2.0
Kubernetes support has landed! You can now manage the deployment of applications atop Kubernetes clusters using the familiar Portainer UX. This release is a big one & introduces a total of 101 changes to Portainer, meaning it needs to be tested in your environment before upgrading your production instances of Portainer 1.xx to Portainer 2.0.
NOTE: There are a number of breaking changes, and changes to functionality that require analysis, specifically a re-engineering of the application templates feature, removal of support for VMWare VIC, and removal of support for externally defined endpoints.
IF YOU ARE RUNNING A "HISTORIC" VERSION OF PORTAINER (IE OLDER AND 1.23.X) PLEASE EITHER FIRST UPGRADE TO 1.24.1 AND/OR BACKUP YOUR PORTAINER.DB FILE BEFORE ATTEMPTING TO UPGRADE TO CE 2.0; THERE ARE REPORTED ISSUES OF DB CORRUPTION WHEN ATTEMPTING TO UPGRADE FROM SUCH AND OLD VERSION TO LATEST IN ONE STEP.
Breaking Changes:
- We have released CE 2.0 as
portainer/portainer-ce
to ensure auto-updaters (like watchtower) don't expose users to risks by automatically updating on release. - Extensions have now been removed; there is now no ability to use RBAC, Registry Manager, or External Authentication extensions in CE 2.0 (Extension customers will be communicated directly with a free license for the upcoming Portainer Business Edition). EXTENSION USERS, DO NOT UPGRADE TO PORTAINER CE 2.0
- Port 8000 is now exposed by default. Reverse proxy configurations that don't specify a port for the load balancer will now likely need to do so: #3963
- The
--no-auth
flag was removed as part of support for setting a custom timeout: #3846 - Support for external endpoints has been removed along with the
--external-endpoints
flag. WARNING: migrating to this version with external endpoints defined will render them un-manageable: #3832 - Support for VIC environments has been removed: #3834
- The
--no-snapshot
flag has been removed, instances migrating with this flag will revert to default snapshot interval: #3804 - Host jobs are now an edge-exclusive feature: #3745
- The
--no-analytics
flag will be kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect. - Changed templates syntax to support versioning, a migration tool can be found here for your convenience: #3708
- The
--sync-interval
flag was removed as part of the removal of external endpoints: #3832 - Removed template management features & the
--templates-file
flag. NOTE: Users will no longer be able to create container templates via UI: #3707
Security:
- Enforced the security setting "disable the use of bind mounts" when set via API: #4106
- Disabled Container Capabilities for non-admins: #4105
- Enforce use of TLS 1.2 and recommended ciphers: #4070
- Prevent non-admin users from running containers using the host namespace PID: #4068
- Added a setting to disable the creation of stacks by non-admin users: #4067
- Added a setting to disable device mapping by non admin users: #4066
- Ensure users cannot create privileged containers via the API: #4065
- Disabled ability for a regular user to re-create/edit/duplicate containers if a related security setting is enabled: #4069
Kubernetes:
- Introduce support for Kubernetes: #1637
- Added the ability to apply taints and labels to nodes: #4005
- Added the ability to expose an application via ingress: #4004
- Added the ability to set placement constraints/preferences when deploying/editing an application: #4003
- Added the ability to set the auto-scale policy of an application: #4002
- Added the ability to use existing volumes when creating an application: #4001
- Added the ability to download application/stack logs: #3998
- Added support for multi-container pod applications: #4010
- Added a link to the kubernetes endpoint configuration in the sidebar: #4179
- Added checks when reducing the Quota assigned to a RP: #4144
- Added form validation for placement constraints: #4213
- Enhanced the used by column for volumes: #4012
- Allow an administrator user to see which node the API is running on: #3996
- Allow an administrator user to see which node hosts the leader components for
kube-scheduler
andkube-controller-manager
: #3995 - Allow an administrator user to see the status of the underlying cluster components: #3992
- Allow any user to see the provisioner associated to any volume: #3997
- Allow any user to inspect the tolerations and affinities associated to an application deployed inside or outside of Portainer: #3994
- Allow any user to see the underlying workload associated to an application: #3993
- Allow any user to see how an application (deployed inside or outside of Portainer) is exposed through an Ingress resource: #3991
- Allow any user to inspect the auto-scaling policy (if any) associated to an application deployed inside or outside of Portainer.: #3989
- Allow any user to see which application is using a volume directly in the volume list view: #3988
- Allow any user to list all the storage used in their cluster with the total size used for each storage.: #3999
- Prevent resource assignment when editing a resource pool, if not permitted at creation time: #4206
- Prevent admins from making changes to "system" namespaces: #4145
- Prevent deployment/editing of resources inside a system namespace: #4000
- Prevent submitting invalid data via environment variables: #4045
- Fixed port mapping not showing in the port mapping datatable: #3990
- Fixed enabling auto-scaling policy on an application so as to default to the current instance count: #4183
- Fixed LDAP Auth not working with underscore Usernames: #4141
- Removed the kubernetes RC banner: #4204
Analytics:
- Replaced Google Analytics with our own custom telemetry leveraging Matomo: #3742
After careful consideration of GDPR rules and the GDPR compliance recommendations provided by Matomo (the telemetry tool we are using for analytics) it was determined we will use the opt-out data collection mechanism. The reason for this assessment is that we are not collecting ANY personally identifiable data (all data is anonymized), and the data we collect is solely for our Legitimate business interests, and is not sold or provided to any 3rd parties.
