Self-driving infrastructure for your containers


Tectonic Enterprise is regularly released, containing new features, bug fixes, and software updates. For existing clusters, review the Upgrading Tectonic guide.

Documentation is versioned along with each release. Each set is maintained on this site and can be accessed by using the dropdown on the main documentation page.

Release Date: June 8, 2017
Kubernetes: 1.6.4

Core Components

  • Updates to Kubernetes v1.6.4.
  • Updates to Terraform v0.9.6 (fixes some instances of terraform destroy not working).
  • Many components run as "nobody" instead of root.
  • An option has been added to disable the creation of private zones.
  • All resources are now tagged in AWS with the cluster id.
  • A minimal IAM policy has been created.


  • Updates to Console v1.6.3
  • CPU usage graphs now display usage instead of limits.
  • Can now Create Role Bindings and many other supported resources.

Tectonic Channel Operator

  • Updates to Channel Operator v0.3.4
  • Requires signed payloads using the default CoreOS key.
  • No longer creates components upon upgrade when they did not previously exist.

Tectonic Installer Container

Upgrade Notes - Important

Upgrading to Tectonic 1.6.4 requires that all nodes are running "Container Linux by CoreOS 1353.8.0 (Ladybug)" or greater. To inspect the Container Linux version on all nodes run:

kubectl get nodes -o wide

If any nodes are running older versions a reboot may resolve the issue.

The v1.6.4 upgrade will fail if this condition is not met with an error of the format, 'Updates are not possible : Upgrade is not supported: X of Y nodes' OS version are lower than the minimum required version "1353.8.0"'

If this error occurs,

  1. Ensure that all nodes meet the minimum version requirements (see above).
  2. Remove the "failureStatus" field and its children from the ThirdPartyResource using the following command:

kubectl edit appversion/tectonic-cluster -n tectonic-system

  1. Retry the upgrade from the Tectonic Console.

Release Date: May 10, 2017
Kubernetes: 1.6.2

Tectonic now uses Terraform for cluster installation. This supports greater customization of environments, enables scripted installs and generally makes it easier to manage the lifecycle of multiple clusters.

  • Switches provisioning methods on AWS & Bare-Metal to Terraform exclusively.
  • Adds support for customizing the Tectonic infrastructure via Terraform.
  • Introduces experimental support for self-hosted etcd using its operator, and associated UI.
  • Adds Container Linux Update Operator(CLUO).
  • Updates to Kubernetes v1.6.2.
  • Updates to bootkube v0.4.2.
  • GUI Installer with Terraform on AWS and bare-metal.
  • Segregates control-plane / user workloads to master / worker nodes respectively.
  • API server-to-etcd communication is secured over TLS.
  • Removes locksmithd, etcd-gateway.
  • Enables audit-logs for the API Server.
  • Removes final manual installation step of copying over assets folder.


Role-based Access Control screens have been redesigned to make it easier to securely grant access to your clusters.

  • Updates to Console v1.5.2.
  • Adds binding name column to Role Bindings list pages
  • Adds role binding name to fields searched by text filter
  • Adds RBAC YAML editor
  • Adds etcd cluster management pages


  • Updates to Dex v2.4.1.
  • Adds support for login through SAML and GitHub Enterprise.

Bug Fixes

  • Fixes an issue where new nodes started automatically by auto-scalers would start with an outdated version of kubelet.

Release Date: May 4, 2017
Kubernetes: 1.5.7

Core Components

  • Updates to Kubernetes v1.5.7
  • Updates to Dex v2.4.1

Release Date: April 14, 2017
Kubernetes: 1.5.6

Core Components

  • Updates to Kubernetes v1.5.6


  • Updates to Console v1.3.1
    • Update links to commerce domain to use
    • Converts namespaces 3 pane view into separate list and details pages
    • Various bug fixes


  • Upgrades bootkube to v0.3.13
  • UI persists state across refreshes. (No more progress files.)
  • Various UI bug fixes

Release Date: March 30, 2017
Kubernetes: 1.5.5

Core Components

  • Updates to Dex v2.3.0
  • The Tectonic ingress controller can now easily be used by non-Tectonic applications (AWS, bare-metal)
  • Clusters can now span a subset of AZs within a region (AWS)


  • Various fixes for using the installer on Windows
  • Cluster asset bundles include a variable file for the experimental Terraform installer (AWS)


  • Updates to Console v1.2.1
    • Adds the ability to view and edit resource annotations
    • Redirect to resource overview page after creating a resource with YAML editor
    • Adds more resource types to Events page filter dropdown
    • Various bug fixes

Release Date: March 22, 2017
Kubernetes: 1.5.5

Core Components

  • Updates to Kubernetes v1.5.5

Release Date: March 14, 2017
Kubernetes: 1.5.4

Core Components

  • Updates to Kubernetes v1.5.4
  • Updates to Console v1.1.1
  • Upgrade bootkube to v0.3.11


  • Improved validation of AWS credentials
  • Support for multi-controller and multi-etcd on bare metal and AWS
  • Remove step requiring users to scp to a controller


  • Support in-place, push-button upgrade from 1.5.3-tectonic.1 in Tectonic Console
  • Displays CA Cert expiration on Cluster Settings page
  • Adds 'View Logs' button for the Operators updates
  • Keeps highlighted sidebar link visible when navigating between pages
  • Improves performance of events stream
  • Fixes overflowing text for labels
  • Fixes animations on events page

Release Date: March 2, 2017
Kubernetes: 1.5.3

Core Components

  • Updates to Kubernetes v1.5.3
  • Updates to Dex v2.2.4
  • Updates to Console v1.0.3


  • Kubernetes pod CIDR and service CIDR can be customized


  • New VPCs can be created with a custom CIDR
  • Allow creation of Tectonic with multi-node etcd
  • Fixed AWS cloudformation size issue preventing use in some regions
  • Added tags to all created AWS resources
  • Removed, internal clusters use host DNS resolver

Bare metal

  • Fixed external etcd check preventing Installer from continuing


  • Displays node selectors and provides an editing modal
  • Improves Kubernetes and Tectonic channel statuses and error messages
  • New and improved Access Denied screens with relevant messages
  • Improvements to the side nav, edit menus, and labels
  • Fixes pod selector modal for services and replication controllers and removes it for jobs

Known Issues

  • Installer custom network validation: Advance validation of custom AWS VPC configurations, as well as custom VPC, subnet, and pod network CIDR ranges, is limited in this release. Take care when setting VPC and network configuration in Tectonic Installer: Configuration errors, range conflicts, or component ommissions can potentially escape detection until the last step of the the install process.

Release Date: February 16, 2017
Kubernetes: 1.5.2

Core Components

  • Update bootcfg and coreos-baremetal to matchbox (bare-metal)
  • Update from etcd2 to etcd3 (bare-metal and AWS)
  • Allow external etcd cluster to be specified (bare-metal and AWS)
  • Installer usability improvements and messaging fixes
  • Add new metrics to tectonic-stats-emitter


  • Allow controller subnets to be configured (AWS)
  • Add support for internal clusters with internal ELBs and private IPs, accessed by VPN (AWS)
  • Deploy a separate etcd and controller node (AWS only)


  • Object 'Create' pages in YAML editor
  • Fixes for sidebar applying active highlight to multiple links
  • Fixes collapsing of side nav headers
  • Improves small screen list display for Config Maps and Secrets
  • Completed migration from Angular to React

Release Date: January 25, 2017
Kubernetes: 1.5.2

Core Components

  • Upgrades Kubernetes to v1.5.2
  • Upgrades Dex to v2.1.0
  • Supports creating clusters in existing VPCs
  • Tectonic Installer usability improvements (follow logs, subnet validations, warnings for long SOA ttls, etc)
  • Switches from cloud-config to Ignition user-data provisioning


