Changelog
Cortex-charts version 0.5.6
- Updated bl service dependencies due to CVE-2020-8244
- Metric events are now disabled internally
- Added a readiness probe to the agents service, so that it is now more fault tolerant
- Replication on the Postgres subchart has been disabled by default
- Helm version 3 is now fully supported
- Installation documentation has been improved and updated including adding a "Dependencies Compatibility Matrix"
Cortex-charts version 0.5.5
- Cortex-Charts Docs updates:
- Logging
- OpenShift 4.x installation
- Ingress resources are now fully compatible with Kubernetes 1.16
Breaking Changes
Cortex Fabric is releasing the Beta version of its new web-based Console that integrates Studio, Profiles, Admin Console, and Fabric Docs. Users can try the web versions of Profiles and Studio by logging in to Admin Console or they may continue using the desktop version of Studio: Agent Composer and Profile-of-One. This feature introduces the following breaking change to Cortex-Charts.
If your site-specific helm chart values.yaml
file specifies a value for cortex.domains.api
, it must ONLY contain protocol and subdomain:
cortex: domains: api: https://api
The installation documentation for helm chart versions 0.4.1 and prior instructed the user to specify a FQDN, which is no longer supported.
Note that cortex.domains.api
defaults to https://api
and specification in site-specific values.yaml is not required.
Cortex-charts version 0.5.4
- In this release, all Cortex services have been updated to address CVE vulnerabilities discovered during a routine security scan. If you are updating an existing cluster to this release, please see the note below about steps to take to avoid upgrade issues.
- This release also removes Elasticsearch and Kibana from our packaged components. These now must be installed and configured externally.
ALERT
Note before upgrading: In the 0.5.4 version of the Cortex Fabric helm chart, we have updated all of the subchart components included in the Cortex Fabric bundle which causes issues when trying to upgrade an existing cluster. Before upgrading to this version, run the following command to cleanup resource conflicts to allow the upgrade to succeed:
kubectl delete \ -n cortex \ deployments,services,serviceaccounts,jobs \ cortex-docker-ingress-backend \ cortex-nginx-ingress-backend \ cortex-docker-ingress-default-backend \ cortex-nginx-ingress-default-backend \ cortex-docker-ingress-controller \ cortex-nginx-ingress-controller \ cortex-connection-type-loader
The expected output of the above command should be similar to the following (note that some errors in this output are acceptable):
deployment.extensions "cortex-nginx-ingress-default-backend" deleteddeployment.extensions "cortex-nginx-ingress-controller" deletedservice "cortex-nginx-ingress-default-backend" deletedservice "cortex-nginx-ingress-controller" deletedserviceaccount "cortex-nginx-ingress-backend" deletedError from server (NotFound): deployments.extensions "cortex-docker-ingress-backend" not foundError from server (NotFound): deployments.extensions "cortex-nginx-ingress-backend" not foundError from server (NotFound): deployments.extensions "cortex-docker-ingress-default-backend" not foundError from server (NotFound): deployments.extensions "cortex-docker-ingress-controller" not foundError from server (NotFound): services "cortex-docker-ingress-backend" not foundError from server (NotFound): services "cortex-nginx-ingress-backend" not foundError from server (NotFound): services "cortex-docker-ingress-default-backend" not foundError from server (NotFound): services "cortex-docker-ingress-controller" not foundError from server (NotFound): serviceaccounts "cortex-docker-ingress-backend" not foundError from server (NotFound): serviceaccounts "cortex-docker-ingress-default-backend" not foundError from server (NotFound): serviceaccounts "cortex-nginx-ingress-default-backend" not foundError from server (NotFound): serviceaccounts "cortex-docker-ingress-controller" not foundError from server (NotFound): serviceaccounts "cortex-nginx-ingress-controller" not found
Cortex-charts version 0.5.3
ALERT
The default scale of RabbitMQ nodes (replicas
) in the Cortex5 helm chart has been changed from 3
to 1
.
If you have configured your Cortex5 deployment to use an externalized RabbitMQ instance and disabled the included RabbitMQ instance in the helm chart, take no action.
If you're concerned with the throughput of the packaged RabbitMQ cluster and wish to continue with the current scale, please edit your [override|cortex|values].yaml used for your helm deployment of the Cortex5 chart and set rabbitmq.replicas
to 3
before running helm upgrade --install
to upgrade your deployment of the Cortex5 helm chart.
