What's new in version 3.1.0

Get a quick overview of what's added, changed, improved, or deprecated in this release.

IBM® Cloud Private Version 3.1.0 introduces the following new features and enhancements:

New features

Memory

Ensure you review and verify that you meet the increased memory requirements. For more information, see Hardware requirements.

Kubernetes

• IBM Cloud Private Version 3.1.0 is now upgraded to use Kubernetes Version 1.11.1. For more information about the features that are introduced in Kubernetes 1.11.1, see Kubernetes v1.11 Release Notes .

• Dynamically update the Kubelet configuration on a node. See Reconfiguring Kubelet in a live cluster.

Catalog

You can now view the catalog by category. See Managing charts and apps.

Image management

You can now control where images are deployed from, enforce Vulnerability Advisor (VA) policies. See Enforcing container image security .

Network

• The encryption of data network traffic by using IPsec can now be made Federal Information Processing Standard (FIPS) compliant. See Encrypting cluster data network traffic with IPsec.

• VMware NSX-T is upgraded to Version 2.3.

• You can integrate IBM Cloud Private with F5 BIG-IP Controller for Kubernetes. See Integrating IBM Cloud Private with F5 BIG-IP Controller for Kubernetes.

Storage

• You can now configure GlusterFS by installing the GlusterFS Helm chart. See Configuring GlusterFS after IBM Cloud Private installation.

• Minio is a lightweight, Amazon S3-compatible object storage server. Configure Minio by installing the Helm chart. See Minio.

• You can now use a vSphere storage policy to dynamically provision a persistent volume. For more information about storage policy based management (SPBM), see Storage Policy Based Management for dynamic provisioning of volumes .

Security

You can now configure single sign-on (SSO) between IBM Cloud Private and your enterprise identity source. For more information, see Configuring single sign-on.

You can now generate and manage certificates with the shared Kubernetes and IBM Cloud Private service cert-manager (certificate manager). To use cert-manager, see Creating certificates.

IBM Cloud Private enforces image policies. There are multiple ways to create an image enforcement policy and you can create a policy by using the IBM Cloud Private Web console. For more information, see Image security enforcement by using the IBM Cloud Private Web console .

IBM Cloud Private CLI

The bx pr command is now cloudctl. You can run cloudctl to view information about your cluster, manage your cluster, install Helm charts, and more. The IBM Cloud Private command line interface (CLI) supports, but no longer requires, the IBM Cloud CLI. For more information, see Managing your cluster with the IBM Cloud Private CLI.

Changes to the IBM Cloud Private CLI are described in the following list:

• From the IBM Cloud Private management console, you can install multiple CLI tools. Click Menu > Command Line Tools > Cloud Private CLI to learn how to install the following command line tools:

  • IBM Cloud Private CLI and plug-ins
  • Helm
  • Kubectl CLI
  • Istio CLI

• All bx pr commands are now cloudctl. Many commands now contain namespaces, such as cloudctl catalog load-chart. Run cloudctl -h for a complete list of commands.

• The cluster-config command was removed. You can now run cloudctl login to configure kubectl and Helm.
• The process to load Helm charts improved, specifically for users without Internet connectivity. For example, with the IBM Cloud Private CLI, you can create archives of Helm charts that include chart images, and you can load them into the cluster without connection. See Adding featured applications to clusters without Internet connectivity for more commands.

Istio

You can now connect, secure, control and observe your microservices with Istio service mesh. Istio makes it easy to create a network of deployed services with load balancing, service-to-service authentication, monitoring, and more, without any changes in service code. See Working with Istio for more information.

Vulnerability Advisor

Vulnerability Advisor (VA) now supports cross-architecture image scanning by using QEMU (Quick EMUlator). You can scan Linux® on Power® (ppc64le) CPU architecture images with VA running on Linux® x86_64 nodes. Alternatively, you can scan Linux® x86_64 CPU architecture images with VA running on Linux® on Power® (ppc64le) nodes.

You can also use the Mutation Advisor, a change detection mechanism, to alert personnel to unauthorized modification of critical system files, configuration files, content files, and OS process. See Mutation Advisor.

Management services

There is a updated format for listing the management services in the config.yaml file. See Enabling and disabling IBM Cloud Private management services.

IBM Cloud Private Web console

• You can create a Service ID by using the IBM Cloud Private Web console. See Creating a service ID by using the IBM Cloud Private Web console.

• You can manage your image security enforcement by using the IBM Cloud Private Web console. See Enforcing container image security.

Audit logging

The audit logging feature in IBM Cloud Private provides the capability to collect audit logs generated by various management services and the Kubernetes API server and send them to Elasticsearch. See Audit logging in IBM Cloud Private.

NVIDIA GPU device plug-in

IBM Cloud Private now uses Kubernetes device plug-in framework for managing graphical processing unit (GPU) devices. For more information about Kubernetes device plug-ins, see Device Plugins .

Supported operating systems

IBM Cloud Private now supports Ubuntu 18.04 LTS.

Supported environments

IBM Cloud Private with OpenShift

IBM® and Red Hat have partnered to provide a joint solution that uses IBM Cloud Private and OpenShift. You can now deploy IBM certified software containers that are running on IBM Cloud Private onto Red Hat OpenShift. When you install IBM Cloud Private with OpenShift, IBM Cloud Private provides the IBM Cloud Private experience, management, and operations for applications and uses OpenShift's Kubernetes and Docker registry that is already installed by Red Hat. For more information, see IBM Cloud Private with OpenShift overview.

IBM Cloud Private on AWS Quick Start

This Quick Start automatically deploys IBM Cloud Private into a new virtual private cloud (VPC) on the Amazon Web Services (AWS) Cloud. A regular deployment takes about 60 minutes, and a high availability (HA) deployment takes about 75 minutes to complete. The Quick Start includes AWS CloudFormation templates and a deployment guide. For more information, see IBM Cloud Private on AWS.

Technology previews

The following technology previews are new for this version. For all of the features that are available in IBM® Cloud Private as technology preview code (TPC) only, see the Technology preview section.

• Running kube-proxy in IP Virtual Server (IPVS) mode. See Manage kube-proxy by using IPVS.
• Manage and secure microservices with Istio. See Working with Istio.
• Pod auto scaling by using custom metrics. See Horizontal pod auto scaling by using custom metrics.
• Using containerd as a runtime for cluster nodes. See Installing IBM Cloud Private by using containerd.
• Isolating network and compute environments. See Isolating network and compute environments.

Federal Information Processing Standards (FIPS)

Federal Information Processing Standards (FIPS) are information technology standards that are developed by the United States federal government. See IBM Cloud Private platform considerations for FIPS compliance for information about FIPS compliance in IBM Cloud Private.

IBM Cloud Private Cloud Foundry changes

For the details of changes to IBM Cloud Private Cloud Foundry, see What's new in IBM Cloud Private Cloud Foundry Version 3.1.0.

Featured applications

Kibana Helm chart removed from the public repository

Beginning March 8, 2019, the ibmcom/ibm-icplogging-kibana was removed from the public repository in the IBM Cloud Private Catalog. The Kibana instance is installed automatically, and can be enabled. See Kibana for more information.

Moved Helm charts

• The ibmcom/ibm-icplogging chart was moved from the public repository to the mgmt-charts repository.
• The ibmcom/ibm-icpmonitoring chart was moved from the public repository to the mgmt-charts repository.

What changed

1. With the introduction of IBM Cloud Private Version 3.1.0, the following package versions changed:

2. Kubernetes is upgraded from Version 1.10.0 to Version 1.11.0.

3. NGINX Ingress controller is upgraded from Version 0.13.0 to Version 0.16.2.
4. GlusterFS is upgraded from Version 3.12 to Version 4.0.2.
5. Calico is upgraded from Version 3.0.4 to Version 3.1.3.

6. Helm CLI is upgraded from Version 2.7.2 to 2.9.1.

7. The Logs tab for platform UI pages is no longer available. For information about viewing logs, see Events and logs (cluster management console).