Version 1.2.33 - January 14th 2025

Version 1.2.33 (14JAN2025)

• Logging

  • [SECURITY] Fluent Bit log collecting pods no longer run as root user. In addition, the database used to
    maintain state information for the log collector has moved to a hostPath volume and been renamed. A new initContainer
    has been added to handle migrating any existing state information and make adjustments to file ownership/permissions.
    NOTE: This initContainer runs under as root user but only runs briefly during the initial deployment process.
  • [SECURITY] OpenSearch pods has been reconfigured to allow readOnlyRootFilesystem to be set to 'true'. A
    new initContainer has been added to facilitate this.
  • [SECURITY] Runtime security controls for log monitoring stack (i.e. Fluent Bit, OpenSearch, OpenSearch
    Dashboards and Elasticsearch Exporter) pods have been tightened. Changes include: adding seccompProfile;
    and disallowing privileged containers, privilege escalation and removing all Linux capabilities. As noted
    above, some initContainers require less restrictive security but these only run briefly during the initial
    deployment process.
  • [SECURITY] On OpenShift, all Fluent Bit pods now use custom SCC objects to support changes described above.
  • [CHANGE] Improved handling of long log messages and those from some Crunchy Data pods

• Metrics

  • [FIX] Rule defintion for :sas_launcher_pod_info: updated to: support multiple SAS Viya deployments
    running in same cluster and address a data problem seen on OpenShift when there is a significant delay (> 1s)
    between when a pod being created and it being assigned an IP address.

Version 1.2.32 - December 10th 2024

Version 1.2.32 (10DEC2024)

• Overall

  • [CHANGE] Comments added to user.env files within samples/generic-base to clarify security best-practices; other cleanup.

• Logging

  • [SECURITY] Set seccompProfile to RuntimeDefault for OpenSearch, OpenSearch Dashboards and Fluent Bit pods in non-OpenShift environments.

Version 1.2.31 - November 15th 2024

Version 1.2.31 (15NOV2024)

• Logging
  • [UPGRADE] OpenSearch and OpenSearch Dashboards upgraded from 2.15.0 to 2.17.1
  • [UPGRADE] Elasticsearch Exporter upgraded from 1.7.0 to 1.8.0. Note that this included a change to the pod labels that
    required a new serviceMonitor (elasticsearch-v2) be deployed.
  • [UPGRADE] Fluent Bit upgraded from 3.1.3 to 3.1.9
  • [UPGRADE] OpenSearch Data Source Plugin to Grafana upgraded from 2.18.0 to 2.21.1

1.2.30 - October 11th 2024

Version 1.2.30 (11OCT24)

• Logging

  • [SECURITY] OpenSearch Dashboards pod securityContext updated to set allowPrivilegeEscalation to 'false'

• Metrics

  • [SECURITY] Metrics (collected by Kube State Metrics) related to Kubernetes Secret have been disabled to eliminate the need to grant list permission (for Secret resources) to the KSM ClusterRole (see PR#684)
  • [CHANGE] The create_logging_datasource.sh script now uses the OpenSearch datasource plugin rather the Elasticsearch datasource plugin when creating the ViyaLogs datasource in Grafana. The plugin is downloaded and installed if it is not already in place.
  • [UPGRADE] Kube-Prometheus Stack Helm chart has been upgraded from 61.1.1 to 62.7.0.
  • [UPGRADE] Grafana Helm Chart (for OpenShift deployments) has been upgraded from 8.2.1 to 8.5.1.
  • [UPGRADE] Prometheus Pushgateway Helm chart has been upgraded from 2.13.0 to 2.14.0.
  • [UPGRADE] The config-reloader has been upgraded from 0.75.0 to 0.76.1.
  • [UPGRADE] Grafana has been upgraded from 11.1.0 to 11.2.0.
  • [UPGRADE] The k8s-sidecar has been upgraded from 1.26.1 to 1.27.4.
  • [UPGRADE] Kube-State-Metrics has been upgraded from 2.12.0 to 2.13.0.
  • [UPGRADE] Node-Exporter has been upgraded from 1.8.1 to 1.8.2.
  • [UPGRADE] Prometheus has been upgraded from 2.53.0 to 2.54.1.
  • [UPGRADE] Prometheus Operator has been upgraded from 0.75.0 to 0.76.1.
  • [UPGRADE] Prometheus Pushgateway has been upgraded from 1.8.0 to 1.9.0

1.2.29 - September 17th 2024

Version 1.2.29 (16SEP2024)