If you're not concerned with your rabbitmq throughput and upgrade your Cortex5 deployment to the current helm release without explicitly setting the replicas of rabbitmq nodes, (after upgrading with helm) please shell into and run the following commands from within the remaining rabbitmq pod in your cluster via k9s
or kubectl
to force the rabbitmq cluster to no longer search for the missing rabbitmq pods:
rabbitmqctl forget_cluster_node rabbit@cortex-rmq-1.cortex-rmq-headless.cortex.svc.cluster.localrabbitmqctl forget_cluster_node rabbit@cortex-rmq-2.cortex-rmq-headless.cortex.svc.cluster.local
For more information about scaling RabbitMQ in Helm go here.
Cortex-charts version 0.5.2
- Security vulnerabilities mitigated by updating the following infrastructure images, including:
- Redis to version 5.0.7
- pgbouncer to version 1.12
- postgresql to version 11.4.0-debian-9-r0 -Configuration changes required to support Istio version 1.5
Cortex-charts version 0.5.1
- Added support for providing custom SMTP configurations. For more information, see Configuring Email Support.
Cortex-charts version 0.5.0
New features
- Support for
podspec
has been added to manage and customize action deployment resources such as: GPU, memory, or CPU. The podspec feature works by patching the KubernetesPodTemplateSpec
generated by Fabric. - Support for non-root installation of the Cortex CLI
- Documentation has been added to cortex-charts for:
Changed features
- For
action deploy
, options--memory
--vcpu
are no longer available. Instead use the [podspec] feature to customize pod resources for actions at runtime. - When you use podspec for Kubernetes, action metrics are externalized from Cortex Console and will not be viewable there. To have access to logs and metrics you must use a third party aggregator like Grafana, Cloud Watch, or Azure Dashboards. Logging is delegated to a log aggregator defined on the cluster and will NOT be provided in Cortex Console.
- Profile-of-one has migrated from a single event loading paradigm to a bulk loader, which is able to process multiple profile events in a single job. The following is a summary of the changes that resulted from this shift in paradigm:
- The underlying data model changed to easily allow the bulk insertions of profile attributes against the underlying Po1 database.
- The way profiles are versioned changed, allowing multiple attributes to be updated per version.
- The association between Profile Attribute and Specific Profile Schemas was removed, so the profiles no longer need to rebuild every time a Profile Schema changes.
Cortex-charts version 0.4.1
February 28, 2020
- For RedHat OpenShift 3.11 deployments, special privileges and/or run-as-root is not required to install and configure clusters under the OpenShift security context, non-root.
- Cortex alpine-based images have been deprecated in favor of more secure UBI8-based images for all deployments.
Cortex-charts version 0.4.0
February 18, 2020
- UBI images updated from ubi7 to ubi8 for improved security.
- Images updated to ensure that Redis sentinels are optimally configured.
ALERT
If you are upgrading from Helm chart version 0.3.1 or earlier to version 0.4.0 you may encounter the following issue:
UPGRADE FAILEDError: persistentvolumeclaims “cortex-docker-registry” is forbidden: only dynamically provisioned pvc can be resized and the storageclass that provisions the pvc must support resize
To resolve this issue:
Find the storage class using
kubectl get pvc cortex-docker-registry -n cortex -o yaml | grep storageClassName
Example:
kubectl get pvc cortex-docker-registry -n cortex -o yaml | grep storageClassNameOutput is:
storageClassName: default
Edit the storageClassName by running this command:
kubectl edit sc <storageClassName>
appended withallowVolumeExpansion: true
.Confirm that the configuration change is applied by running:
kubectl get sc <storageClassName> -o yaml | grep allowVolumeExpansion
Example:
kubectl get sc default -o yaml | grep allowVolumeExpansionOutput is:
allowVolumeExpansion: true
Restart the
docker-registry
pod in cortex.Confirm the storage on the pvc is now increased to 100GB by running:
kubectl get pvc cortex-docker-registry -n cortex
Output is:
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEcortex-docker-registry Bound pvc-xyz 100Gi RWO default 160mFor additional assistance with Kubernetes storage classes go to: