 Release Candidate and the 1.0 Release. It builds of functionality detailed in the v1.0 RC release notes: [[1]]

Platform security enhancements:

  • Leverage Linux capabilities and pod security contexts for privileged operations where applicable
  • Added Kubernetes audit logging and user context tracing
  • Leverage OpenStack-Helm Network Policy primitives
  • Implemented Kubernetes admission controller best practices
  • Added HTTP Security Headers to the Shipyard API
  • Tiller aligned into the Armada pod for restricted access/visibility
  • Added Pegleg support for YAML encryption at rest in Git repos
  • Added Pegleg support for random secret/PKI generation
  • Pegleg can now pass YAMLs directly into Shipyard, for secure secret management
  • Added support for etcd encryption
  • Leverage the Kubernetes PodSecurityPolicy admission controller

Platform, Deployment, and Tooling enhancements:

  • Pegleg enhanced to fetch declarative git repo cross-dependencies
  • Pegleg CLI interface extended and improved
  • Armada now deletes test pods from previous chart deployments automatically
  • Added Divingbell Exec module
  • Moved genesis.sh and PKI generation from Promenade to Pegleg
  • Added the Spyglass component for generation of site-level YAML manifests
  • Added Redfish as an OOB driver
  • Added Shipyard support for invoking Helm Tests on-demand
  • Laid groundwork for multi-OS support and added initial OpenSUSE support
  • Integrated Kubernetes 1.11.6 by default
  • Integrated Docker 17.03.3 by default
  • Integrated Helm v2.13.1

Continuous integration improvements:

  • Aligned Airskiff dev/test environment to Treasuremap globals
  • Chart linting gates added
  • Created automation to uplift Airship and OSH components in versions.yaml to latest master
  • Began publishing test results and logs to upstream gerrit patchsets
  • Added non-voting Airskiff lightweight integration checks to individual projects

Resiliency:

  • Implemented etcd backup functionality
  • Enhanced liveness and readiness probes
  • Airflow and Shipyard lifecycles aligned for smooth upgrades
  • Armada Wait logic enhanced with additional tunability and hardening
  • Added functionality for resilient MaaS services and networking

Documentation:

  • Added ops-focused guides for configuration updates and troubleshooting
  • Cleaned and expanded Treasuremap reference deployment manifests
  • Expanded documentation for individual Airship projects
  • Added documentation for disk config, ceph partitioning, secret generation, and cert requirements
  • Added a new lightweight, simple bare-metal definition (Airsloop) for getting started, and documentation on how to use