For the sake of clarity, we do not collect ANY user identifiable or personal information at any time, all statistics collected are anonymous and we have no way of identifying the Portainer instances reporting, nor the users using the application.
PLEASE ALSO NOTE: The --no-analytics
flag will be kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.
For more information, please refer to our updated privacy policy
Authentication & UAC:
- Integrated the external authentication extension: #4150
- Ensure a unique identifier for volumes and UAC: #3869
- Add the ability to set a custom user session timeout: #3846
- Allow setting access on gitlab registries when there are multiple defined: #3839
- Remove the code snippet associated to authentication login retry: #3516
Home & Dashboard:
- Fixed error thrown when moving from app templates view to home view & endpoints not loaded: #4228
- Fixed endpoint tags not being shown in the dashboard: #4218
Templates:
- Add support for custom templates: #3861
Routes
- Added a parent route
/docker/
to docker routes: #4178 - Add the ability to access different endpoints via Portainer URL: #454
Azure ACI:
- Always allocate a Public IP for containers deployed via ACI: #4040
- Provide a simple ACI container instance details view: #3960
- Expose the public IP associated to an ACI container: #3959
Stacks:
- Added the ability to stop & start stacks: #1639
Services:
- Added the ability to edit a service's networks: #1807
Networks:
- Fix MacVLAN IP address exclusion: #3918
- Support excluding multiple IP addresses for a MacVLAN network: #3954
Edge:
- Add a new CLI flag to automatically enable Edge compute features: #3915
- Add the ability to override the Edge endpoint checking interval at the endpoint level: #3843
- Hide the URL associated to Edge endpoints in the endpoint list: #3637
Extensions:
Containers:
- Added default/override UX for Entrypoint & CMD, updated placeholder for CMD and added support for specifying entrypoint via CMD: #3604, #4018, #2284
- Fixed issue when recreating a container that was previously on the bridge with mapped ports, and changing the network to container: #2316
- Fixed issue with resetting container resource limits to unlimited: #2679
- Fixed issue with adding extra hosts: #3237
- Support publishing the same ports/port ranges on multiple IP addresses: #3523
UX:
- Update the endpoint initialization view to only show local Docker/Kubernetes and agent options: #4014
- Changed the "about" page from being static content, to a sidebar menu option that redirects to our official help/about page: #4254
- Fixed improper grammar in Create Container, Create Stack, Create Edge Stack views: #4160
- Fixed sizing of checkboxes to correctly match their icon: #3971
- Ignore protocol and trailing slash when entered in registry URLs: #3965
- Auto-select the username field on the login view: #3953
- Renamed security settings to Docker security settings: #4198
- Make node label inputs wide to support larger values: #3214
- Sort volumes alphabetically: #3635
- Use correct icons for Containers and Volumes: #3596
- Add missing
s
to the command copied by the edge endpointcopy command
button: #3880
Users
- Prevent the removal of the original administrator user: #3882
- Add the ability to change the username of a user: #3831
Cookies:
- Replaced cookie usage with localstorage: #4064
Dockerfile:
- Introduce workaround to support running develop build on Windows platform: #4043
Agent:
- Automatically detect the platform where an agent is running: #4129