Skip to content

Releases: ricsanfre/pi-cluster

v1.8.0

04 Jan 13:48
Compare
Choose a tag to compare

[v1.8.0] - 2024-01-04

K3S HA deployment and SSO support.

Release Scope:

  • K3S HA deployment.

    • 3 masters with embedded etcd database using HA proxy as Kubernetes API load balancer.
    • Ansible code update for supporting K3s single-node and HA deployments.
  • Single sign-on (SSO) solution

    • Identity Access Management solution based on Keycloak
    • OAuth2.0 Proxy deployment for securing applications not using any authentication mechanism.
    • Ingress NGINX integration with OAuth2-Proxy
    • Grafana SSO configuration. Integration with Keycloak.
  • Ingress Controller migration.

    • Ingress NGINX deployment. Traefik ingress controller deprecation.
    • ArgoCD packaged applications update to use standard Ingress resources implemented by NGINX.
  • Kafka service

    • Use of Strimzi Operator to streamline the deployment of Kafka cluster
    • Integrate Kafka Schema Registry, based on Confluent Schema Registry
    • Use of Kafka GUI, Kafdrop

What's Changed

New Contributors

Full Changelog: v1.7.0...v1.8.0

v1.7.0

24 Jun 14:15
Compare
Choose a tag to compare

[v1.7.0] - 2023-06-24

Hybrid x86/ARM kubernetes cluster support (x86 and ARM cluster nodes can be used within the same Pi-Cluster).

Release Scope:

  • Hybrid x86/ARM kubernetes cluster support.

    • Combine Raspberry PI 4B nodes and x86 mini PCS (HP Elitedesk 800 G3) in the same cluster.
    • Ansible code update for supporting configuration of Raspberry PI nodes and x86 nodes.
  • Ubuntu OS installation automation

    • Automate process of creating boot USB disk for Raspberry PI nodes.
    • x86 nodes autoinstallation using PXE
  • Node's Operating System upgrade from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS.

    • Node's installation/configuration documentation update.
    • Ansible OS configuration tasks updated to fit the new OS release.
  • K3s automated upgrade

    • Deploy Rancher's system-upgrade-controller app. This controller uses a [custom resource definition (CRD)], plan, to schedule upgrades based on the configured plans.
    • ArgoCD packaged application created to deploy system-upgrade-controller app and to generate upgrade plans.
  • Logging solution enhancements

    • ES/Kibana upgrade to release 8.6
    • ElasticSearch's ILM policies (data retention policies) and Index templates (data model) configuration for Fluentd logs.
    • Fluentd dynamic indices creation and configuration.
    • Elasticsearch roles and users definition. File Auth Realm configured through ECK. Different roles and users created (fluentd, prometheus-elasticsearch-exporter)
  • Automation enhancements

    • New Ansible-runtime environment in a docker container, ansible-runner containing all ansible packages and its dependencies. Isolating ansible run-time environment from local server.

What's Changed

Full Changelog: v1.6.0...v1.7.0

v1.6.0

29 Jan 11:40
ff2c414
Compare
Choose a tag to compare

[v1.6.0] - 2023-01-29

Apply GitOps methodology using ArgoCD to deploy and manage Kubernetes Applications, integrate Hashicorp Vault secret management solution and transform monitoring platform into observability platform (logs, traces and metrics monitoring).

Release Scope:

  • GitOps methodology

    • Argo CD deployment
    • New packaged Kubernetes applications (helm charts and manifest files) to be deployed using ArgoCD
    • Automate cluster bootstraping with ArgoCD using Ansible
    • Ansible playbooks/roles/vars refactoring
  • Integrate Secrets Management solution

    • Hashicorp Vault deployment
    • Kuberentes authorization mechanism integration
    • External Secrets Operator deployment
  • Observability platform

    • Grafana Loki and Grafana Tempo deployment
    • Grafana as cluster operations single pane of glass
    • Fluentbit/Fluentd configuration to distribute logs to ES and Loki
    • Linkerd distributed tracing integration
    • Traefik tracing integration and automatic correlation with access logs
  • Automation enhancements

    • Integration of Ansible vault and GPG to automate the encrypt/decrypt process
    • Automatic generation of credentials and load in Vault
    • Add Makefile

What's Changed

  • Fix #65: Move from Monitoring Platform to Observability Platform
  • Fix #87: Moving from Ansible to GitOps when deploying Kubernetes applications (ArgoCD)
  • Fix #90: Ansible vault integrated with GPG
  • Fix #91: Add Hashicorp Vault as Secret Management solution

What's Changed

Full Changelog: v1.5.0...v1.6.0

v1.5.0

12 Oct 16:38
Compare
Choose a tag to compare

[v1.5.0] - 2022-10-12

Upgrade backup service adding Kubernetes CSI Snapshot feature, Prometheus memory optimization removing K3S duplicate metrics, enabling Let's Encrypt TLS certificates, and upgrading Linkerd to release 2.12.

Release Scope:

  • Use of Let's Encrypt TLS certificates
    • Certmanager configuration of Let's Encrypt support. ACME DNS01 challenge provider
    • Certbot deployment
    • IONOS DNS provider integration
  • Upgrade backup service adding CSI Snapshot support
    • Enable Kubernetes CSI Snapshot feature, installing external snapshot controller.
    • Configure Longhorn CSI Snapshots support
    • Configure Velero CSI Snapshot support
  • Prometheus memory footprint optimization
    • Removing of duplicate metrics coming from K3S endpoints.
  • Upgrade Linkerd to version 2.12
  • Ansible Playbooks improvements
    • Encrypt passwords and keys used in playbooks with Ansible Vault
    • Automatic provision of Prometheus Rules from yaml files.

