Release Notes

v1.7.0

Features

  • Added support for managing Verrazzano installed on clusters that were provisioned using the cluster API.
  • Added support for OKE lifecycle management on Rancher UI and Rancher APIs.
  • Added OKEQuickCreate custom resource to support ease-of-use when creating OKE clusters on OCI.
  • Added OCNEOCIQuickCreate custom resource to support ease-of-use when creating Oracle Cloud Native Environment clusters on OCI.
  • Added support for Thanos Ruler and Compactor.
  • Decoupled the Cluster Management API from Rancher.
  • Enabled lifecycle management of OKE clusters.

Enhancements:

  • Updated Alertmanager to version 0.26.0.
  • Added support and certified Domain on PV for WebLogic domains managed by Verrazzano.
  • Now, Prometheus rules in the kube-prometheus-stack and Thanos Helm charts are enabled by default.
  • Added Prometheus alerting rules for Verrazzano operators.
  • Added a progress flag in the Verrazzano CLI, which shows components’ installation progress in real time.
  • Enabled status updates for Istio reconciled objects.
  • Added support for Oracle Cloud Native Environment v1.7.
  • Added the ability to enable security plug-ins in OpenSearch clusters.
  • Now, Verrazzano uses OpenSearch operator-managed OpenSearch. To avoid any data loss during an upgrade, we advise you to make a backup before upgrading.
  • Described trial method for using Cluster API to configure OCNE clusters on Microsoft Azure or VMware vSphere.

Component version updates:

  • Argo CD v2.8.3
  • Cluster API v.1.5.0
  • Coherence Operator v3.2.11
  • kube-state-metrics v2.10.0
  • NGINX Prometheus Exporter v0.11.0
  • Node Exporter v1.6.1
  • Prometheus Pushgateway v1.6.2

Components added:

  • Cluster-API-Verrazzano-Addon v1.0.0
  • Dex v2.37.0
  • OpenSearch Operator v2.4.0

Known Issues

  • When updating the node pool of a cluster API based OKE cluster, the console may report the cluster state as ‘Active’ prematurely.

Previous Release Information

v1.6.10

Fixes:

  • Fixed an issue where pods would crash frequently with an Envoy core dump.
  • Fixed Envoy build to be RELEASE type.

v1.6.9

Fixes:

  • Fixed an issue where the Keycloak pod was repeatedly deleted.

v1.6.8

Enhancements:

  • Refreshed component images for security.

Component version updates:

  • Istio v1.19.0
  • Kiali v1.73.0
  • Rancher v2.7.6

Fixes:

  • Fixed a Keycloak post-installation issue.
  • Fixed an issue with Cluster API URL overrides not working correctly.
  • Fixed an issue that caused the unnecessary restart of OAM application pods.

v1.6.7

Enhancements:

  • Support for WebLogic Kubernetes Operator 4.1.2 features for InitalizeDomainOnPV.
  • Refreshed component images for security and reduced image size.

Component version updates:

  • Thanos v0.32.2 (includes support for OKE Workload Identities)
  • Cluster API v1.4.6
  • Cluster API OCI Controller v0.12.1
  • WebLogic Kubernetes Operator v4.1.2
  • WebLogic Monitoring Exporter v2.1.5

Fixes:

  • Now labels can be added to an ArgoCD managed cluster secret.
  • Improved support for Cluster API version overrides.
  • Grafana dashboard update to show persistent volumes.

v1.6.6

Enhancements:

  • Added support for Kubernetes v1.27.
  • Reduced Verrazzano console image size.
  • Enhanced the Rancher Helm chart to support customizing Rancher pod affinity settings.

Fixes:

  • Fixed an issue that prevented tolerating an empty VerrazzanoManagedCluster resource caSecret field.
  • Fixed orphaned resources during uninstall when the Verrazzano platform operator restarts.
  • Fixed issues where self-signed CA certificate expiration caused the upgrade operation to hang.
  • Fixed issues relating to cert-manager-webhook-OCI upgrade.
  • Fixed issues relating to the pod security policies of prometheus-node-exporter and rancher-backup Operator.
  • Fixed an issue with updating the WebLogic Server cluster resource.

v1.6.5

Enhancements:

  • Reduced NGINX Ingress Controller image size.
  • Reduced Fluentd image size.
  • Cluster API ClusterClass support expanded.
  • Updated to the Rancher v2.75 console.
  • Added Verrazzano platform operator Helm chart.

