What's New in the Apcera Platform

This section summarizes what is new in Apcera Platform releases, including long-term support (LTS) and maintenance releases (MRs). Please be sure to refer to the release notes for details on each release. We also generate an RSS feed for the release notes that you can subscribe to (https://docs.apcera.com/changelog/feed.xml).

MRs for 2.6

There are three maintenance releases for 2.6:

LTS Release 2.6.0

Apcera Platform 2.6.0 is an LTS release that includes the following features:

Support for Custom Root CA Certificates

Apcera Platform release 2.6.0 adds support for adding custom root CA certificates into the system. With this feature you can designate your own trusted root certificates for SSL certificate validation in semantic pipelines and service gateways.

For the initial phase of this feature, you can integrate with an existing MySQL or Postgres external database using that corresponding service gateway, rather than using the generic service gateway. In so doing you can take advantage of the semantic pipeline that is generated for such services.

See the following topics for full details:

HTTPS-only Routing

Apcera Platform release 2.6.0 lets you designate a job route to be HTTPS only. Previously, if you enabled your cluster for HTTPS traffic, when creating a job route both HTTP and HTTPS routes would be available on the job. Now you can specify that the route only accept HTTPS connections, in which case the HTTP route is redirected to HTTPS.

See enforcing HTTPS-only routes.

Support for JFrog Artifactory

Apcera Platform release 2.6.0 adds support for using JFrog Artifactory for CI/CD integration.

See Using JFrog Artifactory.

Updates to Virtual Networking

Apcera Platform release 2.6.0 uses VXLAN as the default tunneling technology for virtual networking. Support for GRE is deprecated and will be removed in the next major release.

For VXLAN you must ensure that UDP port 4789 is open for each Instance Manager host. See Using VXLAN.

In addition, virtual networks now support the use of Local IPAM for improved scalability and robustness of jobs joining and leaving virtual networks. You can migrate existing virtual networks to local IPAM by enabling local IPAM in your cluster configuration and redeploying. Note that local IPAM is BETA for the 2.6. release.

See Configuring virtual networking for more information.

Improved Large Package Support

Apcera Platform release 2.6.0 improves support for large package files. By default packages are uploaded to the cluster asynchronously using the APC_ASYNC_UPLOAD=true environment variable.

See large package uploads for more information.

Gluster-based package storage (BETA)

Apcera Platform release 2.6.0 adds support for using Gluster as the backend storage for the Package Manager component. Gluster provides a highly available storage solution that can be used in lieu of Riak-CS.

If you are deploying a new Enterprise Edition (EE) cluster that does not use AWS S3 as the package store (such as a cluster on vSphere), you should use Gluster for the package store. Migration from Riak to Gluster is supported, so if you have an existing EE cluster you can choose to migrate from Riak to Gluster. If you do plan to migrate, please contact Apcera Support for guidance.

See Configuring Gluster and Configuring Package Manager for more information.

Cluster HA

The third-party singleton statsd-server is replaced with a Go-based statsd-server that is part of the Metrics Manager component, which supports high availability by adding multiple Metrics Manager components.

See the sizing guidelines for more information.

Instance Manager package cache LRU pruning

You can configure the Instance Manager (IM) to prune its local package cache and delete seldom used packages. If this feature is enabled, the IM will check the reservation level at the configured interval and each time an IM downloads a package. If the package cache size exceeds the reservation threshold, packages will be deleted using a Least Recently Used (LRU) algorithm.

By default IM package cache pruning is disabled. See Configuring the Instance Manager for more information.

HTTP Router synchronization

The HTTP router is synchronized every 60 seconds with components that use HTTP/S routes, such as the API Server, Instance Manager, and Job Manager, to guard against stale routes. A parameter is added to cluster.conf to tune the router sync interval.

See HTTP router data synchronization for more information.

Cluster configuration and installation changes

The following changes are made to the cluster installation:

  • The Ubuntu Linux kernel is updated to address the recently discoverd CVE-2016-7117 vulnerability. There are new base images. On upgrade reboot of cluster hosts is required.
  • There is a new Orchestrator version 1.0.0. This version is required to deploy Apcera Platform release 2.6.0.
  • Apcera Enterprise Edition modules for Terraform are upgraded to Terraform version 0.7.6.

MRs for 2.4

There are two maintenance releases for 2.4:

Maintenance Release 2.4.2

Apcera Platform 2.4.2 is a maintenance release that includes bug fixes.

Maintenance Release 2.4.1

Apcera Platform 2.4.1 is a maintenance release that includes a Linux security kernel patch.

LTS Release 2.4.0

Apcera Platform 2.4.0 is an LTS release that includes the following features:

Expanded IAM support

Apcera Platform release 2.4 adds support for Keycloak and Active Directory for cluster user identity and access management (IAM).

New feature to support Minio Services

Apcera Platform release 2.4 adds a new feature to support Minio Services. Minio is an object storage server that's compatible with the Amazon S3 cloud storage service. You can store photos, videos, VMs, containers, log files, or any blob of data as objects. The Minio service gateway creates a new Minio server instance running as a job in your cluster. Data you store on the Minio server is persisted by an APCFS (NFS) service.

