To get the latest product updates delivered to you, add the URL of this page to your
reader, or add the feed URL directly:
May 17, 2021
Anthos clusters on bare metal release 1.6.3 is now available. To upgrade, see Upgrading Anthos clusters on bare metal. Anthos clusters on bare metal 1.6.3 runs on Kubernetes 1.18.
- Fixed CVE-2021-25735 that could allow node updates to bypass a Validating Admission Webhook. For more details, open the Anthos clusters on bare metal tab of the GCP-2021-003 security bulletin.
- Fixed CVE-2021-28683, CVE-2021-28682, and CVE-2021-29258. For more details, open the Anthos clusters on bare metal tab of the GCP-2021-004 security bulletin.
When you upgrade Anthos clusters on bare metal from a version with a security patch to the next minor release, we recommend you upgrade to the highest patch version to ensure you have the latest security fixes. Always review the release notes before upgrading so you're aware of what has changed, including security fixes and known issues. Upgrading to a lower release version isn't supported.
For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
May 06, 2021
For more information, see the GCP-2021-004 security bulletin.
April 20, 2021
The Kubernetes project recently announced a new security vulnerability, CVE-2021-25735, that could allow node updates to bypass a Validating Admission Webhook. For more details, see the GCP-2021-003 security bulletin.
February 26, 2021
Anthos on bare metal 1.6.2 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.6.2 runs on Kubernetes 1.18.
- Updated custom resource API to reject changes to Cluster and NodePool configuration fields that are not currently supported. For a list of supported mutable fields, see Configuration in Known Issues.
bmctlto allow creating or upgrading Anthos clusters on bare metal to the current
bmctlversion (1.6.2) only. For more information about version restrictions, see Installation in Known Issues.
- Fixed an issue that caused the automatic reset of bare metal machines to fail after deleting the user cluster.
- Added preflight check to verify that control group v2, or cgroup v2 for short, is not in use on the cluster machine. Anthos on bare betal 1.6.x is incompatible with cgroup v2. For more information, see Control group v2 incompatibility in Known Issues.
csi-snapshot-validation-webhookto support certification rotation. For more information about certificate rotation, see Security in Known Issues.
- Fixed an issue to prevent constant patching for
- Fixed a Certificate Signing Request (CSR) issue with
kubeletto ensure fully qualified domain name(FQDN) hostnames are supported.
For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.
January 29, 2021
Anthos on bare metal 1.6.1 is now available. To upgrade, see Upgrading Anthos on bare metal. Anthos on bare metal 1.6.1 runs on Kubernetes 1.18.6-gke.6600.
- Added upgrade support from 1.6.0. Users are able to upgrade existing Anthos bare metal cluster from 1.6.0 to 1.6.1.
- Improved upgrade preflight check. Added preflight check before cluster upgrade to validate current cluster status, machine health and other issues before proceeding to upgrade.
- Added support for deleting mounts and data from the anthos-system StorageClass during
- Relaxed the requirement for an odd number of control plane node pools to allow customers to add and remove nodes for maintenance or replacement.
- Added support to force removing a broken worker node through annotation on the operator machine.
- Added etcddefrag pod to control-plane nodes, which are responsible for monitoring etcd's database size and defragmenting the database as needed. This helps reclaim etcd database size and recover etcd when its disk space is exceeded.
- Enabled kubelet server TLS certification auto-rotation. Kubelet on each node sends out CSR when nearing serving certificate expiration. A controller running inside the admin cluster validates and approves the CSR for user clusters.
- Added proxy support to connect to the OIDC provider. This allows overriding the cluster proxy configuration with a different proxy.
bmctl update clusterfor updating standalone clusters.
- Fixed bug causing cluster deletion stall problem because of pods refusing to evacuate, or dead nodes.
November 30, 2020
Anthos on bare metal is generally available
Anthos on bare metal is a deployment option to run Anthos on physical or virtual servers, deployed on an operating system provided by you, without a hypervisor layer. Anthos on bare metal ships with built-in networking, lifecycle management, diagnostics, health checks, logging, and monitoring. Anthos on bare metal supports CentOS, Red Hat Enterprise Linux (RHEL), and Ubuntu—all validated by Google. With Anthos on bare metal, you can use your company's standard hardware and operating system images, taking advantage of existing investments, which are automatically checked and validated against Anthos infrastructure requirements.
Anthos on bare metal is available today, with either subscription or pay-as-you-go pricing. Anthos on bare metal lets you leverage existing investments in hardware, OS, and networking infrastructure. The minimum system requirement to run Anthos on bare metal is 2 nodes with a minimum total of 4 cores, 32 GB RAM, and 128 GB of disk space with no specialized hardware. The setup lets you run Anthos on bare metal on almost any infrastructure.
Anthos on bare metal uses a "bring your own operating system" model. It runs atop physical or virtual instances, and supports Red Hat Enterprise Linux 8.1/8.2, CentOS 8.1/8.2, or Ubuntu 18.04/20.04 LTS. Anthos provides overlay networking and L4/L7 load balancing. You can also integrate with your own load balancer such as F5 and Citrix. For storage, you can deploy persistent workloads using CSI integration with your existing infrastructure.
You can deploy Anthos on bare metal using one of the following deployment models:
- A standalone model lets you manage every cluster independently. This is a good choice when running in an edge location or if you want your clusters to be administered independent of one another.
- The multiple-cluster model lets central IT teams manage a fleet of clusters from a centralized cluster, called the admin cluster. This is more suitable if you want to build automation or tooling, or if you want to delegate the lifecycle of clusters to individual teams without sharing sensitive credentials such as SSH keys or Google Cloud service account details.
Like with all Anthos environments, a bare metal cluster has a thin, secure connection back to Google Cloud called Connect. After it's installed in your clusters, you can centrally view, configure, and monitor your clusters from the Google Cloud Console.
Anthos on bare metal, which is part of the Anthos 1.6 release, provides the following features and capabilities:
- Kubernetes 1.18
- Ubuntu/RHEL/CentOS support
- Standalone and multiple-cluster architecture
- In-place upgrades (minor and major)
- Overlay networking, Ingress (L7), integrated load balancing (L4, L2-Mode)
- Manual load balancing (F5, Citrix)
- Installs behind proxy support
- Preflight and health checks
- Node maintenance mode
- Cloud Monitoring and Cloud Logging
- ACM, ASM, identity, hub or connect, billing, and pay-as-you-go
- NVIDIA GPU support
- Scales to 500 nodes
- Virtual machine management (Kubevirt) preview