Fixes:

  • Fixed an issue where authproxy wouldn’t automatically pick up a new configuration.
  • Fixed an issue where Verrazzano CR wouldn’t allow for empty volume fields on update.
  • Fixed verrazzano-cluster-operator VerrazzanoManagedCluster resource reconcile error metric counting.

v1.6.4

Component version updates:

  • Istio v1.17.2
  • Rancher v2.7.5
  • Kiali v1.66.1
  • CAPOCNE v1.7.0

Fixes:

  • Fixed an issue with provisioning OCNE workload clusters with the Rancher UI when using Let’s Encrypt staging certificates.
  • Fixed issues where upgrade would not successfully occur if pods had errors.
  • Fixed an issue with upgrading the Verrazzano resource in the Reconciling state.

v1.6.3

Enhancements:

  • vz bug-report now captures Cluster API resources and Rancher cluster-related resources.
  • vz analyze now checks for issues with Cluster API resources and Rancher cluster-related resources.

Fixes:

  • Fixed an issue with Fluent Bit Parser not getting registered correctly.

v1.6.2

Enhancements:

  • Verrazzano analysis tooling enhancements.

Fixes:

  • Fixed an issue with vz upgrade requiring --version when a manifest file was specified.
  • Fixed an issue with vz install and upgrade processing CAPI images in a disconnected environment.
  • Fixed an issue with image format on pulls that prevented Verrazzano installation on AKS.

v1.6.1

Enhancements:

  • Now, you can create a new virtual cloud network when creating OCNE clusters from the console.

Component version updates:

  • WebLogic Kubernetes Operator v4.1.0

v1.6.0

Features:

  • Added support for creating OCNE clusters from the console.
  • Added Thanos, which supports high availability and long-term metrics storage on top of Prometheus.
  • Added Fluent Operator, which, if you enable it, allows the use of Fluent Bit for log processing.

Enhancements:

  • Enhanced the Verrazzano CLI to support installing and upgrading from a private registry and in disconnected environments.
  • Now, you can use customer-managed cert-manager instances with Verrazzano.
  • Added support for Kubernetes v1.25 and v1.26.

Component version updates:

  • Argo CD v2.7.2
  • Coherence Operator v3.2.10
  • Jaeger v1.42.0
  • kube-state-metrics v2.8.2
  • NGINX Ingress Controller v1.7.1
  • Prometheus Operator v0.64.1
  • Prometheus v2.44.0
  • Rancher v2.7.3
    • Rancher Partner charts and RKE2 charts are no longer bundled.
  • Rancher Backup Operator v3.1.0
  • WebLogic Kubernetes Operator v4.0.6
  • WebLogic Monitoring Exporter v2.1.3

Components added:

  • cert-manager webhook for Oracle Cloud Infrastructure DNS v0.1.0
  • Cluster API v1.4.2
  • Fluent Operator v2.2.0
  • Thanos v0.30.2

Fixes:

  • Disabled the startupapicheck job in cert-manager startup.
  • Fixed an issue with Rancher SSO via Keycloak when using a custom CA for Verrazzano certificates.
  • Fixed an issue where not defining the replicas for default OpenSearch node pools in the Verrazzano CR caused the pods to terminate.
  • Updated the base image and other component images to resolve CVEs.

Known issues and workarounds:

  • Systemd journal logs are not collected on some platforms. The systemd plugin for Fluentd cannot read systemd journal files on Kubernetes nodes that use newer versions of systemd. This is known to impact the default node images of kind for Kubernetes 1.24 and later, Oracle Linux 9, and any other Kubernetes cluster nodes running on an operating system that has systemd version 246 or later.
  • Registration of managed clusters using the Verrazzano console is not working in disconnected environments. Use the Kubernetes Custom Resources method instead.

v1.5.7

Enhancements:

  • Refreshed component images for security and reduced image size.

Component version updates:

  • Istio v1.15.7
  • WebLogic Kubernetes Operator v4.0.9
  • WebLogic Monitoring Exporter v2.1.5

Fixes:

  • Fixed issues with orphaned resources during uninstall when VPO restarts.
  • Fixed issues relating to the pod security policies of prometheus-node-exporter and rancher-backup Operator.
  • Fixed an issue with updating the WebLogic Server cluster resource.
  • Grafana dashboard update to show persistent volumes.

v1.5.6

Enhancements:

  • Reduced Fluentd image size.

Fixes:

  • Fixed an issue where the Verrazzano CLI would not reject an invalid custom resource.

v1.5.5

Fixes:

  • Fixed issues with Rancher certificates that were out of sync or expired.
  • Fixed issues with certificates in multicluster environments.
  • Fixed issue where Istio was incorrectly waiting for disabled deployments.
  • Fixed upgrade issues in the command-line tool (CLI).
  • Fixed issues in the Verrazzano validating webhook.

v1.5.4

Component version updates:

  • Rancher v2.7.3
  • WebLogic Kubernetes Operator v4.0.7
  • WebLogic Monitoring Exporter v2.1.4

Fixes:

  • Fixed an issue with Argo CD to allow the policy.csv field in the argocd-rbac-cm ConfigMap to be overridden.
  • Fixed an issue with Rancher SSO using Keycloak when using a custom CA for Verrazzano certificates.
  • Fixed an issue where not defining the replicas for default OpenSearch node pools in the Verrazzano CR caused the pods to terminate.

v1.5.3

Features:

  • The vz CLI uninstall command now prompts you to confirm before continuing with the uninstall operation. You can override the prompt using the flag --skip-confirmation or shorthanded as -y.

