CCE uses now Kubernetes version 1.13.10 which incorporates the Docker engine v18.09. Automatic migration from 1.11 to 1.13 is currently not possible.
The other parts of this release contain the following features:
- The purpose of the feature is the possibility to encrypt EVS and SFS volumes with KMS directly in CCE console using Persistent Volume Claim. You can navigate under CCE console to Resource Management -> Storage section and create EVS / SFS for a specific cluster and namespace.
- More information about Persistent Volume Claim you can find on Kubernetes site: https://v1-13.docs.kubernetes.io/docs/concepts/storage/persistent-volumes/.
EulerOS 2.5 is now for CCE as hardened Kubernetes operating system available and contains the last fixed security vulnerabilities.
Multi-IP segments and node pool in CCE cluster
As a part of the current CCE release, there are two new network sub-features released.
- Support to add different subnets in a Kubernetes cluster. This feature can be useful for IP segment isolation and node expansion.
- Possibility to create custom node pools to improve autoscaling ability. A node pool is a group of compute nodes with the same node type (VM or BMS), specifications, and labels.
CCE got a new log-in option to CCE Kubernetes clusters with the IAM credentials that are used to authenticate to the API of the OTC. Native Kubernetes APIs are accessible with credentials taken from IAM token.
CA certificate download
CA certificate files are possible to download from the OTC console. Moreover, there is also a possibility to upload their own CA certificates during cluster creation.
Upgrade of multiple instances
The new feature allows for upgrading multiple instances at the same time. This parallelism allows improving the upgrade speed of a cluster.
Online YAML Configuration
OTC supports now an online YAML configuration. You can use your own configuration YAML files to administrate a Kubernetes cluster.
Cluster management permission control
Now we have two possibilities to manage cluster permissions.
- A Cluster-level permission management - by using IAM fine-grained authorization.
- And the Namespace-level permission management - by using Kubernetes RBAC authorization.
Network policy feature enables specification of rules how pods are allowed to communicate with each other.
Affinity and Autoscaling improvement
Feature improvement brings the possibility to update Affinity rules for existing deployments and improve the stability of auto-scaling.
Further information can be found in the CCE area of the Help Center.