PKS Release Notes
PKS (Pivotal Container Service) is used to create and manage on-demand Kubernetes clusters via the PKS CLI.
Release Date: March 6, 2018
- [Bug Fix] vSphere NSX-T integration works with BOSH stemcell v3468.25 and later.
- [Bug Fix] Adds support for special characters
\, space (
%in vCenter passwords.
- [Bug Fix] Worker nodes are drained before they stop in order to minimize workload downtime during a rolling upgrade.
- [Security Fix] UAA credentials and vCenter passwords do not appear in BOSH logs.
- [Bug Fix] BOSH DNS no longer causes worker nodes to fail after a manual restart.
- Updates Kubernetes to v1.9.3.
- Updates Golang to v1.9.4.
Release Date: February 8, 2018
PKS v1.0.0 includes or supports the following component versions:
|Product Component||Version Supported||Notes|
|vSphere||6.5 and 6.5 U1 - Editions
||vSphere versions supported for Pivotal Container Service (PKS)|
|VMware Harbor Registry||1.4.1||Separate download available from Pivotal Network|
|NSX-T||2.1 Advanced Edition||Available from VMware|
|Pivotal Cloud Foundry Operations Manager (Ops Manager)||2.0.X||Separate download available from Pivotal Network|
|Stemcell||3468.21||Separate download available from Pivotal Network|
|Kubernetes||1.9.2||Packaged in the PKS Tile (CFCR)|
|CFCR (Kubo)||0.13||Packaged in the PKS Tile|
|NCP||184.108.40.206||Packaged in the PKS Tile|
|PKS CLI||1.0.0-build.3||Separate download available from the PKS section of Pivotal Network|
|Kubernetes CLI||1.9.2||Separate download available from the PKS section of Pivotal Network|
|* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.|
- Create, resize, delete, list, and show clusters through the PKS CLI
- Native support for NSX-T and Flannel
- Easily obtain kubeconfigs to use each cluster
- Use kubectl to view the Kubernetes dashboard
- Define plans that pre-configure VM size, authentication, default number of workers, and addons when creating Kubernetes clusters
- User/Admin configurations for access to PKS API
- Centralized logging through syslog
In PKS v1.0.0, special characters, such as
\, space (
% cannot be used in vCenter passwords.
PKS v1.0.1 adds support for the special characters listed above except for
When deploying the PKS v1.0.0 using NSX-T as the networking layer with a stemcell other than x3468.21, Kubernetes cluster deployments fail. PKS v1.0.1 adds support for stemcells v3468.25 and later.
Stemcell Updates Cause Automatic VM Rolling
Enabling the Upgrade all clusters errand allows automatic rolling for VMs in your deployment. Pivotal recommends enabling this errand to ensure that all deployed cluster VMs are patched.
When you enable the Upgrade all clusters errand, the following actions can cause downtime:
- Updating the PKS tile with a new stemcell triggers the rolling of each VM in each cluster.
- Updating other tiles in your deployment with new stemcells causes the rolling of the PKS tile.
Upgrade Errand Fails with Failed Deployments
The Upgrade all clusters errand fails if any deployments are in a failed state.
Syslog Security Recommendations
BOSH Director logs contain sensitive information that should be considered privileged. For example, these logs may contain cloud provider credentials in PKS v1.0.0. If you choose to forward logs to an external syslog endpoint, using TLS encryption is strongly recommended to prevent information from being intercepted by a third party.