Free cookie consent management tool by TermsFeed Appian Operator Release Notes [Appian on Kubernetes v0.140.1]
Appian Operator
Appian Operator Release Notes

Overview

This page documents the release notes for each version of the Appian operator that is released for self-managed customers.

Only the three most recent releases of the Appian operator are supported at any given time. Users should upgrade the operator frequently to stay up-to-date with bug and security fixes, especially since upgrading the operator neither requires upgrading installations of Appian on Kubernetes nor impacts their availability.

Release Notes

v0.140.1

Kubernetes Compatibility

We support Kubernetes versions 1.23-1.27 for this release.

New Features

This operator release supports Kubernetes version 1.27, and 1.21 and 1.22 are now deprecated.

Bug Fixes

  • CN-23177 - Low

    Upgraded golang.org/x/net to address CVE-2023-3978

  • CN-23257 - Low

    Fixed a bug where the operator would incorrectly attempt to update immutable job fields.

v0.137.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.26 for this release.

New Features

  • Appian on Kubernetes now supports MirrorMaker for Kafka mirroring in support of Cold Failover. Customers can now set the .spec.kafka.mirrorMakerListeners and .spec.mirrorMaker fields in their primary and backup Appian custom resources, respectively, to enable MirrorMaker. For more information, see Kafka / Zookeeper.

Bug Fixes

  • CN-22038 - Medium

    Fixed a bug where the operator would incorrectly set ingress path types to ImplementationSpecific instead of Prefix.

  • CN-22373 - Low

    Fixed a bug where additional labels (.spec.additionalLabels), which are mutable, were incorrectly applied to workload resources' pod selectors, which are immutable.

  • CN-22438 - Low

    Fixed a bug where the Migration Tool would allow migration to continue without checking for certain path customizations.

v0.136.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.26 for this release.

New Features

  • The operator now reconciles multiple Appian custom resources in parallel.
  • The operator now supports DNS Policy and DNS Config for all components. Customers that need to set the dnsPolicy and dnsConfig fields on pods created by the operator can set the new .spec.<COMPONENT>.dnsPolicy and .spec.<COMPONENT>.dnsConfig fields in their Appian custom resources.
  • The operator now supports custom annotations on pods. Customers that need pods to be created with specific annotations can set the new .spec.<COMPONENT>.podAnnotations fields in their Appian custom resources.
  • The operator now supports storing data source usernames in existing secrets. Customers that need to store data source usernames in secrets can do so and set the new .spec.webapp.dataSources.primary.usernameSecretKeyRef and .spec.webapp.dataSources.business[].usernameSecretKeyRef fields in their Appian custom resources.

Removals

  • Removed the validationQuery fields in v1alpha1 previously deprecated in v0.108.0.

Bug Fixes

  • CN-19943 - Low

    Fixed a bug where the operator would fail to update the status of Appian custom resources.

  • AN-205041 - Low

    Fixed a bug where the operator would incorrectly set Service Manager's termination grace period to 24 hours.

  • AN-234601 - Low

    Fixed a bug where Webapp pods would not terminate gracefully.

v0.133.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.26 for this release.

New Features

  • Make Service Manager shutdown job resources configurable for the shutdown pod via the new field .spec.serviceManager.shutdownin their Appian custom resources. The container no longer has CPU and memory requests and limits by default.

Bug Fixes

  • CN-12329 - Low

    Fixed a bug where /usr/local/appian/ae/_admin/validation was persisted.

  • CN-20588 - Low

    Fixed a bug where Zookeeper's network policy allowed traffic from Data Server and Webapp for newer versions of Appian.

v0.131.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.26 for this release.

New Features

  • Non-primary Webapp replicas now start in parallel.

v0.127.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.26 for this release.

New Features

  • The operator no longer caches objects it does not operate or own - making it more resource efficient - especially in large clusters.
  • The operator now supports Pod Priority for all components. Customers that need to set the priorityClassName field on pods created by the operator can set the new .spec.<COMPONENT>.priorityClassName fields in their Appian custom resources.
  • The operator now supports creating objects with custom, additional labels. Customers that need objects created by the operator, including pods, to be created with specific labels can set the new .spec.additionalLabels field in their Appian custom resources.

