Release Notes for 1.11.8

Release notes for DC/OS 1.11.8

DC/OS 1.11.8 was released on December 6, 2018.

DC/OS 1.11.8 includes the following components:

Issues Fixed in DC/OS 1.11.8

GUI

  • COPS-3360, DCOS-43934 - Updates to the DC/OS UI provide better rendering for elements such as environment variables, secrets, labels, and version information.
  • DCOS-37791, DCOS-42504 - For improved scalability, the DC/OS UI starts loading state information immediately after users log on.

Marathon

  • COPS-3764 - The upgrade to Marathon 1.6.x enables successful secret validation for secrets included in a Marathon JSON app definition file.

Mesos

  • COPS-3573 - Service endpoints for layer-4 load balancing (l4lb) addresses with UCR and CNI can be configured and deployed by using the DC/OS UI or through the DC/OS CLI. A fix ensures that the configuration done through the DC/OS UI is not overwritten by using the DC/OS CLI.
  • COPS-3953 - The Mesos fetcher process automatically retries downloading files using their associated URI if the previously-downloaded and cached versions of the files are not found.
  • DCOS-41248 - Changes to dcos-log prevent agents from overwheming the journald logging facility with messages from endpoints and API requests.
  • DCOS-43544 - Logic changes enable nested containers to run under the same user account as the user associated with their parent container by default. For nested containers in a pod, the default executor’s user–that is, the user running the top-level container–has been the framework user. In a scenario where the framework user is a normal user but the nested container user is root, the change in this release enables the second-level nested containers to run as the same user–for example, the root user–as the parent top-level container instead of as the framework user by default.
  • DCOS-43593 - This release fixes an issue that could cause Mesos master endpoints—such as reserveResources or createVolume—to fail during authorization. For example, before implementing this fix, the authorization requests for an endpoint might fail or be incomplete if there’s extreme load on the IAM service. The change in this release ensures that authorization requests for an endpint are complete before continuing.
  • DCOS-43670, DCOS-44827 - The cgroups event listener code is used to poll events for a container. An update to this code ensures that the listener closes the file descriptor after read operations are complete. The fix prevents a race condition that can leave the container in an ISOLATING or PROVISIONING state.

Metronome

  • DCOS-45564, DCOS_OSS-2535 - This release adds support for enhancements and issues fixed in Metronome 0.4.5.
  • DCOS_OSS-3616 - Metronome initialization improvements prevent Metronome from being in an incomplete state that could cause Mesos offers and associated resources to be held in reserve waiting for the offer to be accepted or declined.

Networking

  • COPS-3924 - The distributed layer-4 load-balancer (dcos-l4lb) network component waits to route traffic until a scale out operation is complete or its health check has passed.
  • COPS-4034, DCOS_OSS-4398 - This release prevents dcos-net from continously restarting systemd-networkd on a bare-metal server with bond interfaces.
  • COPS-4087 - For applications that use Docker containers with a Virtual IP address, backend port mapping resolves access to the application by using the host_IP:port_number instead of the container_ip:port_number.

About DC/OS 1.11

DC/OS 1.11 includes many new capabilities with a focus on:

  • Managing clusters across multiple clouds Enterprise.
  • Production Kubernetes-as-a-service.
  • Enhanced data security Enterprise.
  • Updated data services.

Provide feedback on the new features and services at support.mesosphere.com.

New Features and Capabilities in DC/OS 1.11

Platform

  • Multi-region management - Enables a DC/OS cluster to span multiple datacenters, clouds, and remote branches while providing a unified management and control cluster. View the documentation. Enterprise
  • Linked clusters - A cluster link is a unidirectional relationship between one cluster and another. You can add and remove links from one cluster to another cluster using the DC/OS CLI. Once a link is set up, you can easily switch between clusters using the CLI or UI. View the documentation. Enterprise
  • Fault domain awareness - Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. View the documentation. Enterprise
  • Decommission nodes - Support for permanently decommissioning nodes makes it easier to manage spot cloud instances, allowing for immediate task rescheduling. View the documentation
  • UCR

Networking

  • Edge-LB 1.0. View the documentation. Enterprise
  • IPv6 is now supported for Docker containers.
  • Performance improvements to the DC/OS network stack - All networking components (minuteman, navstar, spartan) are aggregated into a single systemd unit called dcos-net. Read this note to learn more about the re-factoring of the network stack.
  • The configuration parameter dns_forward_zones now takes a list of objects instead of nested lists (DCOS_OSS-1733). View the documentation to understand its usage.

Security Enterprise

  • Secrets Management Service
    • Secrets can now be binary files in addition to environment variables.
    • Hierarchical access control is now supported.

Monitoring

Storage

  • DC/OS Storage Service 0.1 (beta) - DSS users will be able to dynamically create volumes based upon profiles or policies to fine-tune their applications storage requirements. This feature leverages the industry-standard Container Storage Interface (CSI) to streamline the development of storage features in DC/OS by Mesosphere and our community and partner ecosystems. View the documentation.Beta Enterprise
  • Pods now support persistent volumes. View the documentation.Beta

NOTE: Because these storage features are beta in 1.11, they must be explicitly enabled in the config.yaml file when installing DC/OS. Beta features are not recommended for production usage, but are a good indication of the direction the project is headed.

Updated DC/OS Data Services

  • TLS encryption for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS is now supported. Enterprise
  • Fault domain awareness for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic and DC/OS HDFS. Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. Enterprise
  • New API endpoint to pause a node for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS. Use this endpoint to relaunch a node in an idle command state for debugging purposes.
  • New DC/OS Kafka ZooKeeper service. View the documentation.
  • You can now select a DC/OS data service version from a dropdown menu in the DC/OS UI.
  • Improved scalability for all DC/OS data services.