AMPLIFY Runtime Services Release Notes


Amplify Runtime Services is deprecated and will be discontinued effective September 1, 2022.

AMPLIFY Runtime Services 2.0.0 - 31 January, 2020

This release of AMPLIFY Runtime Services 2.0.0 is a major release, which includes improvements and bug fixes.

As of this release, ARS 1.x will not be supported one calendar year from ARS 2.0.0's release date (2020-01-31). See Axway Appcelerator Deprecation Policy and Nominal Lifetimes documents for details.

Improvements

  • Implemented a Stratus sanity check test on Kubernetes.
  • Fixed a deployment status issue. 
  • Updated to address registry web UI limitations.
  • Optimized deployment configuration for required services.
  • Moved the Stratus Docker build to a Jenkins CI job.
  • Improved the AMPLIFY Cloud Services (acs)  accesslog command for use with Kubernetes to get logs on each request to the customer app endpoint.
  • Optimized container point allocation across the publication, removal, and backend data management across customer's K8S clusters.
  • Pushed all ISTIO related Docker images to the private Docker registry.
  • Switched to certificate number random generator for increased security. 
  • Corrected the AMPLIFY Runtime Services (ARS) messages displayed during customer application deployment.
  • Improved and tested the network file system (NFS) resource exhaustion response.
  • Added Secure Sockets Layer (SSL) termination for app applications.
  • Added the AMPLIFY Cloud Services (acs) crt command for use with Kubernetes to allow an app developer to upload an application certificate.
  • Improved the AMPLIFY Cloud Services (acs) download command for use with Kubernetes to allow users to download the app source file only for source code direct deployment.
  • Improved the AMPLIFY Cloud Services (acs) server command to enable updating of app size and resource quota management. 
  • Deployed FileBeat as the log forwarder for customer applications.
  • Added improved status messaging for application publication. 
  • Reviewed the AMPLIFY Runtime Services (ARS) Kubernetes unit tests and the ACS node tests.
  • Updated the cluster naming convention and applied the updates to the Jenkins pipeline.
  • Fixed an issue associated to Kubernetes auto scaling when removing applications.
  • Added a daily snapshot of the MongoDB Elastic Block Store (EBS).
  • Enabled object versioning on Amazon S3 Buckets for data retention.
  • Disabled HTTP access to Amazon S3 Buckets for increased security.
  • Enabled the AMPLIFY Runtime Services (ARS) cluster usage display.
  • Improved the AMPLIFY Cloud Services (acs) list command to use with Kubernetes.
  • Implemented helm upgrades to update Stratus.
  • Added a monitoring system for cluster, add-on services, system service, and customer applications.
  • Implemented logs forwarding AMPLIFY Runtime Services (ARS) logs, add-on services logs, and dependencies services logs to TechOps.
  • Updated Kubernetes to Version 1.10.11 to resolve a security vulnerability.
  • Updated the Dockerfile base image to alpine 3.8.
  • Augmented the serverid hash processing to ensure proper placement of concatenation parsing. 
  • Improved the AMPLIFY Cloud Services (acs) command.
  • Improved pre-migration cluster testing and the Domain Name System (DNS) switch by parameterizing the Elastic Load Balancer (ELB) for the admin endpoint in the Node acs tests pipeline.
  • Limited application names to alpha numeric characters with 20 character maximum length.
  • Configured the MongoDB nodes to run in a single Availability Zone when auto scaling.
  • Augmented cluster removal automation.
  • Added cluster and container name field to all log messages.
  • Fixed a security issue in the handlebars NPM package.
  • Updated Jenkins configuration to only build Docker images if Stratus changes have occurred in the commit.
  • Added the ability to run the Docker registry and authentication as an internal service using the Kubernetes Domain Name System (DNS) to resolve authentication requests.
  • Implemented AMPLIFY Applications in Dolphin testing once cluster setup and API Runtime System implementation is completed.