Enhanced auditing capabilities

The Audit Log is enhanced to provide richer and deeper metadata about cluster operations to improve auditing capabilities, including policy requests and violations. In addition, there is a new audit “payload" field and enhancements to APC and the Web Console to view audit payload fields.

Improvements for virtual networking

Apcera Platform release 2.4 improves virtual networking by upgrading Open vSwitch (OVS). (If you are upgrading a cluster to 2.4, jobs in the virtual networks will be restarted.)

In addition, release 2.4 supports Virtual Extensible LAN (VXLAN) as the default tunneling technology for new clusters. Existing clusters continue to use Generic Routing Encapsulation (GRE) and must be updated and rebooted to use VXLAN. Refer to the enabling VXLAN documentation for migration instructions.

Support for GRE is deprecated. If you do not enable and migrate to VXLAN now, you will be required to for the next long term support (LTS) release.

Expanded Docker support

Apcera Platform release 2.4 expands its first class support for Docker images and jobs by offering:

Policy and security updates

Cluster deployment improvements

Expanded platform support for Enterprise Edition

Apcera Platform release 2.4 expands public cloud support for installing a full EE cluster to include Microsoft Azure and Google GCE.

In addition, Apcera-provided modules are updated to Terraform 0.7.x and the BareOS documentation is updated.

Community Edition enhancements

There is a new version of the apcera-setup installer (2.2.1) for the Apcera Platform Community Edition. The installer is updated with usability enhancements and support for the AWS us-east-2 region.

Upgrade paths

You can upgrade directly to release 2.4.0 from Apcera Platform versions 2.2.2 or 2.2.3. No other upgrade paths are supported. You must use Orchestrator 0.5.3 to deploy the 2.4.0 release and take advantage of new deployment features.

Review the release notes and upgrade instructions before upgrading.

MRs for 2.2

There are three maintenence releases for 2.2:

Maintenance Release 2.2.3

Apcera Platform 2.2.3 is a critical security release.

Maintenance Release 2.2.2

Apcera Platform 2.2.2 is a maintenance release that includes bug fixes.

Maintenance Release 2.2.1

Apcera Platform 2.2.1 is a maintenance release that mainly includes bug fixes. This release also includes BETA support for using VXLAN to create virtual networks instead of GRE.

LTS Release 2.2.0

Apcera Platform 2.2.0 is an LTS release that includes the following features:

Web Console Improvements

Continued maturity of the web console, including:

  • Data Tables editor for adding and updating policy data and scaling policy.
  • Integrated login page. (If you are using Google Auth, you may need to update the redirect URLs.)
  • Context-sensitive help and inline documentation.

Policy Scaling

Enhancements to the the policy language and engine help you scale large policy sets, including:

To get started, check out the Policy Data Tutorial.

Application Tokens

Using the Application Tokens feature, you can allow a job running in the Apcera Platform to receive authentication JSON Web Tokens (JWT) that the job can use to perform actions against the public HTTP API using APC commands.

To get started, check out the App Token Tutorial.

Application Events

Using the Application Events feature, users and systems can subscribe to application events by job or by namespace.

To use application events, you will need to add the events-server component to your cluster.conf file. Refer to the sizing guidelines and upgrade instructions.

SMB Persistent Storage

You can now use SMB 2.0 for persistent file storage with customized mount points. SMB allows for finer-grained authentication than NFS.

Support for AWS EFS

Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud. You can use Apcera's NFS Service Gateway to access AWS EFS storage volumes within containers. See File Share Services - Amazon Elastic File System (AWS EFS).

Multi-resource manifests

The multi-job manifest syntax is expanded to support virtual networks and service creation and binding as first class objects. The feature is renamed to multi-resource manifests.

Job links between container instances are now load balanced for improved job scaling.

EE Cluster Encryption (BETA)

End-to-end cluster encryption using IPsec mesh tunnels for all runtime traffic between Apcera component hosts. This feature is available for BETA use.

EE Cluster HA

Required components can now be deployed in multiple for highly available production deployments.

EE Expanded Platform Support and Tooling

Additional platforms supported for deployment of the Enterprise Edition.

CE Enhancements

LTS Release 2.0.0

Apcera Platform 2.0.0 is an LTS release that includes the following features:

Web Console Improvements

Policy Simulator

Use the policy simulator to audit existing policy and test new policy, including hypotheticals.

Highly Available NFS

Integration with Gluster for full HA NFS.

Multi-job Manifests

Compose and orchestrate workloads using multi-job manifests.

Flex-Auth Servers

Individual, scalable auth server components for integrating with supported identity providers.

To use Flex Auth, you will need to add the appropriate flex-auth-server component to your cluster.conf file. Refer to the sizing guidelines and upgrade instructions.

EE Expanded Platform Support and Tooling

New Community Edition

Deploy in minutes a small-scale cluster on AWS, VirtualBox, VMware, OpenStack, and vSphere.