This operator release supports Kubernetes version 1.26.

Bug Fixes

  • CN-19728 - Low

    Upgraded golang.org/x/net to address CVE-2022-41723

  • CN-19466 - Medium

    Fixed a bug where default inter-pod anti-affinity was improperly configured for replicas of the execution and analytics engines.

v0.124.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.25 for this release.

New Features

  • The operator now allows configuring TLS ingress secrets in their cluster. Customers with a use case of handling their own ingress certificates can use the new field .spec.ingress.tls.

  • The Migration Tool now supports saving state with annotations during import. When import times out, it will now pick back up in the state that it timed out on.

  • Customers can now provide data source passwords by referencing an existing secret in .spec.webapp.dataSources.primary.passwordSecretKeyRef or .spec.webapp.dataSources.business[].passwordSecretKeyRef instead of configuring the password value directly. The old .spec.webapp.dataSources.primary.password and .spec.webapp.dataSources.business[].password values are now deprecated.

  • The operator now exposes Pod Disruption Budget support for all components. Currently the defaulting is for httpd to preserve existing behavior but this will eventually be removed, so customers wanting PDBs for httpd should explicitly set .spec.httpd.pdb.

Bug Fixes

  • CN-18488 - Low

    Upgraded golang.org/x/net to address CVE-2022-41717.

  • CN-18231 - Low

    Fixed a bug where Migration Tool export didn't work with UNC paths on Windows.

v0.120.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.25 for this release.

New Features

v0.118.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.25 for this release.

New Features

  • When shutting down sites running newer versions of Appian with .spec.version defined, the Appian operator now creates a single job to shutdown the Appian engines instead of a job per engine. This reduces the amount of resources required to shutdown the Appian engines.

  • The Migration Tool now reports estimated progress during export.

  • The Appian operator Helm chart now defines a NOTES.txt file with helpful post-install and post-upgrade information - including reminders to inject your certificate's CA bundle into the Appian custom resource definition (CRD) and upgrade the Appian CRD.

Bug Fixes

  • AN-210105 - Medium

    Fixed a bug where the Appian operator might not shutdown the Appian engines cleanly - resulting in transaction replays or possible data loss on the next startup. To benefit from this bug fix, you must upgrade Appian to the latest hotfix and set the .spec.version field in your Appian custom resources.

v0.117.0

Kubernetes Compatibility

We support Kubernetes versions 1.21-1.25 for this release.

New Features

  • Added version printer column to Appians resources. When running kubectl get appians in terminal, the Appian version is now printed if it was set in the Appian custom resource.

  • Updated all statefulset update strategies to OnDelete. From Kubernetes documentation: "When a StatefulSet's .spec.updateStrategy.type is set to OnDelete, the StatefulSet controller will not automatically update the Pods in a StatefulSet. Users must manually delete Pods to cause the controller to create new Pods that reflect modifications made to a StatefulSet's .spec.template."

  • Created a new field in the CRD for the Appian version in .spec.version. While the field is currently optional, we recommend customers start setting the field in their custom resources as the field will become required in the future. The operator will now understand the version of Appian a site is running on and in the future could perform different actions based on the version. If .spec.version is set, customers can omit the .spec.<component>.image.tag fields from their custom resources, as they will get automatically populated with the version.

This operator release supports Kubernetes version 1.25, and 1.19 and 1.20 are now deprecated.

Bug Fixes

  • CN-17607 - Medium

    Upgraded golang.org/x/text to v0.3.8+ to address CVE-2022-32149.

  • CN-17162 - Low

    Upgraded golang.org/x/net to address CVE-2022-27664.

v0.112.0

Kubernetes Compatibility

We support Kubernetes versions 1.19-1.24 for this release.

New Features

  • Updated the storage API version to be v1beta1 in the Appian CRD. This means that newly created or updated objects will be persisted using the new v1beta1 API version.