  • Enables detailed monitoring of AWS controller nodes which was disabled
  • Ingress redirects from HTTP to HTTPS for Tectonic identity and console
  • Fixes issue where kubelet version file was re-written on reboot of AWS nodes


  • Fixes pod label selector to work with commas
  • Fixes "Cannot read property of null" errors on pod logs page
  • Fixes redirects after deleting a resource

Release Date: January 11, 2017
Kubernetes: 1.5.1

Core Components

  • Upgrade Kubernetes to v1.5.1
  • Upgrade Dex to v2.0.2
  • Upgrade Bootkube to v0.3.1


  • Use internal IPs for workers (private subnets)
  • Allow worker subnets to be customized (advanced)
  • Default the instances type to t2.medium
  • Add new regions: Canada and London


  • Add ability to set a node as Unschedulable
  • Add action menu to overview pages of all the objects
  • Surfaces additional details on node details page
  • Add a minimal YAML editor


  • Run bootkube bootstrap as a daemonized service to avoid SSH hangups
  • Improve port number and SSH key validation during the installation process

Release Date: December 21, 2016
Kubernetes: 1.4.7


  • Add Multi Availability Zone (multi-AZ) support for worker auto-scale groups (AWS).
  • Adds support for Security Token Service (AWS).
  • Fixes custom CA support.
  • Upgrades Kubernetes to 1.4.7.
  • Upgrades Dex to 2.0.0.


  • Fixed memory leak.
  • Exposed support for LDAP integration with Dex.

Release Date: December 9, 2016
Kubernetes: 1.4.5

Tectonic is now free for installations up to 10 nodes.


  • Allow users to select from Container Linux stable, beta, or alpha (AWS).
  • Provide push-button creation of KMS keys on behalf of users (AWS).
  • Usability improvements and bug fixes (bare-metal and AWS).


  • Added support for Ingress objects.
  • Can now view license details from within the console.
  • Expose console on port 443. Previously NodePort 32000 was used.

Ingress Controller

  • Ingress Controller exposed via a dedicated ELB on AWS.
  • Ingress Controller exposed via host ports on bare-metal.
  • Updates and health check fixes.

Operators (experimental)

  • Experimental operators for the Kubernetes control plane can optionally be enabled during install.
  • Tectonic Console can trigger an upgrade attempt.


  • CoreOS collects data about your Tectonic cluster for billing purposes. See the data policy for details.

Other highlights

  • Many documentation improvements.
  • Bug fixes and security improvements.
  • Heapster updated to v1.2.0 for kubectl top support.

Release Date: November 18, 2016
Kubernetes: 1.4.5

New in this Release

  • Tectonic Identity has been updated to Dex v2.0.0-beta.2.
  • GUI Installer now supports AWS and bare-metal.
  • Ships with self-hosted Kubernetes (bare-metal and AWS).
  • Upgrades Kubernetes to v1.4.5.

Tectonic Console

  • Tectonic Console now includes RBAC management and the ability to edit Tectonic license.
  • A logout button has been added to the Tectonic Console.
  • Show readiness in pod listings.

Release Date: October 20, 2016
Kubernetes: 1.4.3

New in this Release

  • Ships with self-hosted Kubernetes (bare-metal installer)
  • Upgrades to Kubernetes v1.4.3 which fixes a critical security issue
  • Fixes self-hosted Kubernetes checkpointing
  • Usability improvements to the bare-metal installer
  • Tectonic Identity has been updated to Dex v2.0.0-alpha
  • Identity state is stored in Kubernetes third party resources
  • Streamlines components, removing postgres and manager dependencies

Release Date: October 5, 2016
Kubernetes: 1.3.7

New in this Release

  • Ships with self-hosted Kubernetes 1.3.7 (bare-metal installer only).
  • User-based authentication fully enabled by default.
  • RBAC authorization fully enabled by default.
  • Usability and stability improvements to the bare-metal GUI installer.

