vSphere Integrated Containers Appliance v1.5.2
What's in the Release Notes
- Download
- Installation and Upgrade
- Using vSphere Integrated Containers
- Changes
- Known Issues
- Open Source Components
Download
Official vSphere Integrated Containers release: http://www.vmware.com/go/download-vic
Open-source vSphere Integrated Containers project download location: https://storage.googleapis.com/vic-product-ova-releases/vic-v1.5.2-7206-92ebfaf5.ova
File size: 2468853760
SHA256 checksum: d200d6d928d22041aac447f1070a7a6f712beb7cf84c4300b9a428ab003cf3ea
SHA1 checksum: 85a1ae2a3a8a19cf1c75f2f44960cbef1028560b
MD5 checksum: 09d355c36b4f7699e8a497c559689e65
This OVA contains the following component versions:
Appliance: https://github.com/vmware/vic-product/archive/v1.5.2.zip
Engine: https://github.com/vmware/vic/archive/v1.5.2.zip
Harbor: https://github.com/goharbor/harbor/archive/v1.7.4.zip
Admiral: https://github.com/vmware/admiral/archive/vic_v1.5.2.zip
Plug-In: https://github.com/vmware/vic-ui/archive/v1.5.2.zip
Installation and Upgrade
- For instructions about how to deploy the vSphere Integrated Containers appliance, see Deploy the vSphere Integrated Containers Appliance.
- For instructions about how to upgrade an existing vSphere Integrated Containers appliance, see Upgrade the vSphere Integrated Containers Appliance.
Using vSphere Integrated Containers
For more details on using vSphere Integrated Containers see the end user documentation at https://vmware.github.io/vic-product/#documentation.
- Overview of vSphere Integrated Containers
- vSphere Integrated Containers for vSphere Administrators
- vSphere Integrated Containers Management Portal Administration
- Using vSphere Integrated Containers as a DevOps Administrator, Developer, or Viewer
- Developing Applications with vSphere Integrated Containers
Changes
Full list of changes from 1.5.1.
New Features
vSphere Integrated Containers 1.5.2 includes the following new features:
- New option to set subnet masks on user-defined bridge networks. Read more
- New option to limit the number of container VMs that a VCH can host. Read more
Enhancements
vSphere Integrated Containers 1.5.2 includes the following enhancements:
- Setting the client network gateway is optional in the Create VCH wizard. Read more
Resolved Issues
-
Fixes an issue that caused upgrading from 1.5.0 to 1.5.1 to fail.
-
Updates the version of
runc
in the vSphere Integrated Containers OVA appliance, to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host. The version ofrunc
in thedch-photon
image on Docker Hub has also been updated. For more information, see CVE-2019-5736.IMPORTANT: vSphere Integrated Containers virtual container host (VCH) endpoint VMs are not vulnerable to the privilege escalation described in CVE-2019-5736. This issue affected the OVA appliance because it uses a standard container engine to run the vSphere Integrated Containers services. The
dch-photon
image includes a standard Docker Engine. Container VMs that you deploy by using vSphere Integrated Containers VCHs are not vulnerable to therunc
vulnerability.
See also the resolved issues for each of the vSphere Integrated Containers components:
- vSphere Integrated Containers Engine
- vSphere Integrated Containers Management Portal
- vSphere Integrated Containers Registry
- vSphere Integrated Containers Plug-In for vSphere Client
Known Issues
vSphere Integrated Containers appliance 1.5.2 has the same known issues as v1.5.1.
View all
-
Appliance upgrade script does not support FQDN addresses for the old appliance #1731
When you run the script to upgrade the vSphere Integrated Containers appliance, the script prompts you for the FQDN or IP address of the old version of the appliance. However, the script only supports IP addresses for the appliance, and does not support FQDN addresses. You can use FQDN for vCenter Server addresses. -
Appliance services are not available if accessed through NAT or a reverse proxy. #1172
The Getting Started page of the appliance includes links to the services running on the appliance. These links are constructed assuming that users connect to the appliance by using its IP or FQDN, and that it is not hidden behind NAT or a reverse proxy.Workaround: Add the FDQN by which the appliance identifies itself to the
/etc/hosts
file of the client machine, pointing to the translated IP address that the client sees. -
vSphere Client shows warnings when you attempt legitimate operations on the appliance VM. #1184
If you attempt to perform operations on the appliance VM, for example migrate it, move it to a new folder, or restart it, you see a warning that the the VM is managed bySolution vSphere Integrated Containers-H5Client.
Workaround: Ignore the warnings and click Yes to proceed with the operation.
See also the known issues for each of the vSphere Integrated Containers components:
- vSphere Integrated Containers Engine
- vSphere Integrated Containers Management Portal
- vSphere Integrated Containers Registry
- vSphere Integrated Containers Plug-In for vSphere Client
Open Source Components
The copyright statements and licenses applicable to the open source software components distributed in vSphere Integrated Containers are available in the LICENSE file.