v1.8.0

[v1.8.0] - 2024-01-04

K3S HA deployment and SSO support.

Release Scope:

• K3S HA deployment.

  • 3 masters with embedded etcd database using HA proxy as Kubernetes API load balancer.
  • Ansible code update for supporting K3s single-node and HA deployments.

• Single sign-on (SSO) solution

  • Identity Access Management solution based on Keycloak
  • OAuth2.0 Proxy deployment for securing applications not using any authentication mechanism.
  • Ingress NGINX integration with OAuth2-Proxy
  • Grafana SSO configuration. Integration with Keycloak.

• Ingress Controller migration.

  • Ingress NGINX deployment. Traefik ingress controller deprecation.
  • ArgoCD packaged applications update to use standard Ingress resources implemented by NGINX.

• Kafka service

  • Use of Strimzi Operator to streamline the deployment of Kafka cluster
  • Integrate Kafka Schema Registry, based on Confluent Schema Registry
  • Use of Kafka GUI, Kafdrop

What's Changed

• Pxe server by @ricsanfre in #133
• Increasing minio number of replicas by @ricsanfre in #135
• Configuring K3S HA by @ricsanfre in #136
• Fixing #137. Adding affinity rule to minio multi node deployment by @ricsanfre in #138
• Ingress NGINX deployment and Traefik migration by @ricsanfre in #140
• Velero patch by @ricsanfre in #141
• typo fix by @quoing in #143
• Kafka deployment by @ricsanfre in #144
• Configure Renovate by @renovate in #145
• Update Helm release metallb to v0.13.11 by @renovate in #147
• Update Helm release external-secrets to v0.9.5 by @renovate in #146
• Update Helm release cert-manager to v1.13.1 by @renovate in #156
• Update Helm release trust-manager to v0.6.0 by @renovate in #172
• Update Helm release linkerd-crds to v1.8.0 by @renovate in #163
• Update Helm release linkerd-control-plane to v1.16.2 by @renovate in #162
• Update Helm release linkerd-viz to v30.12.2 by @renovate in #165
• Update Helm release linkerd-jaeger to v30.12.2 by @renovate in #164
• Update Helm release argo-cd to v5.46.7 by @renovate in #155
• Update Helm release ingress-nginx to v4.8.1 by @renovate in #160
• Update Helm release minio to v5.0.14 by @renovate in #149
• Update Helm release prometheus-elasticsearch-exporter to v5.3.1 by @renovate in #168
• Update Helm release eck-operator to v2.9.0 by @renovate in #157
• Doc: kibana manifest typo and loki architecture image broken link fix by @ricsanfre in #195
• Update schema-registry Docker tag to v15 by @renovate in #193
• Upgrade to longhorn 1.5.1 by @ricsanfre in #196
• Update Helm release strimzi-kafka-operator to v0.37.0 by @renovate in #169
• Update Helm release fluent-bit to v0.39.0 by @renovate in #158
• Update Helm release loki to v5.27.0 by @renovate in #166
• Update Helm release tempo-distributed to v1.6.10 by @renovate in #170
• Update Helm release kube-prometheus-stack to v47.6.1 by @renovate in #161
• Update Helm release fluentd to v0.4.4 by @renovate in #159
• Update Helm release kube-prometheus-stack to v51 by @renovate in #182
• Update actions/checkout action to v4 by @renovate in #185
• Update actions/setup-python action to v4 by @renovate in #186
• Update Helm release velero to v4.4.1 by @renovate in #173
• Updating Velero to v1.12 by @ricsanfre in #202
• Update Helm release argo-cd to v5.46.8 by @renovate in #197
• Update Helm release ingress-nginx to v4.8.2 by @renovate in #198
• Update Helm release loki to v5.29.0 by @renovate in #201
• Update Helm release kube-prometheus-stack to v51.6.1 by @renovate in #200
• Update Helm release ingress-nginx to v4.8.3 by @renovate in #215
• Update Helm release metallb to v0.13.12 by @renovate in #207
• Update Helm release trust-manager to v0.7.0 by @renovate in #211
• Update Helm release argo-cd to v5.51.2 by @renovate in #213
• Update Helm release longhorn to v1.5.3 by @renovate in #214
• Update Helm release eck-operator to v2.10.0 by @renovate in #220
• Update Helm release loki to v5.36.3 by @renovate in #203
• Update Helm release strimzi-kafka-operator to v0.38.0 by @renovate in #227
• Update Helm release linkerd-control-plane to v1.16.6 by @renovate in #217
• Update Helm release linkerd-viz to v30.12.6 by @renovate in #219
• Update Helm release linkerd-jaeger to v30.12.6 by @renovate in #218
• Update Helm release kube-prometheus-stack to v51.10.0 by @renovate in #205
• Update Helm release loki to v5.38.0 by @renovate in #229
• Update Helm release fluent-bit to v0.40.0 by @renovate in #221
• Update schema-registry Docker tag to v15.1.0 by @renovate in #199
• Update Helm release argo-cd to v5.51.4 by @renovate in #231
• Update schema-registry Docker tag to v16 by @renovate in #228
• Update Helm release fluentd to v0.5.0 by @renovate in #210
• Update Helm release tempo-distributed to v1.7.1 by @renovate in #230
• Update Helm release velero to v5.1.4 by @renovate in #224
• Update velero/velero-plugin-for-csi Docker tag to v0.6.2 by @renovate in #226
• Update velero/velero-plugin-for-aws Docker tag to v1.8.2 - autoclosed by @renovate in #225
• Adding SSO support by @ricsanfre in #254

New Contributors

• @quoing made their first contribution in #143
• @renovate made their first contribution in #145

Full Changelog: v1.7.0...v1.8.0

v1.7.0

[v1.7.0] - 2023-06-24

Hybrid x86/ARM kubernetes cluster support (x86 and ARM cluster nodes can be used within the same Pi-Cluster).

Release Scope:

• Hybrid x86/ARM kubernetes cluster support.

  • Combine Raspberry PI 4B nodes and x86 mini PCS (HP Elitedesk 800 G3) in the same cluster.
  • Ansible code update for supporting configuration of Raspberry PI nodes and x86 nodes.

• Ubuntu OS installation automation

  • Automate process of creating boot USB disk for Raspberry PI nodes.
  • x86 nodes autoinstallation using PXE

• Node's Operating System upgrade from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS.

  • Node's installation/configuration documentation update.
  • Ansible OS configuration tasks updated to fit the new OS release.

• K3s automated upgrade

  • Deploy Rancher's system-upgrade-controller app. This controller uses a [custom resource definition (CRD)], plan, to schedule upgrades based on the configured plans.
  • ArgoCD packaged application created to deploy system-upgrade-controller app and to generate upgrade plans.

• Logging solution enhancements

  • ES/Kibana upgrade to release 8.6
  • ElasticSearch's ILM policies (data retention policies) and Index templates (data model) configuration for Fluentd logs.
  • Fluentd dynamic indices creation and configuration.
  • Elasticsearch roles and users definition. File Auth Realm configured through ECK. Different roles and users created (fluentd, prometheus-elasticsearch-exporter)

• Automation enhancements

  • New Ansible-runtime environment in a docker container, ansible-runner containing all ansible packages and its dependencies. Isolating ansible run-time environment from local server.

What's Changed

• Upgrading longhorn to 1.4.0 (and CSI external snapshot controller) by @ricsanfre in #100
• Automating K3s upgrade by @ricsanfre in #101
• Patch k3s upgrade by @ricsanfre in #102
• Ansible control node encapsulated in a Docker container (ansible-runner) by @ricsanfre in #103
• Migrate external services (S3 backup/Vault) outside cluster and deploy Minio cluster service for Loki/Tempo by @ricsanfre in #104
• Rolling back vault migration by @ricsanfre in #105
• Migrate picluster website comments platform to giscus by @ricsanfre in #115
• Enabling elaticsearch ILM and Index Templates by @ricsanfre in #119
• Patch fix #122 by @ricsanfre in #123
• Adding support for hybrid cluster (x86 nodes and RaspberryPI) by @ricsanfre in #124
• Using vault secret for elastic user by @r1cebank in #125
• Upgrade to Ubuntu 22.04 LTS by @ricsanfre in #130

Full Changelog: v1.6.0...v1.7.0

v1.6.0

[v1.6.0] - 2023-01-29

Apply GitOps methodology using ArgoCD to deploy and manage Kubernetes Applications, integrate Hashicorp Vault secret management solution and transform monitoring platform into observability platform (logs, traces and metrics monitoring).