Component version updates:

  • Jaeger v1.42.0
  • WebLogic Kubernetes Operator v4.0.6
  • WebLogic Monitoring Exporter v2.1.3

Fixes:

  • Disabled the startupapicheck job during cert-manager startup.
  • Fixed an installation issue related to incorrect ingress names in certain configurations.
  • Fixed an Argo CD issue to reuse Rancher auth tokens when applicable.

v1.5.2

Component version updates:

  • Rancher 2.7.1

Fixes:

  • Fixed vz CLI to allow specified version numbers to start without a leading “v”.
  • Fixed an upgrade failure where a validation webhook was called when upgrading from v1.5.0. This failure occurred when using v1.4.x of the vz CLI.

v1.5.1

Component version updates:

  • WebLogic Kubernetes Operator v4.0.5
  • WebLogic Monitoring Exporter v2.1.2

Fixes:

  • Fixed the query for the Service variable in the WebLogic Grafana dashboard.
  • Fixed upgrade issue with PVCs getting lost when OpenSearch master node’s StatefulSet was occasionally deleted during upgrade.
  • In the case of a plug-in installation failure, fixed the OpenSearch plug-in installation to fail only the master nodes.
  • Updated base and other images for bugs and security.

v1.5.0

Features:

  • Added Argo CD, which can be used as a declarative, GitOps continuous delivery tool for deploying applications.
  • Separated Verrazzano Platform Operator and Verrazzano platform webhooks into separate deployments for scalability and resiliency.
  • Added component availability to the Verrazzano custom resource, now displayed in the resource’s status printout.
  • Simplified Verrazzano managed cluster registration, which now can be done entirely from the Rancher console, including the ability to configure which Rancher clusters are treated as Verrazzano managed clusters.
  • Grafana dashboards now are organized in folders. Added Grafana dashboards for Istio, JVM Micrometer, user applications, and Verrazzano system health.

Components added:

  • Argo CD v2.5.3
  • MySQL Operator v8.0.32-2.0.8

Component version updates:

  • Coherence Operator v3.2.9
  • MySQL Server v8.0.32
  • oam-kubernetes-runtime v0.3.3
  • NGINX Ingress Controller v1.3.1
  • Prometheus v2.38.0
  • Prometheus Operator v0.59.1
  • External DNS v0.12.2
  • kube-state-metrics v2.6.0
  • cert-manager v1.9.1
  • Prometheus Adapter for Kubernetes Metrics APIs v0.10.0
  • Grafana v7.5.17
  • WebLogic Kubernetes Operator v4.0.4
  • WebLogic Monitoring Exporter v2.1.0
  • OpenSearch v2.3.0
  • OpenSearch Dashboards v2.3.0
  • Istio v1.15.3
  • Jaeger v1.37.0
  • Kiali v1.57.1
  • Keycloak v20.0.1

Fixes:

  • Updated base and other images for bugs and security.
  • Fixed intermittent Rancher upgrade failures with errors stating that the available chart version is less than the minimum chart version for Rancher system charts.
  • Fixed Fluentd configuration to prevent duplication of logs in OpenSearch on Fluentd restarts or upgrade.
  • Fixed I/O timeout errors while installing Verrazzano on an RKE2 cluster.
  • Fixed IngressTrait JWT related issues to allow multiple paths where one path has RequestPrincipals and the other doesn’t.
  • Fixed IngressTrait JWT so that RequestPrincipals with no paths are allowed.
  • Fixed IngressTrait related AuthorizationPolicy cleanup when an application is deleted.

v1.4.8

Component version updates:

  • WebLogic Kubernetes Operator v3.4.10
  • WebLogic Monitoring Exporter v2.1.5

Fixes:

  • Fixed issues with orphaned resources during uninstall when VPO restarts.

v1.4.7

Fixes:

  • Fixed issues where upgrade would not successfully occur if pods had errors.
  • CVE fixes for Istio 1.14.3.

v1.4.6

Enhancements:

  • Verrazzano CLI tool validates that commands are entered correctly.

Fixes:

  • Fixed issues that occurred when Let’s Encrypt was being used with Rancher.
  • Fixed issues regarding Rancher certificates that were out of sync or expired.
  • Fixed issues relating to noisy Keycloak logs.

v1.4.5

Fixes:

  • Updated base and other images for issues and security.

Component version updates:

  • WebLogic Kubernetes Operator v3.4.7
  • WebLogic Monitoring Exporter v2.1.3

v1.4.4

Fixes:

  • Fixed IngressTrait JWT related issues to allow multiple paths where one path has requestPrincipals and the other doesn’t.
  • Fixed IngressTrait JWT so that requestPrincipals with no paths are allowed.
  • Fixed IngressTrait related AuthorizationPolicy cleanup when application is deleted.
  • Fixed the query for the Service variable in WebLogic Grafana dashboard.
  • Fixed issues with Keycloak startup due to stale JGROUPSPING entries after pod restarts.

