Changelog

Cortex-charts version 0.5.6

• Updated bl service dependencies due to CVE-2020-8244
• Metric events are now disabled internally
• Added a readiness probe to the agents service, so that it is now more fault tolerant
• Replication on the Postgres subchart has been disabled by default
• Helm version 3 is now fully supported
• Installation documentation has been improved and updated including adding a "Dependencies Compatibility Matrix"

Cortex-charts version 0.5.5

• Cortex-Charts Docs updates:
  • Logging
  • OpenShift 4.x installation
• Ingress resources are now fully compatible with Kubernetes 1.16

Breaking Changes

Cortex Fabric is releasing the Beta version of its new web-based Console that integrates Studio, Profiles, Admin Console, and Fabric Docs. Users can try the web versions of Profiles and Studio by logging in to Admin Console or they may continue using the desktop version of Studio: Agent Composer and Profile-of-One. This feature introduces the following breaking change to Cortex-Charts.

If your site-specific helm chart values.yaml file specifies a value for cortex.domains.api, it must ONLY contain protocol and subdomain:

cortex:
  domains:
    api: https://api

The installation documentation for helm chart versions 0.4.1 and prior instructed the user to specify a FQDN, which is no longer supported.

Note that cortex.domains.api defaults to https://api and specification in site-specific values.yaml is not required.

Cortex-charts version 0.5.4

• In this release, all Cortex services have been updated to address CVE vulnerabilities discovered during a routine security scan. If you are updating an existing cluster to this release, please see the note below about steps to take to avoid upgrade issues.
• This release also removes Elasticsearch and Kibana from our packaged components. These now must be installed and configured externally.

ALERT

Note before upgrading: In the 0.5.4 version of the Cortex Fabric helm chart, we have updated all of the subchart components included in the Cortex Fabric bundle which causes issues when trying to upgrade an existing cluster. Before upgrading to this version, run the following command to cleanup resource conflicts to allow the upgrade to succeed:

kubectl delete \
  -n cortex \
  deployments,services,serviceaccounts,jobs \
  cortex-docker-ingress-backend \
  cortex-nginx-ingress-backend \
  cortex-docker-ingress-default-backend \
  cortex-nginx-ingress-default-backend \
  cortex-docker-ingress-controller \
  cortex-nginx-ingress-controller \
  cortex-connection-type-loader

The expected output of the above command should be similar to the following (note that some errors in this output are acceptable):

deployment.extensions "cortex-nginx-ingress-default-backend" deleted
deployment.extensions "cortex-nginx-ingress-controller" deleted
service "cortex-nginx-ingress-default-backend" deleted
service "cortex-nginx-ingress-controller" deleted
serviceaccount "cortex-nginx-ingress-backend" deleted
Error from server (NotFound): deployments.extensions "cortex-docker-ingress-backend" not found
Error from server (NotFound): deployments.extensions "cortex-nginx-ingress-backend" not found
Error from server (NotFound): deployments.extensions "cortex-docker-ingress-default-backend" not found
Error from server (NotFound): deployments.extensions "cortex-docker-ingress-controller" not found
Error from server (NotFound): services "cortex-docker-ingress-backend" not found
Error from server (NotFound): services "cortex-nginx-ingress-backend" not found
Error from server (NotFound): services "cortex-docker-ingress-default-backend" not found
Error from server (NotFound): services "cortex-docker-ingress-controller" not found
Error from server (NotFound): serviceaccounts "cortex-docker-ingress-backend" not found
Error from server (NotFound): serviceaccounts "cortex-docker-ingress-default-backend" not found
Error from server (NotFound): serviceaccounts "cortex-nginx-ingress-default-backend" not found
Error from server (NotFound): serviceaccounts "cortex-docker-ingress-controller" not found
Error from server (NotFound): serviceaccounts "cortex-nginx-ingress-controller" not found

Cortex-charts version 0.5.3

ALERT

The default scale of RabbitMQ nodes (replicas) in the Cortex5 helm chart has been changed from 3 to 1.

If you have configured your Cortex5 deployment to use an externalized RabbitMQ instance and disabled the included RabbitMQ instance in the helm chart, take no action.

If you're concerned with the throughput of the packaged RabbitMQ cluster and wish to continue with the current scale, please edit your [override|cortex|values].yaml used for your helm deployment of the Cortex5 chart and set rabbitmq.replicas to 3 before running helm upgrade --install to upgrade your deployment of the Cortex5 helm chart.

If you're not concerned with your rabbitmq throughput and upgrade your Cortex5 deployment to the current helm release without explicitly setting the replicas of rabbitmq nodes, (after upgrading with helm) please shell into and run the following commands from within the remaining rabbitmq pod in your cluster via k9s or kubectl to force the rabbitmq cluster to no longer search for the missing rabbitmq pods:

rabbitmqctl forget_cluster_node rabbit@cortex-rmq-1.cortex-rmq-headless.cortex.svc.cluster.local
rabbitmqctl forget_cluster_node rabbit@cortex-rmq-2.cortex-rmq-headless.cortex.svc.cluster.local

For more information about scaling RabbitMQ in Helm go here.

Cortex-charts version 0.5.2

• Security vulnerabilities mitigated by updating the following infrastructure images, including:
  • Redis to version 5.0.7
  • pgbouncer to version 1.12
  • postgresql to version 11.4.0-debian-9-r0 -Configuration changes required to support Istio version 1.5

Cortex-charts version 0.5.1

• Added support for providing custom SMTP configurations. For more information, see Configuring Email Support.

Cortex-charts version 0.5.0

New features

• Support for podspec has been added to manage and customize action deployment resources such as: GPU, memory, or CPU. The podspec feature works by patching the Kubernetes PodTemplateSpec generated by Fabric.
• Support for non-root installation of the Cortex CLI
• Documentation has been added to cortex-charts for:
  • Autoscaling
  • Logging
  • Monitoring

Changed features

• For action deploy, options --memory --vcpu are no longer available. Instead use the [podspec] feature to customize pod resources for actions at runtime.
• When you use podspec for Kubernetes, action metrics are externalized from Cortex Console and will not be viewable there. To have access to logs and metrics you must use a third party aggregator like Grafana, Cloud Watch, or Azure Dashboards. Logging is delegated to a log aggregator defined on the cluster and will NOT be provided in Cortex Console.
• Profile-of-one has migrated from a single event loading paradigm to a bulk loader, which is able to process multiple profile events in a single job. The following is a summary of the changes that resulted from this shift in paradigm:
  • The underlying data model changed to easily allow the bulk insertions of profile attributes against the underlying Po1 database.
  • The way profiles are versioned changed, allowing multiple attributes to be updated per version.
  • The association between Profile Attribute and Specific Profile Schemas was removed, so the profiles no longer need to rebuild every time a Profile Schema changes.

Cortex-charts version 0.4.1

February 28, 2020

• For RedHat OpenShift 3.11 deployments, special privileges and/or run-as-root is not required to install and configure clusters under the OpenShift security context, non-root.
• Cortex alpine-based images have been deprecated in favor of more secure UBI8-based images for all deployments.

Cortex-charts version 0.4.0

February 18, 2020

• UBI images updated from ubi7 to ubi8 for improved security.
• Images updated to ensure that Redis sentinels are optimally configured.

ALERT

If you are upgrading from Helm chart version 0.3.1 or earlier to version 0.4.0 you may encounter the following issue:

UPGRADE FAILED
Error: persistentvolumeclaims “cortex-docker-registry” is forbidden: only dynamically provisioned pvc can be resized and the storageclass that provisions the pvc must support resize

To resolve this issue:

1. Find the storage class using kubectl get pvc cortex-docker-registry -n cortex -o yaml | grep storageClassName

   Example:

   kubectl get pvc cortex-docker-registry -n cortex -o yaml | grep storageClassName

   Output is: storageClassName: default

2. Edit the storageClassName by running this command: kubectl edit sc <storageClassName> appended with allowVolumeExpansion: true.

3. Confirm that the configuration change is applied by running: kubectl get sc <storageClassName> -o yaml | grep allowVolumeExpansion

   Example:

   kubectl get sc default -o yaml | grep allowVolumeExpansion

   Output is: allowVolumeExpansion: true

4. Restart the docker-registry pod in cortex.

5. Confirm the storage on the pvc is now increased to 100GB by running: kubectl get pvc cortex-docker-registry -n cortex

   Output is:

   NAME                     STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
   cortex-docker-registry   Bound    pvc-xyz   100Gi      RWO            default        160m

   For additional assistance with Kubernetes storage classes go to:

• Storage Classes
• Change the default StorageClass