Release Scope:

• GitOps methodology

  • Argo CD deployment
  • New packaged Kubernetes applications (helm charts and manifest files) to be deployed using ArgoCD
  • Automate cluster bootstraping with ArgoCD using Ansible
  • Ansible playbooks/roles/vars refactoring

• Integrate Secrets Management solution

  • Hashicorp Vault deployment
  • Kuberentes authorization mechanism integration
  • External Secrets Operator deployment

• Observability platform

  • Grafana Loki and Grafana Tempo deployment
  • Grafana as cluster operations single pane of glass
  • Fluentbit/Fluentd configuration to distribute logs to ES and Loki
  • Linkerd distributed tracing integration
  • Traefik tracing integration and automatic correlation with access logs

• Automation enhancements

  • Integration of Ansible vault and GPG to automate the encrypt/decrypt process
  • Automatic generation of credentials and load in Vault
  • Add Makefile

What's Changed

• Fix #65: Move from Monitoring Platform to Observability Platform
• Fix #87: Moving from Ansible to GitOps when deploying Kubernetes applications (ArgoCD)
• Fix #90: Ansible vault integrated with GPG
• Fix #91: Add Hashicorp Vault as Secret Management solution

What's Changed

• Patch/namespaces by @ricsanfre in #81
• Feature/loki by @ricsanfre in #84
• Feature/tempo by @ricsanfre in #88
• Moving linkerd tracing configuration to service-mesh page by @ricsanfre in #89
• Feature/Argocd by @ricsanfre in #98

Full Changelog: v1.5.0...v1.6.0

v1.5.0

[v1.5.0] - 2022-10-12

Upgrade backup service adding Kubernetes CSI Snapshot feature, Prometheus memory optimization removing K3S duplicate metrics, enabling Let's Encrypt TLS certificates, and upgrading Linkerd to release 2.12.

Release Scope:

• Use of Let's Encrypt TLS certificates
  • Certmanager configuration of Let's Encrypt support. ACME DNS01 challenge provider
  • Certbot deployment
  • IONOS DNS provider integration
• Upgrade backup service adding CSI Snapshot support
  • Enable Kubernetes CSI Snapshot feature, installing external snapshot controller.
  • Configure Longhorn CSI Snapshots support
  • Configure Velero CSI Snapshot support
• Prometheus memory footprint optimization
  • Removing of duplicate metrics coming from K3S endpoints.
• Upgrade Linkerd to version 2.12
• Ansible Playbooks improvements
  • Encrypt passwords and keys used in playbooks with Ansible Vault
  • Automatic provision of Prometheus Rules from yaml files.

What's Changed

• Fix #16: Cert-manager: Add Let's Encrypt as SSL certificate provider
• Fix #31: Backup: Adding CSI Snapshot support
• FIx #60: Improve Prometheus documentation including details about what is deployed with kube-prometheus-stack
• Fix #63: Memory footprint optimization
• Fix #66: Upgrade to latest version of Ansible role ricsanfre.backup
• Fix #67: K3S emitting duplicated metrics in all endpoints (Api server, kubelet, kube-proxy, kube-scheduler, etc)
• Fix #69: Prometheus Rules: Provision automatically of Prometheus rules from yaml files
• Fix #70: Linkerd: Upgrade to 2.12 release
• Fix #71: Configure Prometheus, Grafana, AlertManager to run behind Traefik HTTP Proxy using a subpath
• Fix #77: Ansible: Encrypt passwords and keys used in playbooks with Ansible Vault

Full Changelog: v1.4.0...v1.5.0

v1.4.0

[v1.4.0] - 2022-08-04

Re-architecting logging solution and configure Kubernetes' graceful node shutdown.

Release Scope:

• Logging solution (EFK) enhancements
  • Upgrade Elasticsearch and Kibana to v8.1
  • Logging collection and distribution architecture based on fluentd/fluentbit re-architected
  • Prometheus integration: Adding Elasticsearch and Fluentbit/Fluentd metrics
  • Logging parsing enhancements and log fields standardization
• Configure Kubernetes' graceful node shutdown feature
• Monitor external nodes (gateway) in Prometheues using fluent-bit agent.
• Upgrade software components to latest stable version

What's Changed

• Fix #51. EFK: Add logs aggregation layer based on fluentd
• Fix #52. Prometheus: Adding Elasticsearch and Fluentbit metrics
• Fix #53. Configure Kubernetes's graceful node shutdown feature
• Fix #54. Error deploying Metal LB version 0.13
• Fix #55. Error with deprecated arguments when installing new K3s release (v1.24.3+k3s1)
• Fix #56. Collect gateway node metrics using new v1.8 fluentbit 's metrics built-in plugins
• Fix #57. Fluentbit: Processing multiline/stack trace log messages (java, python, go, .)
• Fix #58 Fluentbit Kubernetes Merge_Log results in conflicting field types and rejection by elasticsearch

Full Changelog: v1.3.0...v1.4.0

v1.3.0

[v1.3.0] - 2022-04-05

Adding service mesh architecture to kubernetes cluster

Release Scope:

• Deployment of Linkerd service mesh architecture
• Linkerd integration with Cert-manager for automatically generate Linkerd trust anchor and rotate Linkerd identity issuer certificate and private keys.
• Meshing cluster services with Linkerd.
• Disabling Elasticsearch TLS default configuration. Secure communications provided by Linkerd.
• Update documentation.

What's Changed

• Feature/linkerd by @ricsanfre in #48
• Fix #44: Add secure access to Kibana
• Fix #42: Make configurable Elasticsearh and Kibana release to be deployed with ECK
• Fix #45: Disable Elasticsearch TLS default configuration

Full Changelog: v1.2.0...v1.3.0

v1.2.0

[v1.2.0] - 2022-02-03

New website (picluster.ricsanfre.com) and improvements in logging and monitoring solution

Release Scope:

• New feature: website (picluster.ricsanfre.com) from documentation using Jekyll and GitHub pages
• Fluentbit as unique logs collector solution (Fluentbit replacing Fluentd within the cluster)
• Adding Velero and Minio Metrics to Prometheus
• Activating Traefik's access logs and integrate them into EFK

What's Changed

• Fix #30: Static IP address for external services (Elasticsearch and Traefik Ingress) by @ricsanfre in #33
• Prometheus: Velero and Minio integration by @ricsanfre in #35
• Feature/fluentbit by @ricsanfre in #36
• Adding project website and reorganizing repository by @ricsanfre in #39
• Fix/patch-1 by @ricsanfre in #41

Full Changelog: v1.1.0...v1.2.0

v1.1.0

[v1.1.0] - 2021-12-31

New cluster hardware and adding backup solution

Release Scope:

• New cluster hardware. Supporting two different cluster storage architectures (centralized SAN and dedicated disks)
• Cluster backup solution based on Minio S3 server, Velero and Restic
• Ansible playbooks refactoring
• Traefik and Longhorn metrics integrated into Prometheus

What's Changed

• Adding support to two different cluster storage architectures (dedicated disks and SAN iSCSI disks) by @ricsanfre in #13
• Configuring Traefik and Longhorn monitoring in Prometheus by @ricsanfre in #19
• Ansible playbook refactoring and bugs fixing by @ricsanfre in #23
• Ansible playbooks refactoring for solving ansible-lint issues by @ricsanfre in #24
• Adding cluster backup capability by @ricsanfre in #27

Full Changelog: v1.0.0...v1.1.0

v1.0.0

[v1.0.0] - 2021-11-18

pi-cluster initial complete release.

Release Scope:

• Kuberentes K3S deployment on Raspeberry-PI 4 based nodes
• Centralized Storage Architecture using iSCSI SAN server.
• Configuration of basic Kubernetes services
  • Traefik as Ingress Controller
  • Metallb as Load Balancer
  • CertManager as SSL certificates manager
  • Longhorn as distributed storage solution
  • EFK as centralized logging solution
  • Prometheus as monitoring solution
• Automation through cloud-init and Ansible
  • Cloud-init configuration files for initial setup of the cluster nodes
  • Ansible playbooks and roles for automatically configure OS, install K3S and install basic services
• Documentation of the installation and configuration process