VMware Tanzu Platform for Kubernetes Release Notes

These release notes give you information about new updates for Tanzu Platform for Kubernetes. For information about getting started with Tanzu Platform for Kubernetes and how to use it, see Creating and Managing Applications with Tanzu Platform for Kubernetes.

Important

On September 11, 2024, cloud services from VMware Tanzu transitioned away from VMware Cloud Services Console to the new Tanzu Platform cloud services console. You now access VMware Tanzu cloud services from https://console.tanzu.broadcom.com, using your existing credentials. See KB 374361 for information about the required actions to take, including updating Kubernetes collector configurations. See also Using VMware Tanzu Platform cloud services console.

Cluster types supported for life cycle management

Tanzu Platform for Kubernetes provides life cycle management of the following Kubernetes cluster types:

September 2024

What’s new

New and improved features include:

• You can forward local ports to remote application ports for debugging or troubleshooting purposes. For more information, see Forward local ports to applications.

• You can edit the parameters of a dynamically provisioned Bitnami service. For more information, see Creating, binding, and unbinding services.

• You now cannot bind the same application alias to a service more than once when you create or attach a service and in the form that opens when you click Bind to Application in the Service Details page.

• When you attach a service, you can now choose from a list of known types for binding connectors or enter your own type. The list is from Spring Boot Configuration.

• When you attach a service, in the Binding Details section, you might see a drop-down menu with suggested binding keys depending on the binding type you selected.

• The accepted service binding alias is now displayed in the Bound Applications section in the Service Details page.

• You can stop a running application in a Space and then manually start it again. For more information, see Stop and start applications.

• You can use the Tanzu Platform hub UI to create domain bindings, which connect a Space to domain. For more information, see Create and manage domain bindings.

• You can create egress targets for IPv4 addresses. For more information see Allow egress to an IP address.

• You can allow egress to all hosts on any port and protocol by creating a special allow-any EgressPoint resource. For more information, see Allow all egress traffic.

• You can create custom ContainerAppBuildPlans to add custom tasks to builds. For more information, see Add custom tasks to a build.

• You can bootstrap a GitOps Project repository by running a simple command. tanzu deploy can now deploy apps from separate source code repositories or GitOps repositories into a shared Space without deleting existing apps already deployed. For more information, see Manage resources in a GitOps Project.

Breaking Changes

• The spring-dev.tanzu.vmware.com and spring-prod.tanzu.vmware.com profiles now have horizontal-autoscaling.tanzu.vmware.com and health.spaces.tanzu.vmware.com as required capabilities. These capabilities are now part of the run cluster group by default, but you must add them to custom cluster groups that you create so that you can schedule Spaces instantiated from the spring-dev.tanzu.vmware.com or spring-prod.tanzu.vmware.com profiles.

• tanzu build no longer outputs a Secret resource containing configuration values for the app PackageInstall. Tanzu Platform now solely manages these values and such secrets are no longer expected to be deployed in Spaces. To avoid breaking already deployed apps built with an earlier tanzu build plug-in, the values in this Secret are removed if found within the Space.

  Download the latest plug-in and rebuild existing applications to avoid issues. You can still enforce default values for ContainerApps by using the ContainerApp specification properties. For more information, see Define application defaults.

Known issues

• Tanzu Platform for Kubernetes does not yet support lifecycle management of TKG Service version 3.2 clusters running in vSphere IaaS Control Plane in vSphere 8.0U3b. This includes clusters using TKr 1.31.1. Although you can upgrade an existing Supervisor to version 3.2 in Tanzu Platform, you cannot register a new Supervisor with Tanzu Platform if it is using version 3.2. If you upgrade a legacy Supervisor, you might encounter node pool update issues. Until this issue is resolved in Tanzu Platform, you should refrain from using TKG Service 3.2 clusters (including TKr 1.31.1).

• Tanzu Platform for Kubernetes and TKG versions that include an older version of the gateway-api package are incompatible. Specifically, any Tanzu Kubernetes release (TKr) that includes a version of gateway-api version v0.8.1 (e.g. v0.8.1+vmware.1-tkg.1-gateway-api) or below is incompatible with the multicloud-ingress.tanzu.vmware.com Capability and multicloud-ingress.tanzu.vmware.com Trait. TKrs that include gateway-api version v1.0.0 or greater, for example v1.0.0+vmware.1-tkg.2-gateway-api, are compatible.

