First Published: December 13, 2018

Introduction

Cisco Container Platform is a fully curated, lightweight container management platform for production-grade environments, powered by Kubernetes, and delivered with Cisco enterprise-class support. It reduces the complexity of configuring, deploying, securing, scaling, and managing containers using automation along with Cisco's best practices for security and networking. Cisco Container Platform is built with an open architecture using open source components.

Features

Feature

Description

Kubernetes Lifecycle Management

Enables you to deploy Kubernetes clusters, add or removed nodes, and upgrade Kubernetes clusters to latest versions.

Persistent Storage

Allows you to persist data for containerized applications between upgrades and updates through HyperFlex storage driver.

Monitoring and Logging

Provides dashboards, alerts, and indexing to monitor resource usage and behavior of platform components through Elasticsearch, Fluentd, and Kibana (EFK) stack and Prometheus.

Container Networking

Provides container to container and container to non-containerized application layers communication with security policies.

Load Balancing

Offers software Ingress load balancing through NGINX and node port functionality of Kubernetes for containerized applications.

Role Based Access Control

Integrates with Active Directory and offers permission-based rules.

Revision History

Release

Date

Description

1.0

May 22, 2018

First release

1.0.1

May 25, 2018

Updated the Fixed Issuesand Know Issues sections

1.1.0

June 29, 2018

Added the What's New and Upgrading Cisco Container Platform sections

Updated the Fixed Issuesand Know Issues sections

1.4.0

July 31, 2018

Updated the What's New, Fixed Issues, and Known Issues sections

1.4.1

August 6, 2018

Added the Fixed Issues, 1.4.1 section

1.5.0

September 6, 2018

Updated the What's New, Fixed Issues, and Known Issues sections

2.0.1

October 15, 2018

Updated the What's New, Fixed Issues, and Known Issues sections

2.1.0

November 1, 2018

Updated the What's New, Fixed Issues, and Known Issues sections

2.1.1

December 6, 2018

Added the Fixed Issues, 2.1.1 section

2.2.2

December 13, 2018

Updated the What's New, Fixed Issues, and Known Issues sections

System Requirements

  • The Cisco Container Platform Installer OVA

  • The latest two versions of the tenant OVA

  • A vCenter cluster with High Availability (HA) and Distributed Resource Scheduler (DRS) enabled

  • A DHCP server that provides IP addresses to the Cisco Container Platform VMs

  • A vCenter datastore that is mounted on all the ESX hosts in the cluster

  • Cisco Container Platform control plane VMs needs to have network access to vCenter appliance API

  • Cisco Container Platform 1.3.0 and later requires hypervisor hosts to be running CPUs with an Ivy Bridge or newer microarchitecture.

What's New

  • Fixed IP address is used for the Ingress LoadBalancer

    The installation and upgrade scenarios require two static IP addresses for the Control Plane, namely, for the Kubernetes master VIP and for the Ingress LoadBalancer.

  • API component is upgraded to address the security fix

  • Management of AWS EKS tenant Kubernetes cluster is supported

  • IAM auth is integrated with vSphere clusters

  • Network configuration step is added to the installer

    The network configuration step enables you to create the Control Plane and tenant network during installation. A master virtual IP address is not required.

  • URL of Cisco Container Platform web interface is changed

  • Enhanced the Cisco Container Platform web interface:

    • Features

      • Remove master VIP from install wizard

    • Bugfixes

      • Update summary, details, and labels for AWS IAM Role ARNs

      • Update network details to use NetworkModal

      • Fix the invalid form validation case

    • Enhancements

      • Allow networks to be created in dev mode

      • Update labels for CNI choices

    • Styling

      • Include styling fixes for the top navigation bar during narrow page width

    • Refactoring

      • Rename EKS 'config' to 'provider'

    • i18n

      • Fix bug with JS locale pathname

      • Add base support for i18n

Installing Cisco Container Platform

For step by step instructions on installing Cisco Container Platform, refer to the Cisco Container Platform Installation Guide.

Upgrading Cisco Container Platform

  • Upgrading Cisco Container Platform is supported from the 1.0.0 release for deployments using Calico or ACI for CNI.

  • If an existing deployment uses Contiv for CNI, then upgrades to the 2.2.2 version is not supported.

Fixed Issues

  • Patched the authentication token security fix

  • Patched CVE-2018-1002105 by upgrading to Kubernetes 1.10.11 and 1.11.5.

  • Fixed time synchronization issue on nodes

  • Cisco Container Platform web interface bug fixes

  • NTP settings

  • Rebooting the Cisco Container Platform installer enables you to retry a failed Cisco Container Platform installation.

