Release notes


Red Hat Service Interconnect 1.8

Latest information about features and issues in this release

Abstract

These release notes contain the latest information about new features, enhancements, fixes, and issues contained in the Red Hat Service Interconnect 1.8 release.
Red Hat Service Interconnect is a Red Hat build of the open source Skupper project.

Chapter 1. New and changed features

Red Hat Service Interconnect is the Red Hat build of Skupper.

The following features were designated Technology Preview in version 1.5, but are now fully supported:

Windows and macOS
You can use the skupper CLI on Windows and macOS.
Multiarch
You can create sites on 64-bit ARM clusters and Linux hosts (aarch64).

The following features are included in this release:

  • Support for Podman version 5.
  • Claim type tokens include an expiry date.
  • The skupper token status command allows you validate a token
  • Metrics are now documented.
  • Better support for Podman sites, including console.

Chapter 2. Long term support

Red Hat Service Interconnect 1.8 is available as a long term support (LTS) release version. Bug fixes and security advisories are provided for Red Hat Service Interconnect 1.8 in a series of micro releases (1.8.2, 1.8.3, 1.8.4, and so on) for a period of at least 12 months.

Note the following important points about the LTS release stream:

  • The LTS release stream provides only bug fixes. No new enhancements will be added to this stream.
  • To remain in a supported configuration, you must upgrade to the latest micro release in the LTS release stream.
  • The LTS version will be supported for at least 12 months from the time of the Red Hat Service Interconnect 1.8.1 GA.

Chapter 3. Supported configurations

Command-line interface

  • Red Hat Enterprise Linux 8 x86-64 and aarch64
  • Red Hat Enterprise Linux 9 x86-64 and aarch64
  • Linux x86-64 and aarch64
  • macOS x86-64
  • Windows x86-64

Router

For use in Kubernetes-based sites and as a gateway for containers or machines.

  • Red Hat Enterprise Linux 8 x86-64 and aarch64
  • Red Hat Enterprise Linux 9 x86-64 and aarch64
Note

Red Hat Service Interconnect is not supported for standalone use as a messaging router.

Red Hat Service Interconnect Operator

The operator is supported with OpenShift 4.x only.

OpenShift versions

  • OpenShift 3.11
  • OpenShift 4.12, 4.13, 4.14, 4.15 and 4.16
  • ROSA and ARO
  • OpenShift Container Platform and OpenShift Dedicated

Installing Red Hat Service Interconnect in a disconnected network by mirroring the required components to the cluster is supported.

Ingress types

  • LoadBalancer
  • OpenShift Routes

CPU architecture

  • x86-64 and aarch64

Kubernetes distributions

Red Hat provides assistance running Red Hat Service Interconnect on any CNCF-certified distribution of Kubernetes.

Note, however, that Red Hat Service Interconnect is tested only on OpenShift.

Ingress types

  • Contour
  • Nginx - This requires configuration for TLS passthrough
  • NodePort

Upgrades

Red Hat supports upgrades from one downstream minor version to the next, with no jumps. While Red Hat aims to have compatibility across minor versions, we recommend upgrading all sites to latest version.

Note

If you have applications that require long lived connections, for example Kafka clients, consider using a load balancer as ingress instead of a proxy ingress such as OpenShift route. If you use an OpenShift route as ingress, expect interruptions whenever routes are configured.

For information about the latest release, see Red Hat Service Interconnect Supported Configurations.

Chapter 4. Deprecated features

This section describes features that are supported, but have been deprecated from Red Hat Service Interconnect.

Protocols
The http and http2 protocols are deprecated and will be removed in a future release when a feature that provides similar observability becomes available. Red Hat recommends using the tcp protocol unless http or http2 observability is required.

Chapter 5. Upgrading sites

This release of Red Hat Service Interconnect is compatible with previous versions, however Red Hat recommends upgrading all sites to version 1.8.

Note

Update all sites to ensure the same version of Service Interconnect is running across your service network. You can expect some minimal downtime during the update process.

To upgrade a site:

$ skupper update

See the Installation for instructions about upgrading Operator based sites.

Note

If you enabled the console using a release before 1.4, which was the default, the upgraded site will also have the console enabled. The default for Service Interconnect 1.4 and later is that the console is not enabled.

To upgrade a gateway, delete the gateway and recreate it.

Port negotiation limitation

If your protocol negotiates the communication port, for example active FTP, you cannot use that protocol to communicate across a service network.

Chapter 6. Fixed issues

See Red Hat Service Interconnect Resolved Issues for 1.8.x for a list of issues that have been fixed in this release.

Chapter 7. Known issues

Note

If you create a site in an OpenShift Container Platform version 4.12 namespace, a message starting with the following warning is displayed:

W0320 15:27:27.446084 48301 warnings.go:70] would violate PodSecurity "restricted:v1.24"

You can ignore this message as it relates to a future restriction in OpenShift.

  • SKUPPER-2077 - Skupper Console Prometheus scrape configuration broken for openshift auth

    If you configure a site to use OpenShift authenication for console access, metrics are not displayed in the console.

    Workaround

    If you require console metrics, use internal authenication for the site where the console is enablePd. Another option is unsecured, however if you use that option, the console is available to unauthenticated users.

  • SKUPPER-869 - Enable idle connection timeouts for the TCP transport

    If an endpoint is terminated, for example a client is killed, the other endpoint observes a half-closed connection. If the other endpoint does not close the connection or attempt to send data to the connection, the Skupper router does not release the memory allocated to that connection

    Workaround

    Avoid client server configurations that use this behavior if possible. For example, if a server automatically closes dormant connections, or attempts to communicate with client, the Skupper router frees the memory when a client is terminated.

  • SKUPPER-805 - skupper init doesn’t work for ordinary user on OCP 3.11

    Workaround

    Two workarounds are available:

    • Use YAML to configure a site.
    • Create a service account with the following permissions to run the skupper CLI:
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      name: skupper-non-admin
    rules:
    - apiGroups:
      - ""
      resources:
      - configmaps
      - pods
      - pods/exec
      - services
      - secrets
      - serviceaccounts
      verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
    - apiGroups:
      - apps
      resources:
      - deployments
      - statefulsets
      - daemonsets
      verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
    - apiGroups:
      - route.openshift.io
      resources:
      - routes
      verbs:
      - get
      - list
      - watch
      - create
      - delete
    - apiGroups:
      - networking.k8s.io
      resources:
      - ingresses
      - networkpolicies
      verbs:
      - get
      - list
      - watch
      - create
      - delete
    - apiGroups:
      - projectcontour.io
      resources:
      - httpproxies
      verbs:
      - get
      - list
      - watch
      - create
      - delete
    - apiGroups:
      - rbac.authorization.k8s.io
      resources:
      - rolebindings
      - roles
      verbs:
      - get
      - list
      - watch
      - create
      - delete

    You can save the YAML above to role.yaml, apply it and bind the role to a username using:

    $ oc apply -f role.yaml
    $  oc policy add-role-to-user skupper-non-admin <username> -n <namespace-name> --role-namespace=<namespace-name>

Appendix A. About Service Interconnect documentation

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Revised on 2024-11-26 18:54:40 UTC

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.