Component version updates:

  • WebLogic Kubernetes Operator v3.4.6
  • WebLogic Monitoring Exporter v2.1.2

v1.4.3

Fixes:

  • Fixed unnecessary restart of user applications during upgrade from a previous Verrazzano release.
  • Fixed Fluentd configuration to prevent duplication of logs in OpenSearch on Fluentd restart or upgrade.
  • Fixed WebLogic Grafana dashboards to get the service label value correctly and display data properly.
  • Fixed I/O timeout errors installing Verrazzano on an RKE2 cluster.
  • Fixed an issue that prevented Persistent Volumes from being deployed as part of an OAM Component.
  • Fixed default Helidon workload service so that the service ports don’t automatically get named with the prefix tcp-.
  • Fixed the CLI vz analyze command so that it works with earlier Verrazzano releases.
  • Added support for the installation of non-bundled OpenSearch plug-ins.
  • Added serviceTemplate to VerrazzanoHelidonWorkload to allow users to customize the Helidon workload service.
  • Added support for the javaOpts argument for the OpenSearch JVM.

Component version updates:

  • Grafana v7.5.17
  • WebLogic Kubernetes Operator v3.4.5
  • WebLogic Monitoring Exporter v2.1.1

v1.4.2

Fixes:

  • In OpenSearch Dashboards, resolved a redirect issue to Keycloak.
  • For the managed cluster profile, resolved an issue where Keycloak authentication integration was not identified as enabled in Rancher.
  • Resolved an intermittent Rancher issue where the available chart version was lower than the minimum chart version.
  • Updated base and other images to resolve CVEs.

v1.4.1

Fixes:

  • Updated OpenSearch heap memory settings.
  • Fixed the WebLogic and Helidon Grafana dashboards so that they display data properly.
  • Updated base and other images to resolve CVEs.

v1.4.0

Features:

  • Added the Verrazzano command-line tool (CLI) for interactive installation, upgrade, uninstall, cluster analysis, and bug reporting.
  • Added backup and restore functionality using Velero and rancher-backup.
  • Added Prometheus Operator based metrics collection (using ServiceMonitors and PodMonitors) for both Verrazzano system components and applications.
  • Added a new API version for the Verrazzano resource, install.verrazzano.io/v1beta1. See the Deprecated API Migration Guide.
  • Verrazzano distribution tar.gz artifacts now include the new CLI binaries and tooling.
  • Replaced Elasticsearch and Kibana with OpenSearch and OpenSearch dashboards (pods, URLs, CRD fields).
  • Improved Rancher integration.
    • Added the Rancher UI-based Verrazzano console.
    • Keycloak SSO authentication and authorization is configured by default.
    • OCI drivers now are enabled by default and ready-to-use.
  • kube-prometheus-stack components now are enabled by default.
  • Improved uninstall resiliency and performance.
  • Added support for OCNE 1.5.x.
  • Added support for Kubernetes v1.24.

Component version updates:

  • Coherence Operator v3.2.6
  • Istio v1.14.3
  • Jaeger v1.34.1
  • Rancher v2.6.8

Components added:

  • Rancher Backup Operator v2.1.3
  • Velero v1.8.1
  • Velero Plugin For AWS v1.4.1

Components removed:

  • Config Map Reload

Fixes:

  • Resolved an issue where Verrazzano started an installation, immediately after an upgrade, but before all the components were ready.
  • Resolved an issue where application pods that required an Istio sidecar did not restart after an upgrade.
  • Resolved unnecessary temporary file cleanup for Helm overrides after installation or upgrade.
  • Resolved an issue with Verrazzano resource status conditions being appended as duplicates instead of updated.
  • Resolved an issue where Verrazzano Monitoring Operator was querying OpenSearch before it was ready.
  • Resolved an issue where Verrazzano Platform Operator transitioned to a ready condition before all webhook context paths were ready.
  • Updated base and other images to resolve CVEs.

v1.3.8

Fixes:

  • Fixed a Rancher upgrade issue that prevented Rancher from upgrading Fleet, GitJob, and Rancher webhook.
  • Updated images to resolve CVEs.

v1.3.7

Fixes:

  • Corrected the Kiali 1.42 Helm charts.
  • Resolved an issue with resizing OpenSearch storage volumes when using a storage class that supports volume expansion.

v1.3.6

Fixes:

  • Resolved an issue in OpenSearch where user provided JVM heap size setting was not used.

v1.3.5

Component version updates:

  • WebLogic Kubernetes Operator v3.4.3

v1.3.4

Fixes:

  • Updated the Kiali image to fix CVEs.
  • Resolved an issue with Prometheus volume attachment during upgrade.