• Overall

  • [DOCUMENTATION] Reorganization of content to improve readability and flow.
  • [TASK] Updated links (within markdown files, dashboards, etc.) to reflect documentation reorganization

• Logging

  • [CHANGE] Updated link to SAS documentation in the SAS Update Checker Report (within OpenSearch Dashboards) to be version-independent

• Metrics

  • [FIX] Changed metric label (from 'CAS Version' to 'OS Version') on SAS CAS Overview dashboard (within Grafana) to reflect information displayed
  • [FIX] Replace deprecated oc serviceacounts get-token command in deploy_monitoring_openshift.sh for OpenShift 4.16+

1.2.28 - August 13th 2024

Version 1.2.28 (13AUG2024)

• Logging
  • [UPGRADE] OpenSearch and OpenSearch Dashboards upgraded from 2.12.0 to 2.15.0
  • [UPGRADE] Fluent Bit upgraded from 3.0.6 to 3.1.3

1.2.27 - July 16th 2024

Version 1.2.27 (16JUL2024)

• Overall

  • [FIX] Modified renew-tls-certs.sh script to regenerate the root CA cert when renewing auto-generated certs

• Metrics

  • [CHANGE] Grafana dashboards for RabbitMQ upgraded to newer versions
  • [CHANGE] All Grafana dashboards (maintained as part of this project) migrated to Grafana 11
  • [CHANGE] Some Grafana dashboards inherited from the Kube-Prometheus Stack Helm chart do not
    work with Grafana 11.x due to Angular migration or other issues. As a temporary fix, we have
    removed these dashboards and replaced them with our versions of them. This fix will be removed when these issues have been resolved.
  • [CHANGE] Sample of user-values-openshift-grafana.yaml added to generic-base sample
  • [CHANGE] Grafana is now deployed with the testFramework parameter set to false
  • [UPGRADE] Kube-Prometheus Stack Helm chart has been upgraded from 56.6.2 to 61.1.1.
  • [UPGRADE] Grafana Helm Chart (for OpenShift deployments) has been upgraded from 7.3.0 to 8.2.1.
  • [UPGRADE] Prometheus Pushgateway Helm chart has been upgraded from 2.6.0 to 2.13.0.
  • [UPGRADE] Alertmanager has been upgraded from 0.26.0 to 0.27.0.
  • [UPGRADE] The config-reloader has been upgraded from 0.71.2 to 0.75.0.
  • [UPGRADE] Grafana has been upgraded from 10.3.3 to 11.1.0.
  • [UPGRADE] The k8s-sidecar has been upgraded from 1.25.4 to 1.26.1.
  • [UPGRADE] Kube-State-Metrics has been upgraded from 2.10.1 to 2.12.0.
  • [UPGRADE] Node-Exporter has been upgraded from 1.7.0 to 1.8.1.
  • [UPGRADE] Prometheus has been upgraded from 2.49.1 to 2.53.0.
  • [UPGRADE] Prometheus Operator has been upgraded from 0.71.2 to 0.75.0.
  • [UPGRADE] Prometheus Pushgateway has been upgraded from 1.7.0 to 1.8.0.

1.2.26 - June 18th 2024

Version 1.2.26 (18JUN2024)

• Overall
  • [CHANGE] Eliminated use of --short option (deprecated in Kubernetes 1.28) from kubectl version commands
• Logging
  • [SECURITY] Upgraded to Fluent Bit 3.0.6 to address critical security vulnerability (CVE-2024-4323)

1.2.25 - May 14th 2024

Version 1.2.25 (14MAY2024)

• Metrics

  • [CHANGE] New Grafana dashboard Perf/Analysis added
  • [CHANGE] Server-Side Apply now used in monitoring/bin/deploy_dashboards.sh script

• Tracing

  • [UPGRADE] Upgraded Tempo from 2.2.0 to 2.4.1
  • [CHANGE] Performance enhancements made to Tempo configuration to handle more traces

1.2.24 - April 16th 2024

Version 1.2.24 (16APR2024)

• Metrics

  • [FIX] Connect to Grafana using https from auto-provisioning sidecar containers when TLS is enabled

• Logging

  • [FIX] Corrected parser definition for Consul messages to eliminate ERROR/WARNING messages in Fluent Bit pod logs
  • [CHANGE] Added parser/processing for Redis log messsages
  • [CHANGE] Added parser/processing for Calico (CNI) log messsages
  • [UPGRADE] Upgraded OpenSearch/OpenSearch Dashboards from 2.10.0 to 2.12.0
  • [UPGRADE] Elasticsearch Exporter has been upgraded from 1.6.0 to 1.7.0