  For TKG, gateway-api >= v1.0.0 should be included by default in version 2.5.1+. Example TKrs that include this package are:

  v1.27.15+vmware.1-tkg.2 or greater v1.28.8+vmware.1-tkg.1 or greater v1.29.3+vmware.1-tkg.1 or greater v1.30.0+vmware.3-tkg.1 or greater

• EKS clusters are not visible in the Availability Target in the UI immediately after a new EKS cluster is created if there are more than 5 clusters in the Availability target.

• Under certain circumstances, a DomainBinding object might not be fully removed.

  Workaround: Inspect your DNS provider to verify if the respective DNS records and HealthChecks are removed. After the records and HealthChecks are removed, you can remove the finalizer from the DomainBinding object.

  1. Run the following command.

     > kubectl edit domainbinding <resource_name>
     

  2. Remove the finalizer section.

Resolved issues

• Resolved an issue preventing an EKS cluster from being deleted from an Availability Target though it was deleted on Tanzu Platform and on AWS.

August 2024

What’s new

New and improved features include:

• You can cordon, drain, and uncordon a cluster from a given Space to enable maintenance activities on a cluster gracefully. For more information, see Cordon, drain, and uncordon a cluster.

• Cluster lifeycle management and Application Spaces are now supported on vSphere 7. For more information, see the supported cluster types above.

• Streamlined the worklow in the Tanzu Platform hub for creating and attaching services to applications within an Application Space. For more information, see Create, bind, and unbind services

• Creating a pre-provisioned service now provides the ability to create a network policy to allow network traffic for the service to egress the Space when the service is bound to an application. For more information, see how to create a service.

• Added the ability to manage egress rules with the Tanzu CLI. For more information, see Manage egress rules

• Added the ability to view logs from a deployed application using the tanzu app logs command.

• Beta You can create and bind a domain to a Space in Tanzu Platform using the hub or CLI. This simplifies the workflow for providing ingress to applications for DNS and TLS certificates. To understand the concept of “domain” within Tanzu Platform, see About network ingress. To explore this Beta feature, see Manage networking for information on how to create a domain and the corresponding DNS and certificate provider. This is a Beta feature. Do not use this feature with production workloads.

Resolved issues

• Resolved an issue preventing a renamed project from being replicated through all components of Tanzu Platform.

• Resolved an issue prevent logs from properly being displayed for a deployed application within the Tanzu Platform hub.

July 2024

What’s new

New and improved features include:

• You can now dynamically create and bind Cassandra, Neo4j, and Valkey services to ContainerApps using the Tanzu CLI or UI. For more information, see Bind backing services to your application.

• You can restart a running application in a Space. For more information, see Restart applications.

• You can add, edit, and delete binding connectors for attached pre-provisioned services. For more information, see Creating, binding, and unbinding services.

• The term “replica” was replaced with “instances” when referring to the number of instances of a given application or Space as seen in the Tanzu CLI or the UI.

• Support was added for Kubernetes 1.30 for AWS EKS, TKGs workload clusters, and attached clusters.

Resolved issues

• PackageInstalls and Traits that reference packages from the Tanzu-provided PackageRepository have version constraints updated to >0.0.0, unless a range is already set by using the > or < symbols.

  This change is required to transition to the new versions of the packages from the Tanzu-provided PackageRepository and to avoid any issues caused by the absence of packages with the previously specified versions.

• Resolved an issue preventing the binding of services from working in the Tanzu Platform UI by correcting the apiVersion of the service in the ServiceBinding.

• Resolved an issue that prevented label creation or updates to a cluster, after initial creation, from being evaluated for Availability Target inclusion.

Breaking Changes

• The egress Trait was removed from the Tanzu-provided networking.tanzu.vmware.com Profile to facilitate future enhancements. Do not use the Profile as is. Instead, use the Profile as a template for creating a customized profile.

  You can opt in to these changes later by removing the egress Trait from the custom Profile and, instead, defining network policies directly on the Space. For more information, see Manage Egress Rules.

Known issues

• Adding an “any” egress rule to a Space does not permit any traffic to egress a Space. To allow a Space to egress any traffic, you can use the egress Trait with a policy of open.

• Logs for an application deployed to a Space are not displayed in the Tanzu Platform UI.

June 2024

What’s new

New and improved features include:

• Life cycle management support for Tanzu Kubernetes Grid service clusters running in vSphere with Tanzu. You can now use Tanzu Platform for Kubernetes to connect to a Supervisor in vSphere with Tanzu and manage the full life cycle of its workload clusters.