Component version updates:

  • Rancher v2.6.6

v1.3.3

Fixes:

  • Fixed AuthProxy to emit access logs.
  • Fixed Verazzano Console intermittent failures of timing out loading application details.

Component version updates:

  • Istio v1.13.5

v1.3.2

Fixes:

  • Fixed Fluentd pattern to correctly parse severity value from WebLogic logs.
  • Fixed IngressTrait to remove the deleted IngressTrait entries from the Istio Gateway.

v1.3.1

Fixes:

  • Resolved an issue where the Verrazzano uninstall deleted additional namespaces when deleting Rancher components.
  • Fixed IngressTrait controller to support Services as component workloads.
  • Added liveness probe for the AuthProxy NGINX server.
  • Added support for dynamic configuration overrides to Verrazzano components from various monitored sources, including ConfigMaps, Secrets, and Values referenced in the Verrazzano CR.
  • Added support for JWT authentication and authorization policy specification for applications.
  • Added support for Prometheus Service Monitor and Pod Monitor CRs deployed using Prometheus Operator.
  • Updated Keycloak image to fix CVEs.

v1.3.0

Features:

  • Post-installation updates: configurations for DNS, certificate management, logging, ingress, and OpenSearch cluster configuration can be updated after a Verrazzano installation.
  • Added Jaeger Distributed Tracing.
  • Support for Kubernetes v1.22 and v1.23.
  • kube-prometheus-stack components are now part of Verrazzano and can be enabled, these include Prometheus Operator, Alertmanager, kube-state-metrics, and such.

Component version updates:

  • cert-manager v1.7.1
  • Coherence Operator 3.2.5
  • Istio v1.13.2
  • Jaeger Operator v1.32.0
  • Kiali v1.42.0
  • NGINX Ingress Controller v1.1.1
  • Node Exporter v1.3.1
  • Prometheus v2.34.0
  • Rancher v2.6.4
  • WebLogic Kubernetes Operator v3.4.0

Components added:

  • Alertmanager v0.24.0
  • kube-state-metrics v2.4.2
  • Prometheus Adapter v0.9.1
  • Prometheus Operator v0.55.1
  • Prometheus Pushgateway v1.4.2

Fixes:

  • Resolved an issue in the console UI with displaying multicluster applications when a managed cluster is partially registered.
  • Resolved an issue in the console UI with the display of the Bob’s Books sample WebLogic application.
  • Resolved an issue with exporting WebLogic application metrics in a private registry installation of Verrazzano.

v1.2.2

Fixes:

  • Resolved an issue with the Grafana Dashboards for Helidon in multicluster setup.
  • Resolved an issue with naming the Istio Authorization Policy for the AuthProxy.
  • Resolved an issue with AuthProxy pods being evicted due to ephemeral storage.
  • Resolved an issue with the length of the cookie TTL in the ingress trait.

v1.2.1

Fixes:

  • Resolved an issue with upgrade when configured to use a private registry.
  • Resolved an issue with the public image of WebLogic Monitoring Exporter being used when a private registry is configured.
  • Resolved an issue with intermittent upgrade failures while upgrading from Verrazzano v1.0.2 to v1.2.0.
  • Resolved an issue with the console UI when viewing WebLogic applications.
  • Resolved an issue with the console UI when displaying an application that is targeted to a managed cluster that has not completed the registration process.
  • Resolved an issue with the console UI not displaying the traits for an OAM application.
  • Resolved an issue with the verrazzano-application-operator pod continually crashing and restarting.
  • Resolved an issue with the WebLogic workload logHome value being ignored and always using /scratch/log.
  • Resolved an issue with Prometheus not scraping metrics from Verrazzano managed namespaces that do not have Istio injection enabled.
  • The Verrazzano operators no longer have watches on resources in the kube-system namespace.
  • Updated Keycloak image to address CVEs.

Known Issues:

  • Importing a Kubernetes v1.21 cluster into Rancher might not work properly. Rancher does not currently support Kubernetes v1.21.

v1.2.0

Features:

  • Logging enhancements:
    • Added support for Oracle Cloud Infrastructure Logging integration.
    • Replaced Elasticsearch and Kibana with OpenSearch and OpenSearch Dashboard.
    • Updated OpenSearch prod profile data node configuration to 3 replicas.
    • Enhanced Fluentd parsing/filtering rules for Verrazzano system logs.
  • Added support for using instance_principal authorization with using Oracle Cloud Infrastructure DNS.
  • Added support for metrics integration with non-OAM applications.
  • Added support for scaling Istio gateways and setting affinity.
  • Added support for scaling Verrazzano AuthProxy and setting affinity.
  • Component version updates:
    • External DNS v0.10.2.
    • MySQL v8.0.28.
    • Grafana v7.5.11.
    • Prometheus v2.31.1.
    • OpenSearch v1.2.3 (replaces Elasticsearch).
    • OpenSearch Dashboards v1.2.0 (replaces Kibana).
    • WebLogic Kubernetes Operator v3.3.7.

