github psviderski/uncloud v0.16.0
on GitHub

5 hours ago

This is a smaller release focused on reliability improvements, with a new WireGuard network inspection command and expanded Compose spec support for container capabilities and sysctls.

✨ Highlights

WireGuard network inspection

PR: #161. Thanks to @jabr for the contribution ❤️

The new uc wg show command displays the WireGuard network configuration for a machine, including the interface details and all configured peers. This is useful for debugging network connectivity issues and understanding the mesh topology.

Use the -m/--machine flag to inspect the configuration of a specific machine in the cluster or the global --connect user@host flag to inspect the machine that has issues connecting to the cluster. 

uc wg show
uc wg show -m machine-1
uc wg show --connect user@host

Kernel capabilities and sysctls support

PRs: #238, #239. Thanks to @loonks for the contribution ❤️

You can now use cap_add, cap_drop, and sysctls attribute in your Compose files to add or remove Linux capabilities and configure kernel parameters for service containers. This allows fine-grained control over container privileges and behaviour. 

services:
  app:
    image: myapp
    cap_drop:
      - ALL
    cap_add:
      - NET_ADMIN
    sysctls:
      net.core.somaxconn: 65535
      net.ipv4.tcp_syncookies: 1

Improved cluster initialisation reliability

Machine initialisation and joining with uc machine init/add have been made more reliable that fixed WireGuard peer misconfiguration for machines joining the cluster:

  • The daemon now waits for the initial Corrosion state sync and cluster components before serving gRPC requests
  • uc machine init and uc machine add commands wait for cluster readiness
  • gRPC auto-retries with exponential backoff for transient connection failures (up to ~8 seconds)

Note

You have to upgrade both the local uc CLI and the Uncloud daemon on all your current machines to v0.16.0 to benefit from this improvement.

Other improvements

  • Added --yes flag to uc machine init/add to auto-confirm machine reset
  • Added ctx conn alias for uc ctx connection command
  • Reduced gRPC connection timeout to proxied machines from 20s to 10s
  • Machine state file is now saved atomically to prevent corruption
  • Config mounts are now creating non-existent parent directories (#233)

Upgrade to 0.16.0

Uncloud CLI locally

To upgrade the Uncloud CLI (uc) locally: 

# Homebrew (macOS, Linux)
brew upgrade uncloud

# Install script (macOS, Linux)
curl -fsS https://get.uncloud.run/install.sh | sh

Machine daemon

To upgrade the Uncloud daemon on your machines, run the following commands on each machine: 

# AMD64
curl -fsSL -o uncloudd.tar.gz https://github.com/psviderski/uncloud/releases/download/v0.16.0/uncloudd_linux_amd64.tar.gz
# ARM64
# curl -fsSL -o uncloudd.tar.gz https://github.com/psviderski/uncloud/releases/download/v0.16.0/uncloudd_linux_arm64.tar.gz
tar -xf uncloudd.tar.gz
sudo install uncloudd /usr/local/bin/uncloudd
rm uncloudd uncloudd.tar.gz
sudo systemctl restart uncloud

Changelog

  • 878f96a Revert "build: Generate CLI docs in GHA"
  • 9efaab2 build: Generate CLI docs in GHA
  • 5e0d4d0 build: Generate CLI docs in GHA (#236)
  • 33a3683 chore: Regenerate CLI docs
  • 85a2615 chore: add 'ctx conn' alias for 'ctx connection' command
  • 5acf557 chore: add --yes flag to 'uc machine init/add' to auto-confirm machine reset
  • 777615b chore: add TODO to remove extra checks after upgrading clusters to perform store sync
  • 4d97c30 chore: enable gRPC auto retries for transient Unavailable failures up to ~8s
  • 76affeb chore: minor formatting for 'wg show' command, enrich Unimplemented error with >=0.16 requirement
  • fc84709 chore: new InspectMachine gRPC method that to return store DB version (lamport time)
  • 4366714 chore: pass current store DB version when adding new machine to cluster
  • f86e63c chore: reduce the default gRPC connection timeout to proxied machines 20->10s
  • bac34eb chore: save machine state file atomically
  • 5308c87 chore: update 'uc machine init/add' to wait for cluster readiness, confirm caddy deployment on added machine
  • 9bd5ffc chore: update ucind cluster to wait for initial store sync and cluster readiness
  • f6cf731 chore: wait for FailedPrecondition in addition to Unavailable for backward compatibility
  • 8d8acd5 chore: wait for the initial store sync and cluster components before serving cluster gRPC requests
  • a945291 feat: Add uc wg show command to inspect a machine's uncloud wireguard network (#161)
  • 6c2f85d feat: add support for cap_add and cap_drop compose keys (#238)
  • 06c3fba feat: add support for sysctls compose key (#239)
  • 2c34ba7 fix(configs): Create non-existent parent directories automatically (#233)
  • 9a1d2e0 fix: Equals and Clone for configs (#235)
  • b2322e1 fix: WireGuard peers misconfiguration on joined machine by waiting for the initial store sync
  • aa71ab0 fix: e2e caddy test after changing the config header
  • 4be1ea3 fix: machine name for failed machines in 'uc ps'
  • d2a7af7 fix: uncloud daemon crash when listing partially replicated container records
  • 65e9cdd refactor: use WaitGroup.Go to replace wg.Add(1)/go/wg.Done() boilerplate (#222)
Check out latest releases or
releases around psviderski/uncloud v0.16.0

Don't miss a new uncloud release

NewReleases is sending notifications on new releases.

Get notifications