Virtuozzo Hybrid Infrastructure 5.3 (5.3.0-130)¶
Issue date: 2022-11-08
Applies to: Virtuozzo Hybrid Infrastructure 5.3
Virtuozzo Advisory ID: VZA-2022-031
1. Overview¶
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover Kubernetes as a Service, storage performance, security, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous releases.
2. New Features¶
[Compute service] Kubernetes advanced mode. Added support for Kubernetes cluster autoscaling, integrated monitoring, and ability to specify labels to manage Kubernetes features. Autoscaling allows you to automatically scale Kubernetes worker groups up and down, depending on a cluster load. By using labels, you can, for example, disable SELinux for a new Kubernetes cluster.
[Compute service] Creating Kubernetes clusters under a service user. Starting from this version, Kubernetes clusters will be created by using a special service user. This means that any project user will be able to manage all Kubernetes clusters within the assigned project.
[Compute service] Support for a clean installation of Kubernetes version 1.24. The new version can be used to create Kubernetes clusters.
[Compute service] Configurable scheduling of virtual machines. Extended the scheduler parameters that are available for configuration, thus enabling a more granular control over compute workload distribution. Now, you can choose between at least two distribution modes for virtual machines: to spread them evenly across all compute nodes or to consolidate them on nodes as much as possible.
[Compute service] OpenStack Xena. Starting from this release, the compute services are rebased to the OpenStack Xena version.
[Core storage] NVMe and SSD performance boost with replication data redundancy. By configuring multiple chunk servers per NVMe and SSD storage drive, you can improve storage performance and scaling to a high number of clients. The performance increase is only possible when using redundancy by replication.
[Object storage] Support for the UploadPartCopy S3 API action. Added the possibility to upload parts by copying data from an existing object as a data source.
[Monitoring and alerts] Grafana dashboards for the compute services. The new dashboards show the state of the compute services and compute resource allocation, namely vCPUs, RAM, storage policies, and floating IP addresses, for all projects or filtered per domain/project.
[Security] Improved security for backup and object storage. The backup and object storage services now work under restricted accounts that have access only to service data, configuration files, and logs.
[Security] Disabled vulnerable TLS protocol versions. Connections to the admin and self-service panels, as well as other services with the API, can only be established with TLS protocol versions 1.2 and 1.3. Using versions 1.0 and 1.1 is no longer available.
[User interface] Management of locked users. In the command-line interface, it is now possible to list and manage user accounts that have been locked after a number of successive failed login attempts.
3. Important Notes¶
Starting from the next major release, Virtuozzo Hybrid Infrastructure will run on Linux kernel 5.x. To be able to update your cluster without service downtime, your hardware must be supported. Virtuozzo Hybrid Infrastructure with the new kernel works on the same hardware that is recommended for Red Hat Enterprise Linux. Ensure that the hardware you are using or going to use has the required certification for Red Hat Enterprise Linux 9.
Windows 7 as a guest operating system will be deprecated in future releases.
Disk auto replacement is not supported for NVMe and SSD devices with multiple chunk services.
During the update, you may receive false-positive alerts. Please wait until the update installation is complete, as the raised alerts will be cleared automatically.
Do not perform any cluster configuration tasks in the admin panel or command-line interface during the update, as this will lead to an update failure and cluster downtime.
4. Bug Fixes¶
The Kubernetes service is not restarted if its Podman container is active. (VSTOR-50283)
The redundancy mode of the default storage policy is set incorrectly. (VSTOR-51023)
A Kubernetes cluster stops working after switching to a service user. (VSTOR-52250)
An S3 bucket size is set incorrectly after a successful upload. (VSTOR-54208)
Space per service is reported incorrectly. (VSTOR-54460)
The self-service panel does not show a newly added node group in Kubernetes cluster properties. (VSTOR-54884)
Changes for the network endpoint are not properly applied. (VSTOR-55574)
Multiple false-positive alerts appear for a network failure. (VSTOR-56169)
The list of images is not loaded in the mobile version of the Safari browser. (VSTOR-56527)
Unable to reach a virtual machine via its public network interface after it was migrated to another node. (VSTOR-57185)
The compute service sets different MTU sizes while creating compute networks. (VSTOR-57190)
When the compute cluster fails to be deployed due to a timeout, it does not have the error state. (VSTOR-57534)
The Kubernetes service goes down if an IP address is missing on a certain node. (VSTOR-57734)
5. Known Issues¶
When the networking service experiences issues connecting to the messaging queue, it leaks memory. (VSTOR-34737)
Prometheus does not show network traffic for the storage interface if RDMA is enabled. (VSTOR-59380)
After detaching a volume, it cannot be attached to another virtual machine because it is still shown in the previous VM configuration. (VSTOR-41107)
An error is not displayed in the self-service panel if the compute cluster does not have enough resources to create a Kubernetes cluster. (VSTOR-43174)
The default storage policy is not selected by default. (VSTOR-45826)
Snapshot creation can take too much time. (VSTOR-48293)
A Kubernetes node group cannot be removed if its volumes are associated with a deleted VM. (VSTOR-49143)
Unable to start a virtual machine when the “VM public” traffic type is removed and re-added to the infrastructure network. (VSTOR-54261)
Unable to change a VM flavor because the volume attachment cannot be found. (VSTOR-55325)
A Kubernetes worker group cannot be resized due to a task timeout. (VSTOR-55353)
A RAM overload occurs due to a huge amount of messages in the messaging queue. (VSTOR-55677)
The uplink for a newly added node loses the gateway entry after a network configuration. (VSTOR-57933)
A connectivity failure occurs due to a missing default gateway after a node deletion. (VSTOR-57978)