Fixes:

  • Fixed Keycloak issue creating incorrect verrazzano-monitors group on installation.
  • Fixed Verrazzano failing to uninstall in a private registry configuration due to a missing Rancher image.
  • Fixed Rancher installation when tls-ca-additional secret is not present.
  • Fixed OpenSearch parsing errors of trait field.
  • Fixed Custom CA certificates support.
  • Fixed issue requeuing unsupported traits in the Verrazzano Application Operator, and updated the OAM Operator.
  • Aligned Helidon workload service port names with Istio conventions to avoid protocol defaulting to TCP in all cases.
  • Added ability to set a DestinationRule with HTTP Cookie for session affinity.

Known Issues:

  • Importing a Kubernetes v1.21 cluster into Rancher might not work properly. Rancher does not currently support Kubernetes v1.21.

v1.1.2

Fixes:

  • Fixed installation to create verrazzano-monitors group correctly.
  • Fixed installation to enable network access to Prometheus for Kiali.
  • Updated Spring Boot example image to address CVEs.
  • Updated Kibana image to address CVEs.
  • Updated Elasticsearch image to address CVEs.
  • Fixed Verrazzano failing to install when specifying a custom CA certificate.
  • Updated Keycloak image to address CVEs.
  • Fixed Verrazzano failing to install when the spec.components.certManager.certificate.acme.environment field was set to production in the Verrazzano CR.
  • Added support for using private DNS and instance principals with Oracle Cloud Infrastructure DNS.
  • Fixed Verrazzano failing to uninstall in a private registry configuration due to a missing Rancher image.
  • Updated Verrazzano to use the Rancher v2.5.9 Helm chart.

Known Issues:

  • Importing a Kubernetes v1.21 cluster into Rancher might not work properly. Rancher does not currently support Kubernetes v1.21.

v1.1.1

Fixes:

  • Elasticsearch and Keycloak images were updated to address CVEs.
  • Updated WebLogic Kubernetes Operator version to 3.3.7.
  • Minor bug fixes including updating Elasticsearch logging to avoid type collisions.
  • Improved cluster-dump behavior when capturing logs.
  • Rancher namespace is now created by default.

Known Issues:

  • Importing a Kubernetes v1.21 cluster into Rancher might not work properly. Rancher does not currently support Kubernetes v1.21.

v1.1.0

Fixes:

  • Added support for Kiali.
  • Simplified the placement of multicluster resources.
  • Improved the performance of installing Verrazzano.
  • Added support for external Elasticsearch.
  • Improvements to system functions, including the authenticating proxy.
  • Added support in the LoggingTrait to customize application logging.
  • Fixed ability to register a managed cluster with Rancher when configured to use LetsEncrypt staging certificates.
  • Fixed Elasticsearch status yellow due to unassigned shards.
  • Added support for Kubernetes 1.21, dropped support of Kubernetes 1.18.
  • Updated several installed and supported Software Versions.

Known Issues:

  • Importing a Kubernetes v1.21 cluster into Rancher might not work properly. Rancher does not currently support Kubernetes v1.21.

v1.0.4

Fixes:

  • Elasticsearch and Spring Boot images were updated to consume log4j 2.16, to address CVE-2021-44228/CVE-2021-45046.
  • Keycloak image was updated to address vulnerabilities.
  • Minor bug fixes including fixes for capitalization in user-visible messages.

v1.0.3

Fixes:

  • Fix to use load balancer service external IP address for application ingress when using an external load balancer and wildcard DNS.
  • Fixed scraping of Prometheus metrics for WebLogic workloads on managed clusters.
  • Rebuilt several component images to address known issues.
  • Updated to the following versions:
    • Grafana 6.7.4.
    • WebLogic Kubernetes Operator 3.3.3.

v1.0.2

Fixes:

  • Updated CoreDNS to version 1.6.2-1.
  • Updated Keycloak to version 10.0.2.
  • Updated WebLogic Kubernetes Operator to version 3.3.2.
  • Updated Oracle Linux image to version 7.9.
  • Rebuilt several component images to address known issues.
  • Fixes/improvements for the analysis tool, including support for diagnosing load balancer limit reached issues.
  • Fixes/improvements for the install/upgrade process, including:
    • Install/upgrade jobs now run in the verrazzano-install namespace.
    • Added Rancher registration status to the VerrazzanoManagedCluster status.
    • Updated OKE troubleshooting URL in installation log.
    • Fixed ExternalIP handling during Istio install.
  • Fixed Elasticsearch status yellow due to unassigned_shards.
  • Webhook now disallows multicluster resources that are not in a VerrazzanoProject namespace.

v1.0.1

Fixes:

