Release notes for kOps 1.19 series ¶

Significant changes ¶

Terraform users on AWS should read the Required Actions section below to avoid potential etcd data loss.

Specific to 1.19.0: containerd is blocked with kubenet, kopeio, gce and external networking modes. This will be addressed in 1.19.1; if you are using containerd with one of those networking modes we recommend waiting for that release. As docker is the default container runtime, if you have not explicitly opted in to containerd you are likely not affected. (As described in the deprecations section below, containerd is planned to be the default in 1.20).

Changes to kubernetes config export ¶

kOps will no longer automatically export user credentials on kops update cluster. In order to export user credentials on cluster update, you need to either add the --user <user> to reference an existing user block in kubeconfig, or --admin to export the cluster admin user. If neither flag is passed, the kubernetes user config will not be modified. This makes it easier to reuse user definitions across clusters should you, for example, use OIDC for authentication.

Similarly, kops export kubecfg will also require passing either the --admin or --user flag if the context does not already exist.

By default, the credentials of any exported admin user now have a lifetime of 18 hours. The lifetime of the exported credentials may be specified as a value of the --admin flag. To get the previous behavior, specify --admin=87600h to either kops update cluster or kops export kubecfg.

kops create cluster --yes exports the admin user along with rest of the cluster config, as was the previous behaviour (except for the 18-hour validity).

ARM64 support ¶

kOps will install ARM64 artifacts and containerd images when the instance group supports ARM64 for both machine type and OS image. At the moment this is known to work with AWS m6g, c6g, r6g and t4g instances, with the latest Ubuntu 20.04 OS images for ARM64.

OpenStack Cinder plugin ¶

kOps will install the Cinder plugin for kOps running kubernetes 1.16 or newer. If you already have this plugin installed you should remove it before upgrading.

If you already have a default StorageClass, you should set cloudConfig.Openstack.BlockStorage.CreateStorageClass: false to prevent kOps from installing one.

Other significant changes by kind ¶

General ¶

New clusters will now have one nodes group per zone. The number of nodes now defaults to the number of zones.
On AWS kOps now defaults to using launch templates instead of launch configurations.
There is now Alpha support for Hashicorp Vault as a store for secrets and keys. See the Vault state store docs.
The lifetimes of certificates used by various components have been substantially reduced. The certificates on a node will expire sometime between 455 and 485 days after the node's creation. The expiration times vary randomly so that nodes are likely to have their certs expire at different times than other nodes.
kOps now supports using an AWS Network Load Balancer (NLB) for API access. See the documentation for more info.
Allow users to partially compress user-data, check the instance groups docs for more details.
Worker nodes on AWS will now be bootstrapped using kops-controller.

CLI ¶

The kops update cluster command will now refuse to run on a cluster that has been updated by a newer version of kOps unless it is given the --allow-kops-downgrade flag.
New command for deleting a single instance: kops delete instance

CNI ¶

Clusters using the Amazon VPC CNI provider now perform an ec2.DescribeInstanceTypes call at instance launch time. In large clusters or AWS accounts this may lead to API throttling which could delay node readiness. If this becomes a problem please open a GitHub issue.
Clusters using Calico with CrossSubnet enabled will switch to the new awsSrcDstCheck for disabling the AWS source/destination checks. The previous implementation using k8s-ec2-srcdst is now deprecated.
Clusters using Calico can now enable the eBPF dataplane mode for Ubuntu 20.04 (Focal) hosts. Add spec.networking.calico.bpfEnabled: true and spec.kubeProxy.enabled: false to the cluster spec to enable.
Clusters using Calico can now encrypt pod-to-pod traffic with WireGuard for Ubuntu hosts. Add spec.networking.calico.wireguardEnabled: true to the cluster spec to enable.
New clusters running Cilium now enable BPF NodePort by default if the Kubernetes version is 1.12 or newer.
Cilium will enable enable-remote-identity by default. This can affect network policies. If you want to keep old behaviour, add spec.networking.cilium.enableRemoteIdentity: false in your cluster spec.