Upgrading the operator to the new version will cause Zookeeper, Kafka, and Webapp pods to roll.

Bug Fixes

  • AN-211296 - Medium

    Fixed a bug where /usr/local/appian/ae/zookeeper/config/tmp and /usr/local/appian/ae/kafka/config/tmp might not be writable.

  • CN-16866 - Low

    Upgraded github.com/emicklei/go-restful to v2.16.0 to address CVE-2022-1996.

  • CN-16612 / CN-16613 - Medium

    Fixed bugs in Zookeeper, Kafka, and Webapp probe configurations.

v0.108.0

Kubernetes Compatibility

We support Kubernetes versions 1.19-1.24 for this release.

New Features

  • Added conversion webhooks to allow for versioning of the Appian custom resource definition. This allows evolving the schema for Appian custom resources without breaking backward compatibility.
    • Webhook certificates are now required and externally managed. This enables customers to manage certificates in a wider variety of ways. Customers can still use cert-manager to handle their certificates if they were using it previously.

    Upgrading the operator to the new version will require manual action on the customer to either externally manage their own certificates or configure cert-manager to inject the CA bundle. Please refer to our documentation for more information prior to upgrading.

  • Added new API version v1beta1 to the Appian CRD. The following changes have been made in v1beta1:
    • Removed deprecated field .spec.webapp.dataSources.validationQuery. In order to configure a validation query in v1beta1, use the .spec.webapp.dataSources.attributes field.
    • .spec.webapp.url is now moved to .spec.url
  • Added support for replicas, pod disruption budgets, and horizontal pod autoscaling for the operator's webhooks.

  • In previous operator versions, the user had the responsibility of manually managing the Appian Data Server security token and Service Manager admin user credentials. Now the operator conveniently manages these internally. As a result of this change, if customers are creating custom resources without the Service Manager auth secret name, Service Manager will restart.
    • This also means that the following secret fields have now been deprecated.
      • .spec.dataServer.securityTokenSecretName
      • .spec.serviceManager.auth

Deprecations

The features listed below are deprecated and will be removed in future releases. Do not begin using deprecated features, and transition away from any prior usage of now deprecated features. Where applicable, supported alternatives are described for each deprecation.

  • The field .spec.webapp.dataSources.validationQuery in the CRD is now deprecated, use .spec.webapp.dataSources.attributes to configure a validation query instead.
  • The field .spec.webapp.url in the CRD is now deprecated, use .spec.url instead.
  • Secret fields previously exposed in the CRD .spec.dataServer.securityTokenSecretName and .spec.serviceManager.auth are now deprecated. The operator will take on the responsibility of managing the secrets.

Bug Fixes

  • CN-14295 - High

    Fixed a bug where Search Server custom properties would not be migrated.

  • CN-14913 - Critical

    Upgraded golang.org/x/crypto to address CVE-2022-27191 and removed tool dependencies from dependency tree.

  • CN-15615 - Critical

    Upgraded gopkg.in/yaml.v3 to address CVE-2022-28948.

  • CN-15280 - Medium

    Updated httpd's probes to monitor the mod_jk workers to make sure there is a good communication channel between httpd and Webapp.

v0.89.3

Kubernetes Compatibility

We support Kubernetes versions 1.19-1.24 for this release.

Bug Fixes

  • CN-14763 - Medium

    Fixed an issue where liveness probe initial delays and startup probe configurations were not configured correctly for small sites.

  • CN-14913 - Low

    Fixed an issue where tool dependencies were included in the Appian operator Docker image.

v0.89.1

Bug Fixes

  • CN-14204 - Low

    Fixed an issue where users were able to define duplicate values in set fields in Appian custom resources.

  • CN-14295 - Medium

    Fixed an issue where <APPIAN_HOME>/search-server/conf/custom.properties was not migrated by the Migration Tool.

Open in Github Built: Fri, Feb 23, 2024 (09:13:35 PM)

Appian Operator Release Notes

FEEDBACK