Release Notes for 1.11.10

Release notes for DC/OS 1.11.10

DC/OS Version 1.11.10 was released on February 12, 2019.

DC/OS 1.11.10 includes the following components:

Release Summary

DC/OS is a distributed operating system that enables you to manage resources, application deployment, data services, networking, and security in an on-premise, cloud, or hybrid cluster environment.

Issues Fixed in DC/OS 1.11.10

This release of DC/OS 1.11.10 addresses a security vulnerablity for container runtimes as identified by the RunC community and registered in the Common Vulnerabilities and Exposures (CVR) database.

For information about other issues fixed or known issues for the most recent release of DC/OS 1.11 prior to this security fix, see the release notes 1.11.9.

Mesos

  • DCOS-48052 - An update to the containerizer launch binary prevents a malicious user from exploiting the init helper function used by container runtimes–including DockerD, containerD, and UCR. Without this change, a malicious user could gain access to a container’s root-level permissions and use those permissions to execute potentially malicious code on the host.

    This issue has been reported by the RunC community (CVE-2019-5736) and affects the Docker Engine and Mesosphere Kubernetes Engine (MKE) container runtime components. The issue has also been reported by the Apache Mesos community for the Mesosphere Universal Container Runtime (UCR). All existing versions of DC/OS, Mesosphere Kuberentes Engine, and Docker Engine are affected by this vulnerability. However, this vulnerability does not affect DC/OS clusters or UCR containers if the cluster runs using the strict security mode and uses the default nobody user account to launch UCR containers.

    For additional information about this vulnerability and its effect on DC/OS, see Container runtime vulnerability and the Docker Engine release notes.

About DC/OS 1.11

DC/OS 1.11 includes many new capabilities with a focus on:

  • Managing clusters across multiple clouds. Enterprise
  • Production Kubernetes-as-a-service.
  • Enhanced data security. Enterprise
  • Updated data services.

Provide feedback on the new features and services at support.mesosphere.com.

New Features and Capabilities in DC/OS 1.11

Platform

  • Multi-region management - Enables a DC/OS cluster to span multiple datacenters, clouds, and remote branches while providing a unified management and control cluster. View the documentation. Enterprise
  • Linked clusters - A cluster link is a unidirectional relationship between one cluster and another. You can add and remove links from one cluster to another cluster using the DC/OS CLI. Once a link is set up, you can easily switch between clusters using the CLI or UI. View the documentation. Enterprise
  • Fault domain awareness - Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. View the documentation. Enterprise
  • Decommission nodes - Support for permanently decommissioning nodes makes it easier to manage spot cloud instances, allowing for immediate task rescheduling. View the documentation
  • UCR

Networking

  • Edge-LB 1.0. View the documentation. Enterprise
  • IPv6 is now supported for Docker containers.
  • Performance improvements to the DC/OS network stack - All networking components (minuteman, navstar, spartan) are aggregated into a single systemd unit called dcos-net. Read this note to learn more about the re-factoring of the network stack.
  • The configuration parameter dns_forward_zones now takes a list of objects instead of nested lists (DCOS_OSS-1733). View the documentation to understand its usage.

Security Enterprise

  • Secrets Management Service
    • Secrets can now be binary files in addition to environment variables.
    • Hierarchical access control is now supported.

Monitoring

Storage

  • DC/OS Storage Service 0.1 (beta) - DSS users will be able to dynamically create volumes based upon profiles or policies to fine-tune their applications storage requirements. This feature leverages the industry-standard Container Storage Interface (CSI) to streamline the development of storage features in DC/OS by Mesosphere and our community and partner ecosystems. View the documentation.Beta Enterprise
  • Pods now support persistent volumes. View the documentation.Beta

NOTE: Because these storage features are beta in 1.11, they must be explicitly enabled in the config.yaml file when installing DC/OS. Beta features are not recommended for production usage, but are a good indication of the direction the project is headed.

Updated DC/OS Data Services

  • TLS encryption for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS is now supported. Enterprise
  • Fault domain awareness for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic and DC/OS HDFS. Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. Enterprise
  • New API endpoint to pause a node for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS. Use this endpoint to relaunch a node in an idle command state for debugging purposes.
  • New DC/OS Kafka ZooKeeper service. View the documentation.
  • You can now select a DC/OS data service version from a dropdown menu in the DC/OS UI.
  • Improved scalability for all DC/OS data services.