Addons ¶

Metrics Server is now available as a configurable addon. Add spec.metricsServer.enabled: true to the cluster spec to enable.
With this change, one no longer has to set the --kubelet-insecure-tls flag, making any metrics-server installation more secure. See #6879 for more details.
Cluster Autoscaler is now availalble as a configurable addon. Add spec.clusterAutoscaler.enabled: true to the cluster spec to enable.
AWS Node Termination Handler is now available as a configurable addon. Add spec.nodeTerminationHandler.enabled: true to the cluster spec to enable.

Breaking changes ¶

Support for Kubernetes 1.9 and 1.10 has been removed.
Support for the Romana networking provider has been removed.
Support for legacy IAM permissions has been removed. This removal may be temporarily deferred to kOps 1.20 by setting the LegacyIAM feature flag.

Required Actions ¶

See note about Openstack Cinder plugin above.
Terraform 0.12 users on AWS, in order to prevent downtime you will have to remove the state of any existing ELB or TargetGroup attachments from your Terraform state file. This is due to migrating the attachments to the in-line aws_autoscaling_group fields. See the terraform documentation for more information about the difference. This migration is required due to a bug described in #9913.

To prevent downtime, follow these steps with the new version of Kops:

kops update cluster --target terraform ...
terraform plan
terraform state list | grep aws_autoscaling_attachment | xargs -L1 terraform state rm
terraform plan
# Ensure these resources are no longer being destroyed and recreated
terraform apply

Terraform 0.12 users on AWS migrating clusters from Launch Configurations to Launch Templates may need to remove the state of the old Launch Configuration. This is due to potential errors with Terraform attempting to delete the Launch Configuration before updating the AutoScalingGroup to use the Launch Template. The Launch Configurations will need to be manually deleted afterwards. More information including detailed remediation steps is available in #10017.
```
kops update cluster --target terraform ...
terraform state list | grep aws_launch_configuration | xargs -L1 terraform state rm
terraform plan
# Ensure launch configurations are not being destroyed
terraform apply
```
Terraform users on AWS may need to rename their EBS Volume resources to match 0.12's stricter naming requirements. Volumes whose Terraform resource name begin with a digit are now prefixed with ebs-. This change will be made regardless of Terraform-0.12 feature flag value. More information is available in #9982. When upgrading to kOps 1.19, follow these steps to determine if a rename is necessary:
```
kops update cluster --target terraform ...
terraform plan
# Look for any EBS volumes being recreated
# Adjust these arguments as necessary
terraform state mv aws_ebs_volume.1a-etcd-events-foo-k8s-local aws_ebs_volume.ebs-1a-etcd-events-foo-k8s-local
terraform plan
# Confirm no EBS volumes being changed
terraform apply
```
If you are using Terraform with an additional .tf file and using "aws_autoscaling_attachment" to attach additional Load Balancers or ALB/NLB Target Groups you'll need to migrate to attaching them through the InstanceGroup spec instead.
AWS clusters using an ACM Certificate on the API ELB (.spec.api.loadBalancer.sslCertificateID) will need to migrate from Classic LoadBalancer (CLB) to Network LoadBalancer (NLB) prior to upgrading to Kubernetes 1.19 by setting .spec.api.loadBalancer.class: Network. Any kubeconfig files using kOps' admin client credentials will need to be regenerated with kops export kubecfg --admin. For more information see this page.

