Puppet Application Manager 1.44.1 Release
Puppet Product Updates
Hi All,
We have released updates to the Puppet Application Manager used by Puppet Comply and Continuous Delivery for PE. These bring:
Certificate auto-rotation for standalone architecture. Certificates are now automatically rotated for the Kubernetes API and Puppet Application Manager UI in the standalone architecture. With this change, certificate auto-rotation is now supported in all Puppet Application Manager architectures.
Rook upgrades. This version includes an upgrade of Rook in the high availability architecture to 1.5.11 and the version of Rook in the legacy architecture to 1.0.4-14.2.21. These upgrades address a vulnerability in Ceph components (CVE-2021-20288).
Important: Users of the legacy architecture must perform an additional manual step after upgrading Puppet Application Manager to remediate the CVE. On any primary node, run:
kubectl -n rook-ceph exec deploy/rook-ceph-operator -- ceph config set mon auth_allow_insecure_global_id_reclaim false
Prometheus upgrade. This version includes an upgrade of Prometheus in the high availability and legacy architectures to 0.48.1. Additionally, Prometheus’ disk usage is now limited in order to preserve the storage space required for the usage and storage charts on the Application tab.
The version of runC has been upgraded to v1.0.0-rc95 to address CVE-2021-30465. When upgrading, you'll need to provide the 'force-reapply-addons' option (as in 'curl <url> | bash -s force-reapply-addons').
For the full list of changes, check out the release notes:
https://puppet.com/docs/continuous-delivery/4.x/pam/pam-release-notes.html
Continuous Delivery for PE documentation:
https://puppet.com/docs/continuous-delivery/4.x/cd-pam-index.html
Puppet Comply documentation: