5.2.1 Release Notes
April 12, 2022
Starting with this release, Enforcer client versions will be backwards compatible for a 9-month period.
- Support for IPv6 OAM ping. OAM ping now accepts an IPv6 address in the destination IP.
- Support for Enforcer & Processing Unit alerts. Introducing 3 new alerts
- Host processing unit event: PUs created or removed from a namespace
- Enforcer event: Enforcers created or removed from a namespace
- Audit event: Actions performed on a namespace (delete a ruleset, create a namespace, create an App Credential)
- Enforcer lookup improvements: Enforcers now report FQDNs directly in the flow logs.
- Long-lived connections: Some types of connections can exist for days or months without ever closing (proxies and databases are common examples) and if an Enforcer is deployed after a connection is established, it will remain unmonitored. apoctl netstat command allows users to understand what are the long lived connections they have in their environment, restart those and make sure Enforcers are controlling them.
- Enforcer client versions will be backwards compatible for a 9-month period
- CNS-4117: Auto-scale issues seen with Squall service are addressed.
- CNS-4717: SSL errors seen on UI when requests hit rate limits are addressed.
- CNS-3907: Addressed the slowness with tags retrieval with a large number of Enforcers.
- CNS-3835: TUF repo lock error messages will no longer overwhelm Chocobo service logs.
- CNS-4667: Security issue: Ability to add all org tags at any point in the namespace hierarchy.
- CNS-4902: Reports query with complex filters can fail with large data volumes. For such queries users must either reduce the query time window or run the query a lower level namespaces.
- CNS-4881: Loading dependency maps can fail at top level namespaces or large time ranges with high volumes of data. For such queries, user must select smaller time windows.
- CNS-4877: Processing Unit or Enforcer details page fails to load after hitting rate limit errors.
Upgrade instructions for CNS 5.2
- CNS-4571: Elasticsearch index cleanup may be neededIf you are upgrading a stack in-place which has not received security upgrades from Elasticsearch 5 to Elasticsearch 6, or which has received such an upgrade recently, there may be remaining Elasticsearch indexes created by Jaeger earlier which are incompatible with the Elasticsearch 7.17 version bundled with this CNS 5.2 release. (Elasticsearch maintains compatibility with indexes created by one previous major version, not two.)
deploy delete elasticsearch rewind --cleanup data-elasticsearch-0
- You can remove those indexes by removing Elasticsearch and its volume prior to upgrade:
- Or if you discover Elasticsearch pods are unhealthy after an upgrade, such old indexes may be responsible. They can likewise be removed by temporarily removing Elasticsearch, then installing it:deploy delete elasticsearch rewind --cleanup data-elasticsearch-0 deploy install elasticsearchYou may need to (below) restart Jaeger pods after that.
- CNS-4890: Jaeger pods should be restartedDue to the Elasticsearch changes, Jaeger pods should restarted after upgrade:k rollout restart deployment jaeger-collector k rollout restart deployment jaeger-query k rollout restart deployment jaeger-agent
Recommended For You
Recommended videos not found.