Release Notes - kdb Insights Enterprise 1.3.1
Release for kdb Insights Enterprise.
Release Date
2022-11-23
Security
[FIX] kdb Insights Enterprise 1.3.1 contains security updates for a number of critical CVEs
Streams and Reliable Transport
[FIX] An issue which could cause RT archiving to fail has been fixed.
Artifacts
| type | location |
|---|---|
| Infrastructure | kxi-terraform-1.3.0.tgz |
| Platform | insights-1.3.1.tgz |
| Operator | kxi-operator-1.3.1.tgz |
| CLI | kxicli-1.3.0-py3-none-any.whl |
| ODBC Driver | kodbc 1.3.0 |
| Java SDK | java-sdk 1.3.0 |
Upgrade notes
Upgrading assemblies
When upgrading kdb Insights Enterprise, assemblies deployed from the UI in earlier versions will be restarted but will not be automatically upgraded. To upgrade these assemblies, please restart them from the UI post-upgrade.
Keycloak Config CLI
It is recommended to enable the Keycloak Config CLI when upgrading to ensure that any realm changes are imported.
This can be enabled by setting:
keycloak:
keycloakConfigCli:
enabled: true
in your values file if you are deploying Keycloak as a part of kdb Insights Enterprise.
If you use a shared Keycloak instance, this can be enabled by setting:
keycloak-config-cli:
enabled: true
in your values file.
Keycloak initUser password reset
Enabling the Keycloak Config CLI will cause the initUser's password to be reset. It will be reset to the value of the keycloak.initUser.auth key.
Default password policy
As of 1.3.0 a default password policy is now being enforced.
The default policy is:
- At least one uppercase letter
- At least one lowercase letter
- At least one symbol
- At least one number
- Minimum length of 14 characters or greater
Information about how the policy can be configured and adjusted can be found here
If you are upgrading from an earlier version, and want the default password policy to be applied, the keycloak config CLI must be enabled.
Keycloak initUser
The Keycloak initUser password must satisfy the policy if it is enabled
Default Keycloak Credentials
As of 1.3.0 the Keycloak initUser and initClient credentials are no longer defaulted within the kdb Insights Enterprise values.yaml. These defaults would previously create the demoinsights user and test-publisher client on a new deployment of kdb Insights Enterprise.
Users who currently set initUser.enabled=true or initClient.enabled=true within their own values.yaml may receive the following errors at deploy time:
Keycloak initUser has been enabled
The following fields are required to be set
.Values.keycloak.initUser.name
.Values.keycloak.initUser.auth
Keycloak initClient has been enabled
The following fields are required to be set
.Values.keycloak.initClient.clientId
.Values.keycloak.initClient.clientSecret
If enabling the initUser you are required to set:
keycloak:
initUser:
enabled: true
name: "initUsername"
auth: "initUserPassword"
initUser.auth must satisfy the policy requirements.
If enabling the initClient you are required to set:
keycloak:
initClient:
enabled: true
clientId: "initClientID"
clientSecret: "initClientSecret"
Internal Network LoadBalancers
As of 1.3.0 by default annotations are added to Service resources of type LoadBalancer.
These annotations restrict access to the LoadBalancers from outside the cluster.
To disable these annotations and permit access from outside the cluster, the user is required to set:
global:
service:
useInternalLBAnnotations: false
For additional configuration options see here
Assembly blockSize changed
The blockSize configuration within an assembly spec.tables.<table>.blockSize has been updated with the following semantics:
- if unset: all data received in an interval will be buffered in RAM within SM, written down at the end of the interval
- this has the highest performance, but has no RAM limit on received data
- if set: once a table's rows surpass the configured limit, buffered data will be flushed to disk to release RAM
- the smaller this number is set to, the worse ingest performance but stronger RAM limits - this should be balanced
Previously, blockSize was ignored, always buffering all data in memory. To reproduce previous behaviour, unset the blockSize field in the assembly for each table.
Known Issues
-
On startup of pods, the following error might be observed once roughly after three minutes of a pod starting up
no acct for 3x period, exiting. This stems from a temporary startup job not shutting down correctly. It's independent from the main processes and doesn't indicate any application fault. -
On initial startup of kdb Insights Enterprise, there may be some noise printed in the logs while the system initialises
unable to flush accounting logs. This relates to the capturing of consumption-based license logs and is thrown while all pods get into a running state. It does not indicate any fault in the application and all data should be flushed correctly after a short period.
- Setting SM replicas (defining
sizegreater than 1) in assembly YAML will cause writedown/storage and query problems. Thesizeparameter for SM should always be set to 1.
sm:
size: 1
- If the cluster and/or resource configuration for the
kxi-discovery-serviceis limited, a race condition can occur at startup causing the Discovery Service to be in a crash/restart loop. This can be solved by giving the Discovery Service additional CPU and memory resources; full details on setting custom resources can be found here
- Upon upgrade or downgrade, the API Gateway containers may enter a CrashLoopBackOff state. Resources can be reapplied by performing a 'rollback' to the upgraded version. Get the upgraded version by looking at the output from:
helm ls
'Rollback' (re-apply resources) to the upgraded version:
helm rollback <release name> <current revision>
There are two known issues with the UI logout.
- After performing a logout action, the user will not be redirected back to the login screen.
- In the case a user was logged out due to inactivity, a "Logout failed" error might be observed
In both of these cases, the logout has been successful and the user can re-login by navigating back to the main page, i.e. https://${INSIGHTS_HOSTNAME}
Backward Compatibility
Please see the release notes for kdb Insights Enterprise 1.1.0 and kdb Insights Enterprise 1.2.0 if you're upgrading from versions earlier than 1.1.0 or 1.2.0, for notes about