Deprecations ¶

Support for Kubernetes versions 1.11 and 1.12 has been deprecated and will be removed in kOps 1.20.
Support for Docker container runtime has been deprecated and will be replaced with containerd for new clusters as of kOps 1.20. For existing clusters the default behaviour can be overridden by setting spec.containerRuntime: containerd in the cluster spec. This change closely tracks the upstream deprecation of Docker.
Support for Terraform version 0.11 has been deprecated and will be removed in kOps 1.20.
Support for feature flag Terraform-0.12 has been deprecated and will be removed in kOps 1.20. All generated Terraform HCL2/JSON files will support versions 0.12.26+ and 0.13.0+.
The manifest based metrics server addon has been deprecated in favour of a configurable addon.
The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.
The experimental node authorizer is now ignored if you are using kubernetes 1.19. The feature will be removed in 1.20. Worker nodes will instead be authorized using kops-controller.
Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Full change list since 1.18.0 release ¶

v1.18.0-alpha.3 to v1.19.0-alpha.1 ¶

Add etcd-manager certificate expiration advisory @rifelpet #9030
Treat NatGatewaysNotFound error as already-deleted @johngmyers #9052
Allow cluster maintenance when channel is unavailable @johngmyers #9053
Release notes for 1.18.0-alpha.3 @justinsb #9075
Release notes for 1.17.0-beta.2 @justinsb #9073
Disable TX checksum offload for Flannel VXLAN @hakman #9074
Added support for configuring disable-attach-detach-reconcile-sync in… @andersosthus #9068
Add advisory notice to readme and docs homepage @rifelpet #9083
Revert "feat(openstack): propagate cloud labels to machines" @zetaab #9087
kube-apiserver: healthcheck via sidecar container @justinsb #9069
Include secondary protocol flag always @jacksontj #9008
Fix port conflict on etcd-cilium vs dns-controller memberlist @justinsb #9097
kube-apiserver-healthcheck: actually enable on 1.17 @justinsb #9098
Update instance_groups.md @ranshn #9072
Fix containerd image side-loading @hakman #9101
Dont use terraform's file() for singleline strings in GCE metadata @rifelpet #9084
Add documentation on gossip @olemarkus #9111
upgrade to use cinder v3 api @zetaab #9113
Fix zsh completion @olemarkus #9108
Add unit test for util/pkg/hashing/hash.go @Hellcatlk #9114
Spotinst: Allow users to disable the controller add-on @liranp #9091
Fail cluster validation if too few nodes for ig's target size @johngmyers #9126
Adding most recent version of kube-state-metrics - 1.9.5 @MoShitrit #9125
PKI code cleanup @johngmyers #9106
Return cluster validation failure if ASG missing @johngmyers #9118
Add EC2 Instance LifeCycle label @atmosx #9121
add some unit tests @q384566678 #8960
Remove code for unsupported Kubernetes version @johngmyers #9134
http download: set a timeout to avoid hangs @justinsb #9136
Move CNI docs to their own files @olemarkus #9107
Added Launch Template support for instance interruption behavior @tomesm,@rifelpet #9024
DNS: Don't try to apply empty changesets @justinsb #8464
Remove redundant menu item in the docs site @rifelpet #9144
Remove Classic networking from docs @johngmyers #9142
doc: Typo in docs/state.md @nvanheuverzwijn #9147
Spotinst: Documentation @liranp #9139
Map kube-apiserver service-account-jwks-uri flag @justinsb,@rifelpet #9133
Don't put bastions in the utility subnets @johngmyers #9124
Create golden image test for nodeup kube-apiserver @justinsb #8950
Add unit test for func matchesElbTags @hs0210 #8989
Remove support for reading legacy-format keypairs @johngmyers #9131
Update alpha channels with May updates @MoShitrit #9155
Add support for Kubenet with containerd @hakman #9104
[Digital Ocean] Handle logic for kops edit/update cluster @srikiz #9116
Move OS deprecations to deprecations section of relnotes @johngmyers #9093