  • Updated to the following versions:
    • WebLogic Kubernetes Operator v3.3.0.
    • Coherence Operator v3.2.1.
    • In the Analysis Tool, kubectl v1.20.6-2.
  • Ensured ConfigMaps are deleted during uninstall.
  • Fixed logging pattern match issue for OKE Kubernetes v1.20.8 clusters.
  • Fixed multicluster log collection for Verrazzano installations using LetsEncrypt certificates.
  • Fixed console UI display bugs for multicluster applications.
  • Fixed a bug where API keys generated by the Oracle Cloud Infrastructure Console were not working correctly.

v1.0.0

Features: Updated to Rancher v2.5.9.

v0.17.0

Features:

  • Allow Verrazzano Monitoring Instance (VMI) replicas and memory sizes to be changed during installation for both dev and prod profiles.
  • When installing Verrazzano on OKE, the OKE-specific Fluentd extraVolumeMounts configuration is no longer required.
  • Updated to WebLogic Kubernetes Operator v3.2.5.

Fixes:

  • During uninstall, delete application resources only from namespaces which are managed by Verrazzano.
  • During upgrade, honor the APP_OPERATOR_IMAGE override.
  • Fixed Keycloak installation failure when Prometheus is disabled.
  • Allow empty values for Helm overrides in config.json.

v0.16.0

Features:

  • Provided options to configure log volume/mount of the log collector, Fluentd, and pre-configured profiles.
  • Automatically enabled metrics and log capture for WebLogic domains deployed in Verrazzano.
  • Added security-related data/project YAML files to the Verrazzano Console, under project details.
  • Updated to WebLogic Kubernetes Operator v3.2.4.

Fixes:

  • Added a fix for default metrics traits not always being injected into the appconfig.
  • Updated the timestamp in WebLogic application logs so that the time filter can be used in Kibana.
  • Corrected the incorrect podSelector in the node exporter network policy.
  • Fixed the DNS resolution issue due to the missing cluster section of the coredns configmap.
  • Stability improvements for the platform, tests, and examples.
  • Renamed the Elasticsearch fields in a multicluster registration secret to be consistent.

v0.15.1

Features:

  • Allow customization of Elasticsearch node sizes and topology during installation.
  • If runtimeEncryptionSecret, specified in the WebLogic domain spec, does not already exist, then create it.
  • Support overrides of persistent storage configuration for Elasticsearch, Kibana, Prometheus, Grafana, and Keycloak.

Known Issues:

  • After upgrade to 0.15.1, for Verrazzano Custom Resource installed on Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), the Fluentd DaemonSet in the verrazzano-system namespace cannot access logs. Run following command to patch the Fluentd DaemonSet and correct the issue:
    kubectl patch -n verrazzano-system ds fluentd --patch '{"spec":{"template":{"spec":{"containers":[{"name": "fluentd","volumeMounts":[{"mountPath":"/u01/data/","name":"extravol0","readOnly":true}]}],"volumes":[{"hostPath":{"path":"/u01/data/","type":""},"name":"extravol0"}]}}}}'
    

v0.15.0

Features:

  • Support for private container registries.
  • Secured communication between Verrazzano resources using Istio.
  • Updated to the following versions:
    • cert-manager v1.2.0.
    • Coherence Operator v3.1.5.
    • WebLogic Kubernetes Operator v3.2.3.
    • Node Exporter v1.0.0.
    • NGINX Ingress Controller v0.46.
    • Fluentd v1.12.3.
  • Added network policies for Istio.

Fixes:

  • Stability improvements for the platform, tests, and examples.
  • Several fixes for scraping Prometheus metrics.
  • Several fixes for logging and Elasticsearch.
  • Replaced keycloak.json with dynamic realm creation.
  • Removed the LoggingScope CRD from the Verrazzano API.
  • Fixed issues related to multicluster resources being orphaned.

v0.14.0

Features:

  • Multicluster support for Verrazzano. Now you can:
    • Register participating clusters as VerrazzanoManagedClusters.
    • Deploy MutiClusterComponents and MultiClusterApplicationConfigurations.
    • Organize multicluster namespaces as VerrazzanoProjects.
    • Access MultiCluster Components and ApplicationConfigurations in the Verrazzano Console UI.
  • Changed default wildcard DNS from xip.io to nip.io.
  • Support for OKE clusters with private endpoints.
  • Support for network policies. Now you can:
    • Add ingress-NGINX network policies.
    • Add Rancher network policies.
    • Add NetworkPolicy support to Verrazzano projects.
    • Add network policies for Keycloak.
    • Add platform operator network policies.
    • Add network policies for Elasticsearch and Kibana.
    • Set network policies for Verrazzano operators, Console, and API proxy.
    • Add network policies for WebLogic Kubernetes Operator.
  • Changes to allow magic DNS provider to be specified (xip.io, nip.io, sslip.io).
  • Support service setup for multiple containers.
  • Enabled use of self-signed certs with Oracle Cloud Infrastructure DNS.
  • Support for setting DeploymentStrategy for VerrazzanoHelidonWorkload.

