Tarmak 0.5 released

After the recent Kubernetes security vulnerability, it is time for some positive news again.

Three weeks ago we released Tarmak 0.5. Tarmak is a toolkit for Kubernetes cluster provisioning and management. This recent release has seen a lot of improvements and new features. We were pleased to be able to shorten the release cycle for 0.5 to three months, and we will be releasing regularly and maintaining this faster pace of development as we progress towards 1.0.

Tarmak 0.5 major new features

  • Compatibility with Kubernetes v1.12
  • Protection of EBS volumes
  • Encryption at rest
  • Plan / apply UX changes
  • Tarmak kubeconfig command
  • Etcd backups
  • Update to the default Kubernetes version
Runway

Compatibility with Kubernetes v1.12

We strive to support the latest available upstream Kubernetes version with Tarmak. We now officially support Kubernetes v1.12.

Protection of EBS volumes

We added this feature to make the chance of losing any of your valuable Kubernetes data even smaller. Hopefully you will never see this error, but if you do it will save all your data from deletion.

Encryption at rest

By default, Tarmak now stores all assets in S3 with encryption at rest activated. When you are upgrading from Tarmak 0.4, Tarmak will make sure the conversion happens.

Tarmak also now has support for encryption at rest of EBS volumes for the AWS instances in a cluster. This can be enabled with a parameter in the tarmak.yaml file.

At this moment it is only possible to activate encryption at rest when you set up a new cluster. Existing clusters cannot currently be converted to use encrypted volumes.

Plan / apply UX changes

In Tarmak we make extensive use of Terraform to set up all the cloud infrastructure for a fully working Kubernetes cluster. When running tarmak cluster plan or tarmak cluster apply, it’s now possible to input or output a Terraform (.tf) plan file, which will give you more control over changing infrastructure.

Runway

Tarmak kubeconfig command

We’ve added a new [kubeconfig]https://docs.tarmak.io/generated/cmd/tarmak/tarmak_kubeconfig.html)) command to the CLI to conveniently give you a kubeconfig file that can be used to connect to your Tarmak Kubernetes cluster. Tarmak will use the API server public endpoint if enabled in tarmak.yaml (see API Server). But if your Kubernetes API server is only accessible over the private network, Tarmak will set up a temporary SSH proxy. This allows you to talk to the Kubernetes API server from your workstation even when you don’t have it publicly exposed.

For example, you can use this Tarmak command together with export to get easy access to your cluster:

export $(tarmak kubeconfig)
kubectl get nodes

Etcd backups

Tarmak 0.5 takes automatic daily backups of etcd, and stores these snapshots encrypted in a S3 bucket. These backups can be used in case you have to restore your etcd cluster from scratch.

Bump default Kubernetes version

When you run the tarmak init command, Tarmak picks a default Kubernetes version for you. Just a couple of days after we released Tarmak 0.5, the Kubernetes vulnerability came out. We rapidly bumped the default Kubernetes version to v1.11.5 and released Tarmak 0.5.1. We did this to ensure new users can set up a secure and up-to-date Kubernetes cluster with just the default settings of Tarmak.

Besides these seven major new features, we have bundled Tarmak 0.5 with a lot of smaller features and bug fixes. Go checkout the full changelog. Download Tarmak 0.5.3 and give it a go.

We are looking forward to your feedback.

More Reading