Add unit test case for pkg/k8sversion/version_test.go @Hellcatlk #9112
Update OWNERS file @johngmyers #9105
Minor doc fix. address is not valid to use, will cuase etcd faili… @granular-ryanbonham #9160
GCE: don't rely on hostname being correct @justinsb,@rifelpet #9135
Reduce test flakiness @johngmyers #9164
Add unit test case for pkg/apis/kops/util/versions_test.go @Hellcatlk #9156
Spotinst: New hybrid integration mode @liranp #7252
Fix nodetask.File dependency on owner @johngmyers #9169
Networking cleanup @olemarkus #9157
Update DigitalOcean cloud-controller-manager to v0.1.24 @timoreimann #9179
Update etcd-manager to 3.0.20200527 @justinsb #9184
Use debian as default image for DO images @srikiz #9181
Remove all versions of a file form the S3 bucket @hakman #9171
Remove unused VFSScan @johngmyers #9174
Remove loader support for nodeup tasks not used in models @johngmyers #9170
Document etcd-manager backups retention settings @hakman #9187
Add gjtempleton as reviewer @johngmyers #9183
Fix nits for removal of S3 file versions @hakman #9188
Remove support for CoreOS and Jessie @johngmyers #9065
Update Bazel rules for Docker to v0.14.2 @hakman #9196
Remove support for the legacy etcd provider as of k8s 1.18 @johngmyers #8826
Add deprecation notice for legacy etcd provider to 1.17 relnotes @johngmyers #9201
Add comment in OWNERS linking to test-infra OWNERS files @rifelpet #9202
Fix repo packages not being installed @hakman #9203
Allow listing versions for objects in the S3 bucket @hakman #9205
Try validating multiple times before updating instancegroup @johngmyers #9165
Use kubescheduler.config.k8s.io/v1beta1 for Kubernetes 1.19 @hakman #9204
Update adding_a_feature.md with more modern example @johngmyers #9208
Add example for delete secret @q384566678 #9198
Upgrade docker/containerd/containeros hashes to SHA256 @johngmyers #9215
Release notes for 1.16.3 @justinsb #9219
Remove extraneous markdown files in pkg/apis @rifelpet #9220
Release notes for 1.17.0 @justinsb #9222
Remove unused file @johngmyers #9218
Update set-version script to bump tag in Makefile @justinsb #9224
Start release notes for kops 1.19 @justinsb #9223
Use AWS SDK to fetch metadata @justinsb #9227
S3 DeleteAllVersions: use pagination @justinsb #9228
Bump compatibility matrix for kops 1.17 @johngmyers #9225
Validation: MixedInstancePolicy need not override instance types @justinsb #9231
GCE: fix typo @justinsb #9232
Add packages hashes verification for containerd and Docker @hakman #9234
Remove vsphere cloud provider @olemarkus #9177
Update etcd-manager to 3.0.20200531 @hakman #9237
Don't build site when docs are unchanged @hakman #9235
Updating stable channel with May updates @MoShitrit #9212
Upgrde amazon vpc cni to 1.6.2 @MoShitrit #9214
Disable static tokens by default as of Kubernetes 1.18 @johngmyers #8850
Add example for describe secret @q384566678 #9241
Release notes for 1.18.0-beta.1 @justinsb #9242
1.18 release note corrections @johngmyers #9243
Update channels for 1.18 @mikesplain #9250
[Digital Ocean] Update RBAC for DO CCM @srikiz #9249
Remove redundant ValidateInstanceGroup call @rifelpet #9252
Add ARM64 build targets for kops and nodeup @hakman #8922
Remove all traces of utils.tar.gz @hakman #9197
Enable configuration of the calico IP_AUTODETECTION_METHOD and IP6_AUTODETECTION_METHOD @mtl-wgtwo #9175
Use CNI 0.8.6 for Kubernetes 1.15+ @hakman #9256
Add table of networking providers and their status @olemarkus #9140
Use Docker 19.03.11 for Kubernetes 1.18+ @hakman #9258
Fix link to point to aws docs @mikesplain #9263
Refactor Debian automatic upgrades to Go code @johngmyers #9213
Remove romana support @olemarkus #9255
Don't make it possible to toggle ipv4/6. We only support ipv4 anyway @olemarkus #9253
Update channel 1.15 k8s recommendation to 1.15.12 @jeffb4 #9266
Add support for encryption in Cilium @MoShitrit #9154