Fixes:

  • Several stability improvements for the platform, tests, and examples.
  • Added retries around lookup of Rancher admin user.
  • Granted specific privileges instead of ALL for Keycloak user in MySQL.
  • Disabled the installation of the Verrazzano Console UI on managed clusters.

v0.13.0

Features:

  • IngressTrait support for explicit destination host and port.
  • Experimental cluster diagnostic tooling.
  • Grafana dashboards for VerrazzanoHelidonWorkload.
  • Now you can update application Fluentd sidecar images following a Verrazzano update.
  • Documented Verrazzano specific OAM workload resources.
  • Documented Verrazzano hardware requirements and installed software versions.

Fixes:

  • VerrazzanoWebLogicWorkload and VerrazzanoCoherenceWorkload resources now handle updates.
  • Now VerrazzanoHelidonWorkload supports the use of the ManualScalarTrait.
  • Now you can delete a Namespace containing an ApplicationConfiguration resource.
  • Fixed frequent restarts of Prometheus during application deployment.
  • Made verrazzano-application-operator logging more useful and use structured logging.
  • Fixed Verrazzano uninstall issues.

v0.12.0

Features:

  • Observability stack now uses Keycloak SSO for authentication.
  • Istio sidecars now automatically injected when namespaces labeled istio-injection=enabled.
  • Support for Helidon applications now defined using VerrazzanoHelidonWorkload type.

Fixes:

  • Fixed issues where logs were not captured from all containers in workloads with multiple containers.
  • Fixed issue where some resources were not cleaned up during uninstall.

v0.11.0

Features:

  • OAM applications are optionally deployed into an Istio service mesh.
  • Incremental improvements to user-facing roles.

Fixes:

  • Fixed issue with logging when an application has multiple workload types.
  • Fixed metrics configuration in Spring Boot example application.

v0.10.0

Breaking Changes:

  • Model/binding files removed; now application deployment done exclusively by using Open Application Model (OAM).
  • Syntax changes for WebLogic and Coherence OAM workloads, now defined using VerrazzanoCoherenceWorkload and VerrazzanoWebLogicWorkload types.

Features:

  • By default, application endpoints now use HTTPs - when using magic DNS, certificates are issued by cluster issuer, when using Oracle Cloud Infrastructure DNS certificates are issued using Let’s Encrypt, or the end user can provide certificates.
  • Updated to Coherence Operator v3.1.3.
  • Updates for running Verrazzano on Kubernetes 1.19 and 1.20.
  • RBAC roles and role bindings created at installation.
  • Added instance information to status of Verrazzano custom resource; can be used to obtain instance URLs.
  • Updated to Istio v1.7.3.

Fixes:

  • Reduced log level of Elasticsearch; excessive logging could have resulted in filling up disks.

v0.9.0

  • Features:
    • Added platform support for installing Verrazzano on kind clusters.
    • Log records are indexed from the OAM appconfig and component definitions using the following pattern: namespace-appconfig-component.
    • All system and curated components are now patchable.
    • More updates to Open Application Model (OAM) support.

To enable OAM, when you install Verrazzano, specify the following in the Kubernetes manifest file for the Verrazzano custom resource:

spec:
  oam:
    enabled: true

v0.8.0

  • Features:
    • Support for two installation profiles, development (dev) and production (prod). The production profile, which is the default, provides a 3-node Elasticsearch and persistent storage for the Verrazzano Monitoring Instance (VMI). The development profile provides a single node Elasticsearch and no persistent storage for the VMI.
    • The default behavior has been changed to use the system VMI for all monitoring (applications and Verrazzano components). It is still possible to customize one of the profiles to enable the original, non-shared VMI mode.
    • Initial support for the Open Application Model (OAM).
  • Fixes:
    • Updated to Axios NPM package v0.21.1 to resolve a security vulnerability in the examples code.

v.0.7.0

  • Features:

    • Ability to upgrade an existing Verrazzano installation.
    • Added the Verrazzano Console.
    • Enhanced the structure of the Verrazzano custom resource to allow more configurability.
    • Streamlined the secret usage for Oracle Cloud Infrastructure DNS installations.
  • Fixes:

    • Fixed bug where the Verrazzano CR Certificate.CA fields were being ignored.
    • Removed secret used for hello-world; hello-world-application image is now public in ghcr so ImagePullSecrets is no longer needed.
    • Fixed issue #339 (PRs #208 & #210.)

v0.6.0

  • Features:
    • In-cluster installer which replaces client-side installation scripts.
    • Added installation profiles; in this release, there are two: production and development.
    • Verrazzano system components now emit JSON structured logs.
  • Fixes:
    • Updated Elasticsearch and Kibana versions (elasticsearch:7.6.1-20201130145440-5c76ab1) and (kibana:7.6.1-20201130145840-7717e73).