Tectonic Console

  • New node visualizations of Prometehus metrics: CPU, RAM, Network IO, Filesystem, & Pod counts.
  • View cluster RBAC policies.
  • Management of new Kubernetes objects: ConfigMaps, Secrets, Jobs, Horizontal Pod Autoscalers, Service Accounts.
  • Can now run behind proxy.
  • Various layout and bug fixes.

Release Date: August 10, 2016
Kubernetes: 1.3.0

New Installer

This release features a new graphical installation tool which simplifies the process of bootstrapping and launching bare metal clusters (alpha) that includes Kubernetes and additional Tectonic services.

Cluster Software

The default installation now includes:

  • Prometheus and Grafana
  • Kubernetes 1.3.0

Tectonic Console

  • Enhanced user management
  • New look and redesigned navigation
  • Various other enhancements and bug fixes

Release Date: June 8, 2016
Kubernetes: 1.2.3

Tectonic Console

  • Fixed issue with editing env variables for replication controllers
  • Fixed issue with creating/updating replica-sets/deployments when selector is empty
  • Fixed issue with deleting replica-sets/deployments

Release Date: June 8, 2016
Kubernetes: 1.2.3

Tectonic Console

  • Added support for Replica Sets
  • Added support for Deployments
  • Added support for Equality-based and Set-based label selectors
  • Added Heapster integration (namespace cpu/mem resource usage)
  • Added view of service port mappings
  • Added view of container command arguments

Release Date: April 15, 2016
Kubernetes: 1.2.0

Tectonic Console

  • Improved namespace support – users can now create, delete, and search for namespaces by label
  • Nodeport is now visible on Service detail screens
  • Fixed issues with search in Tectonic Console

Release Date: March 22, 2016
Kubernetes: 1.1.2

Tectonic Console

  • Fixes an issue with navigation after changing namespaces
  • Fixes an issue causing the "Create user" dialog not to show when requested
  • Fixes an issue preventing search for nodes by label
  • Change to search behavior — by default, an empty search now returns all resources rather than no resources

Release Date: March 11, 2016
Kubernetes: 1.1.2

Tectonic Console

A variety of design and layout fixes and improvements for Tectonic Console

Release Date: March 8, 2016
Kubernetes: 1.1.2


This release of tectonic fixes a bug introduced in v1.1.1 where the tectonic-manager would create invalid database entries.

Clients on v1.1.1 cannot upgrade without manually editing the database.

Release Date: March 3, 2016
Kubernetes: 1.1.2


New unified account features allow you to share a single Tectonic license and pull secret (coreos-pull-secret) across all of your software purchases. Be sure to download your newly formatted license and pull secret during the installation process, from

Release Date: December 31, 2015
Kubernetes: 1.1.2


  • Support for Kubernetes 1.1.2
  • Many bug fixes and refinements in Tectonic Identity
  • Refinements throughout Tectonic components, and formalization of the upgrade process

Release Date: December 21, 2015
Kubernetes: 1.1.2

Tectonic Console

  • Expose Tectonic and Kubernetes versions on the status console
  • Stream logs into the pod detail views
  • Timeout HTTP connections to authenticator if the connection fails

Release Date: November 3, 2015
Kubernetes: 1.0.6

This is the first General Availability release of Tectonic Enterprise, featuring an integrated suite of cluster tools and services:

Tectonic Console, a graphical user-interface that gives you a holistic view of your cluster

Tectonic Identity, providing cluster-wide SSO and identity services

CoreUpdate, automating behind-the-firewall software updates of Tectonic clusters CoreOS machines

Quay Enterprise, the most versatile and secure private container registry, running on the cluster

During our Tectonic Preview, many new features have been added and bugs have been identified and fixed. Thank you to our Preview customers for helping us make Tectonic robust, powerful, and stable.

Features and Fixes:

  • Fixed websocket operation under TLS
  • Improved overall user experience with multiple namespaces
  • Enhancements to the mobile Console experience
  • Docs: Created multiple platform and purpose deployment guides, including in-depth examination of kubernetes deployment on bare metal and the underlying networking