• You can see the scheduling status of your Spaces in Tanzu Platform hub. For more information, see Monitor Space readiness.

• You can scale an application by managing the number of application instances of the deployed application and increasing or decreasing the CPU and memory for each application instance. For more information, see Scale applications.

• You can manage egress rules on a per Space basis rather than at the Profile level to enable more granular control of egress rules. For more information, see Manage egress rules.

• You can create, bind, unbind, and delete services in Tanzu Platform hub. For more information, see Creating, binding, and unbinding services.

• You can Promote resources from builds and between Spaces.

• You can add and override environment variables for an application at runtime and handle sensitive data. For more information, see Configure secret runtime environment variables.

• You can delete a deployed application from a Space.

• Added support for VMware vSphere v8.0 Update 3.

Resolved issues

• Resolved an issue that prevented the ACME Protocol from being with the cert-manager Capability.

Known issues

• When using Tanzu Platform hub to install a Capability to a cluster group, the Capability is pinned to a specific version. This causes the Capability to fail to install when Tanzu Platform for Kubernetes is updated and can cause Spaces to become unschedulable.

  Workaround: See Removing pinned Capability version for custom cluster groups.

• In Tanzu Platform hub, binding a service to an application or a deployment, by using the create service flow Application Spaces > Spaces > Services > Create Service or by clicking Add Service Binding on the Service Details page, does not work. This is because the apiVersion of the service in the ServiceBinding resource is wrongly set.

  Workaround: You can bind a service to an application or a deployment through the Tanzu CLI. See Bind backing services to your application.

Breaking Changes

• The Egress Capability has been removed as a dependency of the TCS package. You must now explicitly add the Egress Capability as a Capability on a cluster group.

  This was added to the Tanzu provided run cluster group as part of the release. However, you must add the Egress Capability to user-created cluster groups to ensure that Spaces requiring the Egress Capability can be scheduled. For more information about how to add a Capability to a user-created cluster group, see Add capabilities to the cluster group for your run environments.

May 2024

What’s new

This is the first release of VMware Tanzu Platform for Kubernetes. For information about getting started and how to use Tanzu Platform for Kubernetes, see Creating and Managing Applications with Tanzu Platform for Kubernetes.

Known issues

• An organization is currently limited to a maximum of 40 projects created within it.

• The telemetry data of an application deployed to a space might experience lag that results in network topologies and related Kubernetes resource not being displayed in the Tanzu Platform for Kubernetes hub deployed applications

• You might see duplicate cluster entries on the Kubernetes Management page under Setup & Configuration. This issue stems from duplicate cluster entries in the Tanzu Platform database, one record from Tanzu cluster life cycle management, and another from inventory that Tanzu Platform retrieved from your cloud account. You can safely ignore these duplicate cluster entries and their associated status. To manage your Kubernetes clusters, navigate to Infrastructure > Kubernetes Clusters.

• When an EKS life cycle management credential is in the created or validating state and you request for it to be deleted, the credential starts being deleted (status: deleting) but is unable to complete and return to the previous state. To avoid this situation, wait to delete a credential until after it becomes validated. Validation typically takes only a few minutes.

• The cross-cluster Capability can prevent ingress routing from working correctly and must not be included in a Profile because any application deployed to a Space will not be accessible.

• When you request to delete a Space, if the Space controller cannot clean up the GSLB DNS records, it retries the cleanup operation for several minutes. During this time, the Space appears to take longer than usual to delete.

  This might indicate an issue with your AWS GSLB Credential or associated IAM policies. After several minutes, the Space controller stops retrying the cleanup and deletes the Space resources from Tanzu Platform. When this happens, check the Route53 zone originally used by that Space for any left over records and manually clean them up.

Breaking changes

In the latest release of VMware Tanzu Platform for Kubernetes, the FluxCD Source Controller and FluxCD Helm Controller capabilities have been updated to use FluxCD v2.3. As a result, all related capabilities now have updated API groups and versions:

• HelmRelease - from helm.toolkit.fluxcd.io/v2beta1 to helm.toolkit.fluxcd.io/v2
• HelmChart - from source.toolkit.fluxcd.io/v1beta2 to source.toolkit.fluxcd.io/v1
• HelmRepository - from source.toolkit.fluxcd.io/v1beta2 to source.toolkit.fluxcd.io/v1