Known Issues

  • After an upgrade, the control plane web interface URL is a combination of the master node virtual IP address and the port number. But, for a new control plane instance, the URL to its web interface is a fixed IP address.

  • Cisco Container Platform must use a Kubernetes 1.10 or 1.11 image that is associated with this release. Older versions of the tenant base image are not supported.

  • ACI tenant cluster does not work with a link-local interface with Kubernetes 1.11.3.

  • You can use only the latest two versions of the tenant image that are associated with the current release. Use of older versions of the tenant image is not supported.

  • You will get errors when you scale up tenant clusters or add new node pools to clusters that were created using an older version of Cisco Container Platform.

    Workaround

    You must upgrade Cisco Container Platform before attempting to scale up tenant clusters or add new node pools.

  • Kubernetes 1.11.3 API server has a known memory leak issue

  • When using HyperFlex as the dynamic provisioner, mounting volumes may fail with the following error message:

    MountVolume.SetUp failed for volume "xxxxx" : mount command failed, status: Failed to mount volume xxxxx, reason:

    Workaround

    1. Restart the scvmclient on the esx server using the following command:

      /etc/init.d/scvmclient restart

    2. Ensure that the status is running.

  • Contiv as the CNI for tenant clusters is only supported as Tech Preview, and upgrading to a newer version of Cisco Container Platform is not supported.

  • In an ACI environment, the link to a tenant cluster Kubernetes Dashboard from the Cisco Container Platform dashboard is not supported. To view the tenant cluster in the Kubernetes Dashboard, you need to obtain the Ingress IP of external IP address using kubectl get svc.

  • The Cisco Container Platform web interface displays links to external pages such as Smart Licensing. You cannot launch these pages if you do not have access to them.

  • Virtual IP address is not released when cluster creation fails.

  • In a Contiv deployment, you should not use matchExpressions for a NetworkPolicy.

  • In a Contiv deployment, network policy does not work with the hostnetwork pod.

  • In a Contiv deployment, various networks are used internally by Contiv, and communication to IP addresses outside the cluster is blocked if there is an overlap.

  • In a Calico deployment:

    • The network policy matching on labels will not block hostnetwork access to pods or services.

    • Host IP change may impact pod networking. To resolve the issue, you need to restart the Calico pods.

  • istioctl is not installed when you enable Istio. You can follow the Cisco Container Platform documentation to install istioctl.

  • When upgrading Istio from the 0.8 version to the 1.0 version, the backend services stop responding and you need to manually restart them.

  • A master VIP is required for a tenant cluster upgrade. Creating tenant clusters using an API without specifying a master VIP has a risk of corrupting the tenant cluster during tenant cluster upgrades.

  • When you upgrade tenant clusters the Prometheus and EFK components are purged before installing the new versions. If you want to save history, a manual backup and migration is required before a tenant cluster upgrade.

  • After an upgrade, the Cisco Container Platform web interface port may be different from the previous version.

  • Taking a snapshot of the VMs managed by Cisco Container Platform is currently unsupported and results in failures during upgrades.

  • ACI deployments are only supported in online mode.

  • ACI deployments do not support Kubernetes security context.

Viewing Open and Resolved Bugs

The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool enables you to access the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. You can search for bugs using bug IDs or keywords.

Before you begin

Ensure that you have a Cisco username and password to log in to the Cisco Bug Search Tool. If you do not have a Cisco username and password, you can register for an account.

Procedure

Step 1

Log in to the Cisco Bug Search Tool with your Cisco username and password.

Step 2

To search for a specific bug, enter the bug ID in the Search For field and press the Enter key.

Step 3

To search for the bugs that belong to the current release, enter Cisco Container Platform 2.2.1 in the Search For field, and then press the Enter key.

Note 

  • Once the search results are displayed, you can use the Filter options to easily find the bugs that are of interest to you.

  • You can search for bugs by status, severity, modified date, and so on.

Step 4

To export the results to a spreadsheet, click the Export Results to Excel link.

For more information on the Cisco Bug Search Tool, refer to http://www.cisco.com/web/applicat/cbsshelp/help.html.

Related Documentation

The following table lists the documents available for the Cisco Container Platform 2.2.2 release.

Document

Description

Cisco Container Platform Installation Guide

Describes installing Cisco Container Platform on your deployment environment.

Cisco Container Platform User Guide

Describes administering and managing Kubernetes clusters, and deploying applications on them.

Cisco Container Platform API Guide

Describes the Cisco Container Platform APIs.

These documents are available on cisco.com.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation.

What’s New in Cisco Product Documentation lists all new and revised Cisco technical documentation. You can subscribe to it, and receive free RSS feed service directly to your desktop using a reader application.