Bump Dashboard to v2.0.1 @maciaszczykm #9199
Update Calico and Canal for CVE-2020-13597 @hakman #9268
Tag all cilium keys with omitempty @olemarkus #9254
When building to staging, split out the marker files by branch @justinsb #9272
Move networking in nodeup to dedicated subpackage @olemarkus #9137
Bump supported and recommended k8s versions for kops 1.19 @johngmyers #9226
Clean up wording in releases.md @johngmyers #9230
Spotinst: Allow a user specifiable node draining timeout @liranp #9221
Validate IG RootVolumeType @olemarkus #9265
gce: log bucket-policy-only message at a level that always appears @justinsb #9276
Prepare kOps for multi-architecture support @hakman #9216
Ensure we have IAM bucket permissions to other S3 buckets @justinsb #9274
Refactor cert issuance code @johngmyers #9130
Allow failure of the ARM64 job in TravisCI @hakman #9279
Use Ubuntu 20.04 as the default image for Kubernetes 1.18+ @hakman #9283
Disable disk based evictions for Kubernetes 1.19 @hakman #9296
More nodeup golden tests @justinsb #9248
Adding recent releases to docs site @MoShitrit #9293
Update Weave for CVE-2020-13597 @hakman #9285
Create nodetasks.IssueCert() @johngmyers #9282
Don't export basic auth credentials if basic auth is disabled @johngmyers #9284
Copy "portmap" to /opt/cni/bin for Weave @hakman #9286
Update shipbot config @hakman #9277
Fix some go-lint warning @Hellcatlk #9236
Docs - add syntax highlighting + markdown cleanup @rifelpet #9308
Install common CNI plugin binaries for all network plugins @hakman #9310
Don't try building TLS for etcd-manager if not using etcd-manager @johngmyers #9302
Use ec2.DescribeInstanceTypes for machine type info @rifelpet #8856
Don't require nodeup tasks to have SetName() @johngmyers #9299
Refactor and improve API validation @johngmyers #9217
Disable kubeproxy when creating a kube-router cluster @rifelpet #9321
Use Docker 19.03.11 for Kubernetes 1.17+ @hakman #9317
Install all CNI plugin binaries for all network plugins @hakman #9320
Fix NPD when creating a kube-router cluster @rifelpet #9323
Fix mismatch in SecurityGroups handling with launch templates @johngmyers #9288
Allow docker options to be specified by create cluster overrides @bertinatto #9324
Issue kube-scheduler and kube-controller-manager certs in nodeup @johngmyers,@justinsb #9313
IAM: Refactor vfs-access logic so we can see the required readable paths @justinsb #9328
Update Weave Net to 2.6.5 @hakman #9330
Docs helptext @olemarkus #9333
Use launch templates by default @johngmyers #9289
Refactor kubemanifest to be clearer @justinsb #9342
Refactor BootstrapChannelBuilder to use a kOpsModelContext @justinsb #9338
Issue kubecfg and kops certs in nodeup @johngmyers #9347
Update release notes for Ubuntu 20.04 and CVEs @hakman #9332
Add nodelocal dns cache to release notes and add kops version to docs @olemarkus #9351
Bug: Explicitly set default StorageClass to support upgrades @joshbranham #9337
Promote alpha channel to stable @johngmyers #9366
Prefer the GA label for node zone @johngmyers #9363
Cleanup networking docs @ari-becker #9349
Bump recommended kops versions in alpha channel @johngmyers #9361
Validate cilium version @olemarkus #9295
Fix kube-apiserver-healthcheck image @coreypobrien #9359
Remove the baremetal cloud provider @johngmyers #9360
Add "--selinux-enabled" flag for Docker @hakman #9334
Issue kubelet-api cert in nodeup @johngmyers #9356
Revert "Fix kube-apiserver-healthcheck image" @johngmyers #9371
Move host-network services off of port 8080 @johngmyers #9355
Remove bundler as baremetal support was removed @johngmyers #9372
Add support for AWS OIDC Provider @rifelpet #9375
NodeLocalDNS config population: small tweaks @justinsb #9376
Add comment on blocking jobs to actions @mikesplain #9305
Prune old metrics-server and update HPA docs @johngmyers #9233
Upgrade mkdocs to latest versions @rifelpet #9309
