Release Notes
Version 1.12.1
- Added support for multiple hosts in the
n2ac
component for external Postgres datastore. - Credentials provided for the data store username and password will now be automatically URL-encoded and stored in the postgres-credentials secret within the
Management Plane namespace. This change helps ensure compatibility with database drivers that require
URL-encoded credentials (especially when using non-standard characters). If you are already supplying URL-encoded credentials,
you must do one of the following to avoid double-encoding:
- Update the secret to remove URL encoding, or
- Set passwordEncoding to URL in the ManagementPlane CR, as shown below:
No additional action is required if your credentials are not already URL-encoded.spec:
dataStore:
passwordEncoding: URL
Version 1.12.0
- Added the
K8S_CACHE_SYNC_TIMEOUT
environment variable to the TSB operators to configure the amount to wait for the Kubernetes cache synchronization when the operator pods start. The default value is 2 minutes, but in large environments with lots of configuration objects this may need to be increased. - The rate limit filters were not installed on the listeners on port 15443, used for multi-cluster traffic. Starting in 1.12, rate limits will also be enforced
for traffic going through that port. This could be a breaking change for some applications, and can be turned off by applying the following overlay in the
ControlPlane resource in the application clusters
spec:
components:
xcp:
kubeSpec:
overlays:
- apiVersion: install.xcp.tetrate.io/v1alpha1
kind: EdgeXcp
name: edge-xcp
patches:
- path: spec.components.edgeServer.kubeSpec.deployment.env[-1]
value:
name: DISABLE_RATE_LIMIT_PORT_15443
value: "true" - The built-in roles have been updated to include permissions to manage configuration profiles.
- Segmentation Membership objects now accept the FQN of Cluster objects in the
fqnSelector
field to create cluster-based policies. - Traffic settings in configuration profiles are now enforced exclusively through the new
inbound
andoutbound
fields, available in both thedefaults
andmandates
sections of a profile.
Upgrade notes
OAP Upgrade
OAP adds more attributes to metrics for querying and analysis. When upgrading, OAP can assure the compatibility between management plane and control plane. But within a cluster, OAP instances route and aggregate metrics from each other. So rolling an update in a cluster can cause replicas to temporarily stop aggregating metrics while they are running lower version and master version at the same time. This could output some predictable errors in the logs, like:
2025-02-20 10:18:21,922 - org.apache.skywalking.oap.server.core.remote.RemoteServiceHandler -44362 [grpc-default-executor-1] ERROR [] - Index 2 out of bounds for length 2
The OAP instances will recover aggregating metrics and stop printing the above logs when the upgrade is completed. Although this case is normal and predictable, if you want to avoid this, you can upgrade OAP by the following steps:
- Before upgrading, scale down the OAP replicas to 0.
- Recover OAP replicas after the deployment is upgraded.