Skip to content

2.0.0 - OIDC/IDP integration
Compare
Choose a tag to compare
@JamesClonk JamesClonk released this 02 Aug 16:44
· 24 commits to master since this release
v2.0.0
7dec7d6

Note: This is a major release and contains potential breaking changes. Please backup all your data first before upgrading existing clusters to this version!

  • New feature: All configuration options for the entire project have now been moved into a single file, config.yaml. Please consult the README.md how to properly configure your cluster with it. An example config.example.yaml has been included.

  • New feature: OIDC integration for Kubernetes authentication with the help of Dex

  • New feature: Added Kubernetes cluster scanning with Trivy. Simply run make trivy-scan to scan your cluster.

  • Breaking change: The former configuration files credentials.yaml, kubeone.yaml and terraform/terraform.tfvars and their examples have been removed from the project with the introduction of the new main configuration file. There is now a new make step available to generate these based on the main configuration file: make config. Make sure to copy over all your values, credentials and settings into the main configuration file before running the command, as it will overwrite all these other files!

  • Breaking change: With the introduction of the new main configuration file, config.yaml, the preconfigured default storage profiles for control-plane and worker VMs have been changed. Thus if you run Terraform it will destroy and recreate all these existing VMs, losing their data. If you wish to avoid this and keep your existing VMs unharmed, then you'll have to make sure to configure their storage profiles (control_plane.storage_profile and workers.storage_profile) and modify/hack the Terraform state files to reflect that.

  • Warning: If you upgrade an existing cluster to this version, temporarily add the flag --force-upgrade to the make command kubeone-apply in the Makefile. Otherwise the newly introduced OIDC settings will not be applied to the Kubernetes control-plane and you won't be able to login via OIDC (the default cluster-admin from kubeconfig will still work fine though).

Component updates:

Component New version
longhorn 1.5.1

Components added:

Component New version
dex 0.15.2
oauth2-proxy 6.16.1
Assets 2