Store terraform launchtemplate userdata in plaintext rather than b64 @rifelpet #9340
Update alpha channel with June releases @MoShitrit #9384
try github actions failure to see if PRs can't be merged @rifelpet #9015
Run "go mod vendor" in verify-gomod @rifelpet #9389
Start moving InstanceGroup data to NodeupConfig @johngmyers #9391
Refactor to clean up TemplateFunctions @justinsb #9390
Revert "try github actions failures to see if PRs can't be merged" @rifelpet #9392
Add notice from k8s.io to docs site @mikesplain #9393
Issue aws-iam-authenticator cert in nodeup @johngmyers #9378
Updating cluster_spec doc. @michalschott #9380
Add a couple more "area" labels @rifelpet #9394
Cache terraform's providers between tests @rifelpet #9399
Stop creating SHA1 hashes for build artifacts @hakman #9400
Add initial support for ARM64 @hakman #8938
Use -mod=vendor for most go commands @rifelpet #9396
Add olemarkus as reviewer @hakman #9200
Temporarily use containerd from Docker packages @hakman #9346
Fix override css @mikesplain #9406
Upgrade Amazon VPC CNI to 1.6.3 @MoShitrit #9408
Fold multiple integration test cases into the complex test case @rifelpet #9409
Move apply logic down into pkg for import use @johngmyers #9411
Clean up the HA docs @olemarkus #9387
Add master and node image options when creating a cluster @hakman #9407
Implement VFS for vault @olemarkus #9094
Rolling update instance groups in consistent order @johngmyers #9412
Refactor lyft config file to Go code @johngmyers #9410
Update 1.17-NOTES.md @wangxy518 #9414
Make dns pods work on arm64 clusters @olemarkus #9418
Typo and wording fix to getting_started/commands doc @MoShitrit #9417
Alicloud: Refactor LoadBalancerWhiteList to LoadBalancerACL @bittopaz #8304
Remove PHONY declaration on non-phony targets @johngmyers #9419
Build and publish only Linux AMD64 kOps artifacts for CI @hakman #9401
Remove more sha1-generation code @johngmyers #9423
Fix: dns-controller: 3999 port address already in use @vgunapati #9404
Fix dns selectors for older k8s @olemarkus #9431
Fix staticcheck error with Go 1.14 @johngmyers #9434
Remove kube-discovery @johngmyers #9435
Start pushing create_cluster logic into pkg @johngmyers #9413
Spotinst: Add missing lifecycle to awstasks.SecurityGroup @liranp #9445
Preparatory refactoring of BootstrapScript @johngmyers #9402
Fix cilium etcd migration @olemarkus #9451
Spotinst: Support for Root Volume Size in Ocean Launch Spec @liranp #9459
Spotinst: Upgrade the Spotinst controller to version 1.0.61 @liranp #9460
Remove dead cloudup code @johngmyers #9422
Refactor BootstrapScript into a Task @johngmyers #9449
Refactor how api-server addresses are exported from tasks @johngmyers #9450
Add unit test for func VersionedJSON @Hellcatlk #9458
Cilium requires manual restart when migrating to nodeport @olemarkus #9454
Bump k8s versions for alpha channel with latest releases @MoShitrit #9455
Enable nodeport by default @olemarkus #9425
Update staticcheck to latest version @rifelpet #9463
Add Ambassador addon to kops @concaf #9115
Update Calico to v3.15.0 for k8s 1.16+ @hakman #9444
Update KubeDNS to v1.15.13 @hakman #9462
Refactor more cluster creation code into NewCluster() @johngmyers #9443
Update the service manifest for Docker @hakman #9465
Cleanup tempfiles @zhijianli88 #9472
Fix where etcd-cluster-spec is written when etcd's BackupStore is defined -v2 @rdrgmnzs #9474
Create separate field for disabling rolling updates @johngmyers #9348
Move more cluster creation code to NewCluster() @johngmyers #9467
Continue moving InstanceGroup data to NodeupConfig @johngmyers #9415
Use new templates for cilium 1.8 @olemarkus #9424
Update terraform docs with version compatibility @rifelpet #9488
Updating the YAMLs for Ingress-Citrix Addon @christus02 #9480
Allow CI builds to build a tagged version @justinsb #9493
Release 1.19.0-alpha.1 @justinsb #9494