Additional improvements

  • Configured both the Elastic Load Balancer (ELB) and NGINX to use Proxy Protocol.
  • Enabled Amazon S3 default encryption and blocking public access.
  • Made the Elasticsearch (ELK) Kubernetes API endpoint private.
  • Added an EKS cluster setup post check.
  • Improved a parameter tagging process to integrate AGO tags.
  • Updated the internal process associated with migrating AMPLIFY Runtime Services (ARS) from Docker Swarm to Kubernetes.
  • Updated the AMPLIFY Runtime Services (ARS) custom configuration to enable configuring email notifications during the initial deployment.
  • Updated the AMPLIFY Runtime Services (ARS) custom configuration to enable configuring the PEM server during the initial deployment.
  • Resolved the Lighthouse Core Application publication issue.
  • Fixed issues with the Stratus Unitary Test.
  • Improved automated cluster deletion to provide alerts when certain components require manual removal.
  • Updated imagePullPolicy to Always for Stratus/admin.
  • Resolved the AMPLIFY Cloud Services (acs) CRT failing issue.
  • Fixed an issue encountered when installing node package manager dependencies for AppDynamics libraries. 
  • Disabled the active default Istio-Sidecar in AMPLIFY Runtime Services (ARS) for Admin VPC to optimize resource consumption. 
  • Updated the deployment to deploy the application onto a dedicated group of nodes.
  • Added a default TLS secret for tenant ingress.
  • Added using Amazon Web Services credentials in Jenkins.
  • Added support for existing AWS Identity and Access Management (IAM) roles.
  • Fixed the Elasticsearch (EKS) cluster Amazon S3 bucket deployment issue associated with hard coded Amazon S3 bucket name. 
  • Added cluster sanity checks into the automated deployment pipeline process.
  • Configured the MongoDB replication set to dedicate a primary node.
  • Enabled a rolling update capability for applications.
  • Added a stress testing feature as part of application publication.
  • Fixed the processing error when parsing the server id for log processing.
  • Setup AMPLIFY Runtime Services for the staging environment.
  • Improved customer application deployment status information.
  • Applied a prefix or suffix to the deployment configuration parameters in Jenkins to avoid duplication.
  • Resolved a Mongo node restart issue associated with cross zone node deployments. 
  • Enabled sending tenant logs to Elasticsearch (ELK).
  • Made the AMPLIFY Runtime Services (ARS) base setup image private.
  • Resolved an AMPLIFY Runtime Services (ARS) deployment failure issue associated with a missing image.
  • Updated the AMI pipeline to the Appcelerator Jenkins.
  • Added an option to the AMPLIFY Cloud Services (ACS) CLI allowing the client to set whitelist IPs.
  • Added S3 as backend storage for the internal registry.
  • Setup an automatic deployment comparison check for Stratus. 
  • Added the functionality to restart the entire set of pods by the AMPLIFY Cloud Services (acs) CLI instead of one by one.
  • Deployed required AMPLIFY Runtime Services (ARS) system services to dedicated AMPLIFY Runtime Services (ARS) nodes.
  • Enabled the Condor integration to store the app debug log.
  • Fixed the issue with writing host and port information in the .acs file for the node-acs-test test.
  • Added a Services Resource usage performance test addon.
  • Added Node AutoScaling performance tests.
  • Added Twistlock to AMPLIFY Runtime Services (ARS) security checks.
  • Added IriusRisk to implement threat modeling.
  • Implemented Access and Build logs to Condor forwarding.
  • Enabled Cert-Manager to renew expired and invalid certifications.
  • Added an App Spider scan to the staging environment pipeline.
  • Added a Nexuses security scan to the Pipeline.
  • Added Thread Modeling with IriusRisk for AMPLIFY Runtime Services (ARS).
  • Added a unitary test for every Cron job.
  • Added usage and access log analytic events to the PEM server.
  • Enabled the PEM inserter in the AMPLIFY Runtime Service pre-prod environment.
  • Added PEM events the appc-billing application in staging.
  • Configured the default port to 8080 inside the container and service so API Builder can publish to AMPLIFY Runtime Services (ARS). 
  • Created a pipeline for deploying AMPLIFY Runtime Services (ARS) on Amazon Elastic Container Service for Kubernetes.
  • Created and updated scripts to deploy AMPLIFY Runtime Services (ARS) on Amazon Elastic Container Service for Kubernetes.
  • Ran an AMPLIFY Runtime Services (ARS) application's Kubernetes container as non-root user.
  • Enable the AMPLIFY Cloud Services (ACS) accesslog to reflect the public ip, which is particularly important for GKE users.
  • Resolved an AMPLIFY Cloud Services (ACS) accesslog issue by restarting fluent-transit.
  • Added a separate database host for the Arrow database in the admin.json file.
  • Moved the nodes that are in the Elasticsearch (EKS) cluster from public to private subnets.
  • Made security enhancements to address risks identified from IriusRisk. 
  • Set the maximum number of connections that may be accepted from a given IP each second.

    Set the default limit of apps in an organization to 100. 
    • Set admin to 10.

    • Set registry to 200.

    • Set registry-auth to 200.