What's Changed

  • Fix #16: Cert-manager: Add Let's Encrypt as SSL certificate provider
  • Fix #31: Backup: Adding CSI Snapshot support
  • FIx #60: Improve Prometheus documentation including details about what is deployed with kube-prometheus-stack
  • Fix #63: Memory footprint optimization
  • Fix #66: Upgrade to latest version of Ansible role ricsanfre.backup
  • Fix #67: K3S emitting duplicated metrics in all endpoints (Api server, kubelet, kube-proxy, kube-scheduler, etc)
  • Fix #69: Prometheus Rules: Provision automatically of Prometheus rules from yaml files
  • Fix #70: Linkerd: Upgrade to 2.12 release
  • Fix #71: Configure Prometheus, Grafana, AlertManager to run behind Traefik HTTP Proxy using a subpath
  • Fix #77: Ansible: Encrypt passwords and keys used in playbooks with Ansible Vault

Full Changelog: v1.4.0...v1.5.0

v1.4.0

04 Aug 09:09
7a9833d
Compare
Choose a tag to compare

[v1.4.0] - 2022-08-04

Re-architecting logging solution and configure Kubernetes' graceful node shutdown.

Release Scope:

  • Logging solution (EFK) enhancements
    • Upgrade Elasticsearch and Kibana to v8.1
    • Logging collection and distribution architecture based on fluentd/fluentbit re-architected
    • Prometheus integration: Adding Elasticsearch and Fluentbit/Fluentd metrics
    • Logging parsing enhancements and log fields standardization
  • Configure Kubernetes' graceful node shutdown feature
  • Monitor external nodes (gateway) in Prometheues using fluent-bit agent.
  • Upgrade software components to latest stable version

What's Changed

  • Fix #51. EFK: Add logs aggregation layer based on fluentd
  • Fix #52. Prometheus: Adding Elasticsearch and Fluentbit metrics
  • Fix #53. Configure Kubernetes's graceful node shutdown feature
  • Fix #54. Error deploying Metal LB version 0.13
  • Fix #55. Error with deprecated arguments when installing new K3s release (v1.24.3+k3s1)
  • Fix #56. Collect gateway node metrics using new v1.8 fluentbit 's metrics built-in plugins
  • Fix #57. Fluentbit: Processing multiline/stack trace log messages (java, python, go, .)
  • Fix #58 Fluentbit Kubernetes Merge_Log results in conflicting field types and rejection by elasticsearch

Full Changelog: v1.3.0...v1.4.0

v1.3.0

05 Apr 15:45
c350a5e
Compare
Choose a tag to compare

[v1.3.0] - 2022-04-05

Adding service mesh architecture to kubernetes cluster

Release Scope:

  • Deployment of Linkerd service mesh architecture
  • Linkerd integration with Cert-manager for automatically generate Linkerd trust anchor and rotate Linkerd identity issuer certificate and private keys.
  • Meshing cluster services with Linkerd.
  • Disabling Elasticsearch TLS default configuration. Secure communications provided by Linkerd.
  • Update documentation.

What's Changed

  • Feature/linkerd by @ricsanfre in #48
  • Fix #44: Add secure access to Kibana
  • Fix #42: Make configurable Elasticsearh and Kibana release to be deployed with ECK
  • Fix #45: Disable Elasticsearch TLS default configuration

Full Changelog: v1.2.0...v1.3.0

v1.2.0

03 Feb 11:16
Compare
Choose a tag to compare

[v1.2.0] - 2022-02-03

New website (picluster.ricsanfre.com) and improvements in logging and monitoring solution

Release Scope:

  • New feature: website (picluster.ricsanfre.com) from documentation using Jekyll and GitHub pages
  • Fluentbit as unique logs collector solution (Fluentbit replacing Fluentd within the cluster)
  • Adding Velero and Minio Metrics to Prometheus
  • Activating Traefik's access logs and integrate them into EFK

What's Changed

Full Changelog: v1.1.0...v1.2.0

v1.1.0

31 Dec 09:18
727eeb4
Compare
Choose a tag to compare

[v1.1.0] - 2021-12-31

New cluster hardware and adding backup solution

Release Scope:

  • New cluster hardware. Supporting two different cluster storage architectures (centralized SAN and dedicated disks)
  • Cluster backup solution based on Minio S3 server, Velero and Restic
  • Ansible playbooks refactoring
  • Traefik and Longhorn metrics integrated into Prometheus

What's Changed

  • Adding support to two different cluster storage architectures (dedicated disks and SAN iSCSI disks) by @ricsanfre in #13
  • Configuring Traefik and Longhorn monitoring in Prometheus by @ricsanfre in #19
  • Ansible playbook refactoring and bugs fixing by @ricsanfre in #23
  • Ansible playbooks refactoring for solving ansible-lint issues by @ricsanfre in #24
  • Adding cluster backup capability by @ricsanfre in #27

Full Changelog: v1.0.0...v1.1.0

v1.0.0

25 Nov 14:19
f2e3e10
Compare
Choose a tag to compare

[v1.0.0] - 2021-11-18

pi-cluster initial complete release.

Release Scope:

  • Kuberentes K3S deployment on Raspeberry-PI 4 based nodes
  • Centralized Storage Architecture using iSCSI SAN server.
  • Configuration of basic Kubernetes services
    • Traefik as Ingress Controller
    • Metallb as Load Balancer
    • CertManager as SSL certificates manager
    • Longhorn as distributed storage solution
    • EFK as centralized logging solution
    • Prometheus as monitoring solution
  • Automation through cloud-init and Ansible
    • Cloud-init configuration files for initial setup of the cluster nodes
    • Ansible playbooks and roles for automatically configure OS, install K3S and install basic services
  • Documentation of the installation and configuration process