What's new in IBM Cloud Private version 3.2.1

Get a quick overview of what is added, changed, improved, or deprecated in this release.

IBM® Cloud Private Version 3.2.1 introduces the following new features and enhancements:

• Installation, configuration, and upgrade
• Security and compliance
• Metering, monitoring and logging
• Performance improvements
• IBM® Cloud Private management console
• APIs
• Package version changes
• Troubleshooting and support

What's new for IBM Cloud Private

Installation, configuration, and upgrade

Multi-release upgrade

You can upgrade directly to IBM Cloud Private 3.2.1 from versions 3.1.0, 3.1.1, 3.1.2, and 3.2.0. For more information, see Upgrading.

Upgrading and reverting IBM Cloud Private

You can now upgrade IBM Cloud Private version 3.2.0 to 3.2.1, by upgrading all deployed platform Helm charts. In addition to upgrading, you can revert IBM Cloud Private with OpenShift by reverting all deployed platform Helm charts. For more information, see Upgrading IBM Cloud Private with OpenShift.

IBM Cloud Private Fix packs

You can apply a fix pack to your cluster to fix known issues with IBM Cloud Private.

There are two fix pack versions available, 3.2.1.x fix packs and 3.2.2.x fix packs. The 3.2.1.x fix packs are intended for environments that include Kubernetes version 1.13.12. The 3.2.2.x fix packs include fixes to upgrade the supported version of Kubernetes. The fixes that are included within these 3.2.2.x fix packs include all fixes that are included within the equivalent 3.2.1.x fix pack, except for Kubernetes specific fixes. If you apply a 3.2.2.x fix pack, do not apply an equivalent 3.2.1.x fix pack.

The latest 3.2.1.x fix pack is 3.2.1.2203. The latest 3.2.2.x fix pack is 3.2.2.2203 and upgrades Kubernetes to version 1.19.3.

These fix packs became available on 5 February 2021. For more information about the fixes that are included in this fix pack, see Fixed reported problems.

Upgrading Kubernetes

You can apply a 3.2.2.x fix pack to upgrade the supported version of Kubernetes. The 3.2.2.2006 and 3.2.2.2008 fix packs upgrade Kubernetes to version 1.16.7 from version 1.13.12. The latest 3.2.2.x fix pack, 3.2.2.2203, upgrades Kubernetes to version 1.19.3.

Key Management Service (KMS) Hardware Security Module (HSM)

Secret configuration is removed from the key-management-chart. You must now create the Secret before you install a Helm chart, and export the Secret before you upgrade a Helm chart.

• When you upgrade to a new Helm chart, you must export the existing hsm-secret to the configuration file before you can upgrade the key-management-hsm Helm chart. Then, you must import the configuration file to re-create the Secret. For more information, see Upgrading KMS Helm charts 30435
• When you install a new Helm chart, you must import the configuration file to create a hsm-secret before you install the key-management-hsm Helm chart. For more information, see Configuring Key Management Service.

Security and compliance

• Added instructions for specifying TLS ciphers for etcd and Kubernetes after the installation of your IBM® Cloud Private cluster. For more information, see Specifying TLS ciphers for etcd and Kubernetes after IBM Cloud Private installation.

• You can now enable the Mutation Advisor Advanced (MA++) to detect mutation events for files and processes. Enable MA++ when you install the Vulnerability Advisor. For more information, see Mutation Advisor Advanced (MA++).

• Etcd uses UID/GID 2375 as the default.

Certificates

Role-based access control (RBAC) is now available for Certificate Manager resources. For more information, see RBAC for Certificate Manager resources and IBM Cloud Private Certificate Manager role-based access control (RBAC) support.

Metering, monitoring and logging

Metering

You can now view metering data for Cloud Paks. For more information, see Viewing metering reports.

Monitoring

Use Prometheus Operator to manage Prometheus and Alertmanager instances. For more information, see Configuring the Prometheus server and Configuring Alertmanager.

Performance improvements

• You can now query the status of any service on your IBM Cloud Private cluster with the IBM Cloud Private system health service. For more information, see IBM Cloud Private system health service.

• For IBM Cloud Private with OpenShift, you can now use the Vulnerability Advisor to scan universal base images (UBI) with Red Hat Enterprise Linux (RHEL) 7 and 8. For more information, see Scanning external image registries with the Vulnerability Advisor.

• You can enable the Vulnerability Advisor on IBM Cloud Private with OpenShift. For more information, see Enabling the Vulnerability Advisor on IBM Cloud Private with OpenShift.

• You can view the Mutation Advisor alerts and notifications from the Security Advisor dashboard. For more information, see Mutation Advisor.

• Vulnerability Advisor now supports SUSE Linux Enterprise Server (SLES). For more information about what versions are supported, see Supported operating systems and platforms.

• Mutation Advisor is now integrated with the Security Advisor indexer. For more information, see Mutation Advisor.

Management console

You can use Visual Web Terminal to run some common commands to access and manage your multicloud environment. The results are returned in an interactive tabular format that you can navigate or sort. See Visual Web Terminal for more information.

APIs

Documentation for the IBM Cloud Private system healthcheck service APIs is now available. View the System healthcheck service API details section on the IBM Cloud Private system healthcheck service page for more information.

Documentation for the Mutation Advisor Advanced (MA++) APIs is now available. For more information, see Mutation Advisor Advance (MA++) APIs.

Package version changes

With the introduction of IBM Cloud Private version 3.2.1, the following package versions changed:

Troubleshooting and support

To debug your issues, you can see whether your reported problem was fixed in the release. For the list, see Fixed reported problems.