  • Removed a redundant environment variable listing.
  • Added a manual AMPLIFY Runtime Services (ARS) quotas check.
  • Made the Elasticsearch (EKS) cluster name configurable.
  • Resolved the issue with the Docker registry secret being displayed in the Stratus log.
  • Added cluster autoscaler support to all nodegroups.
  • Replaced creating MongoDB as required and made it optional instead, along with adding parameters to specify an existing MongoDB cluster. 
  • Investigated and resolved the AMPLIFY Cloud Services (ACS) test issue.
  • Added deployment memory monitoring.
  • Augmented AMPLIFY Cloud Services (acs) list command to allow listing of all Kubernetes services within an organization. 

Fixed issues

  • Addressed an issue associated with handling application names with underscore(_) in the name. 
  • Resolved an application publication issue.
  • Resolved the application server minimum size issue.
  • Resolved the publication failure issue when publishing applications from source code.
  • Updated the node library to resolve security issues.
  • Resolved the issue with AMPLIFY Runtime Services (ARS) not working as expected after a pipeline deployment. Updated the pipeline deployment process to use correct labels for locating the mongo-init-db pod.
  • Fixed the tenant ingress controller issue.
  • Resolved the issue with the MaxLarge size container missing from the array of allowed container sizes.
  • Fixed the volume deployment issue.
  • Resolved the deployment initialization failure.
  • Resolved the job deletion errors.
  • Resolved the AMPLIFY Runtime Services (ARS) API log file information exposure issue.
  • Augmented encryption support for sensitive data.
  • Enabled backup and recovery features for sensitive information. 

  • Ensured that sensitive information is not displayed in any error output messages.
  • Initiated proper access control to prevent unauthorized access.
  • Improved security related events logging such as failed login attempts.
  • Resolved the issue with the improper control of the file name for include and require statements.
  • Resolved the security issue with input validation.
  • Enabled control over attribute modification.
  • Enabled the encryption of sensitive MongoDB data.
  • Added authentication to critical function access. 
  • Updated Dolphin on the arrow-cloud-kubernetes 2.0.0 branch.
  • Resolved the AMPLIFY Runtime Services (ARS) application access over HTTPS issues.
  • Resolved the TLS certification update issue.
  • Updated the automated notifications associated with deployments. 
  • Added checks for loglist and accesslogs per_page option value to make sure it is an integer, otherwise an error is returned.
  • Resolved application publication errors.
  • Made the duration value numeric for PEM consumption. 
  • Removed the redundant accesslog output time unit and trimmed the time unit before sending the event to PEM.

  • Added backward compatibility by supporting both Kubernetes and Docker Swarm naming conventions.
  • Resolved the issue associated with empty acs usage metric from the metric server.
  • Updated the metrics server from 0.2.1 to 0.3.2 to use nanocores as CPU usage units in 0.3.2.
  • Updated to pass the Node version on the Jenkins application builder.
  • Resolved the error associated with issuing default certificates for apps with no certificates. 
  • Fixed an issue in domain matching that prevented adding certificates which didn't have Subject Alternative Names (SANs).
  • Resolved the AMPLIFY Runtime Services (ARS) API log file information exposure issue.
  • Encrypted sensitive data at rest with Amazon Web Services' Key Management Service.
  • Sensitive data is versioned.
  • Ensured that sensitive information is not displayed in any error output messages.
  • Implemented application and network rate limiting.
  • Limited the number of accounts with privileges to modify or delete audit log files.
  • Verified the integrity of the logging system.
  • Enabled user actions detailed logging.
  • Enabled the logging and rejection all data validation failures.
  • Enabled a synchronized time source.
  • Added backend TLS connection failures logging.
  • Updated to use a library that is not known to be susceptible to Remote File Inclusion (RFI) vulnerabilities.
  • Added input parameters validation to prevent HTTP parameter pollution.
  • Enabled white-listing support for variable value assignments. 
  • Enabled encryption of sensitive MongoDB data at rest.
  • Added authentication requirement logic to access restricted data.
  • Resolved the issue with per_page log list timestamp for lastLogTime. Updated to handle lastLogTime in milliseconds.
  • Resolved the quota update issue for the AMPLIFY Runtime Services (ARS) Kubernetes clusters.
  • Included success or failure notices in the Cluster deployment notification email.
  • Fixed the quota update issues.
  • Resolved the ingress object update error associated with deactivated apps.
  • Resolved AGO production issues with AMPLIFY Runtime Services 2.0.0.
  • Fixed the container point quota bug across clusters within the same org.

Recent Releases

Related Links