Release notes 1.12

This document lists production updates to Anthos clusters on bare metal. We recommend that Anthos clusters on bare metal developers periodically check this list for any new announcements.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/anthos-bare-metal-release-notes.xml

August 03, 2022

Release 1.12.1

Anthos clusters on bare metal 1.12.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.1 runs on Kubernetes 1.23.

Functionality changes:

  • Increased default memory limits for coredns, metallb-controller, metallb-speaker, metrics-server, anthos-cluster-operator, and cap-controller-manager.

  • Modified the dashboards Anthos cluster pod status and Anthos cluster node status. Specifically, the following changes were made:

    • Replaced cadvisor resource metrics with summary API resource metrics.
    • Added cpu, memory, and volume utilization metrics.

    If you have already installed these dashboards in a project, you need to download the JSON files Anthos-cluster-pod-status.json and Anthos-cluster-node-status.json from the Dashboards for Anthos GitHub repository. You then need to import these JSON files into Cloud Monitoring. For details, see Install sample dashboards.

Fixes:

  • Fixed issue in which nodes drained or cordoned by kubectl were mistakenly marked as schedulable.
  • Fixed issue in which cluster controller and autoscaler conflicted with each other in the scaling of istiod, coredns, and istio-ingress Pods.
  • Fixed issue in which the wrong data type was used in health check log messages, resulting in panic messages.
  • Fixed issue in which cluster restores failed when /var/lib/etcd is a mount point.
  • Fixed issue in which attempts to skip minor versions when upgrading weren't blocked. For details about the upgrade policy, see Minor version upgrades.
  • Fixed issue in which an external VIP Service of type LoadBalancer would not respond when flat IP mode was enabled.

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Release 1.12.1 ships with containerd version 1.5.13, which requires libseccomp version 2.5 or higher. If your system doesn't have libseccomp version 2.5 or higher installed, update it in advance of upgrading existing clusters to version 1.12.1. Otherwise, you may see errors in cplb-update Pods for load balancer nodes such as:

runc did not terminate successfully: runc: symbol lookup error: runc:
undefined symbol: seccomp_notify_respond

To install the latest version of libseccomp in Ubuntu, run the following command:

sudo apt-get install  libseccomp-dev

To install the latest version of libseccomp in CentOS or RHEL, run the following command:

sudo dnf -y install libseccomp-devel

June 29, 2022

Release 1.12.0

Anthos clusters on bare metal 1.12.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.0 runs on Kubernetes 1.23.

The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Starting from Anthos clusters on bare metal 1.12.0, you will not be able to create new clusters that use the Docker Engine container runtime. All new clusters should use the default container runtime containerd.

Improved cluster lifecycle functionalities:

  • Upgraded Anthos clusters on bare metal to use Kubernetes version 1.23. 

  • Upgraded container runtime to containerd 1.5.

  • Updated preflight check to forward default SSH key if no key is provided.

  • Added support for new GCPAccounts field in the cluster configuration file. This field enables the assignment of a cluster-admin role to end-users.

  • Added labels to control plane, control plane load balancer, and load balancer node pools, so that these different node pools can be distinguished from each other.

  • Added nodepool reference label to nodes so that worker nodes can be listed in the UI.

Observability:

  • GA: Added Summary API metrics. These metrics are scraped from the Kubernetes Summary API and provide CPU, memory, and storage metrics for Pods, containers, and Nodes.

  • Added separate flags to enable logging and monitoring for user applications separately: EnableCloudLoggingForApplications and EnableGMPForApplications. The legacy flag EnableStackdriverForApplications will be deprecated and removed in future releases.

  • Preview: Added Google Cloud Managed Service for Prometheus to collect application metrics and monitor cluster health.

  • Upgraded GKE Metrics Agent (gke-metrics-agent) from version 1.1.0 to 1.8.3. This tool scrapes metrics from each cluster node and publishes them in Cloud Monitoring.

  • Added the following resource utilization metrics. For more information about these and other metrics, see View Anthos clusters on bare metal metrics:

    • container/cpu/request_utilization
    • container/cpu/limit_utilization
    • container/memory/request_utilization
    • container/memory/limit_utilization
    • node/cpu/allocatable_utilization
    • node/memory/allocatable_utilization
    • pod/volume/utilization
  • Added sample dashboards for monitoring cluster health to Cloud Monitoring sample dashboards. Customers can install these dashboards with one click.



  • Scoped down the RBAC permissions of stackdriver-operator, a component that performs logging and monitoring.

Security:

  • AIS CA deprecation. AIS certs are now signed by cluster CA.

  • Changed ca-rotation container image so that it uses a distroless rather than a Debian-based image.

  • RBAC permissions of the cluster-operator component have been eliminated or reduced to address elevated permissions.

  • GA: Anthos Identity Service LDAP authentication support.

Networking:

  • Preview: Enabled creation of IPv6 and Dual Stack LoadBalancer services. Border Gateway Protocol (BGP) is used for Dualstack clusters. Advertising IPv4 and IPv6 routes over IPv4 sessions is supported.

  • Preview: Added Network Connectivity Gateway feature support to provide HA VPN between Google Cloud and an on-premises Anthos cluster.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.