1.19.0-alpha.1 to 1.19.0-alpha.2 ¶

Use kubelet docker-specific flags only for Docker @hakman #9495
cloudbuild: Push additional images from cloudbuild @justinsb #9497
Release notes for 1.19.0-alpha.1 @justinsb #9498
Release notes for 1.16.4 @justinsb #9501
Update bazel rules versions @rifelpet #9428
Release notes for 1.17.1 @justinsb #9503
Default ClusterDNS appropriately when NodeLocalDNS is enabled @johngmyers #9491
Fixing typos and rewording docs/examples/basic-requirements.md @MoShitrit #9442
Move more cluster creation code to NewCluster() @johngmyers #9490
Continue refactoring certs into nodeup @johngmyers #9354
Update AWS VPC CNI docs to use --networking amazonvpc @rifelpet #9509
Update aws-sdk-go to v1.32.13 @hakman #9510
Add Ambassador documentation to addons docs @concaf #9516
Move remaining new cluster setup to pkg @johngmyers #9513
Changing base image for node authorizer. @michalschott #9056
Update kube-router to v1.0.0 @hakman #9512
Remove deprecated function @johngmyers #9514
Add ability to set various cilium flags through CLI @olemarkus #8928
Add tag support to AWS launch templates @rifelpet #9519
Fix a link typo in the networking.md @nikola-milikic #9461
Cilium parse k8s version url @olemarkus #9525
Cloudmock cleanup - preparation for EC2 tag-on-create @rifelpet #9520
Update mock version to 1.19.0-alpha.1 @hakman #9527
Use EC2's tag-on-create for various resources @rifelpet #9529
Fix KubeDNS missing resourceVersion @phspagiari,@hakman #9521
Use filebase64 for launch template userdata and Terraform 0.12 @rifelpet #9532
Promote alphas to stable @olemarkus #9537
Add some err judgments @zhouhao3 #9538
Force single arch support via env var @hakman #9535
Add lyft hash environment variable @hintofbasil #9539
Update AWS IAM Authenticator to 0.5.1 @rifelpet #9540
Update CoreDNS to v1.7.0 - Take 2 @rajansandeep #9541
Add healthcheck to aws-iam-authenticator @rdrgmnzs #8991
Re-enable disk based evictions for Kubernetes 1.19 @hakman #9475
Switch AWS NAT Gateway creation to use tags on create @rifelpet #8726
Improve Makefile @johngmyers #9542
Remove the checksum workaround for Flannel VXLAN @hakman #9543
Widen the tolerations of kuberouter @johngmyers #9547
Add missing lifecycle to etcd keypair tasks @johngmyers #9553
Use a stable key for signing service account tokens @johngmyers #9534
Use distroless image as base for Protokube @justinsb,@hakman #9403
Use stable names for GH workflow jobs @hakman #9552
File permission test: clear umask before testing @justinsb #9562
Don't try to delete terraform providers @justinsb #9561
Release notes for 1.18.0-beta.2 @justinsb #9563
Remove old unused files @rifelpet #9564
Add support for uploading to private buckets @johngmyers #9568
Upgrade to go 1.14.4 @rifelpet #9499
Upgrade go to 1.14.5 @rifelpet #9572
Update goimports script for go 1.14 @rifelpet #9573
[Digital Ocean] Implement KOPS validate cluster @srikiz #9476
Update alpha channel with July releases @hakman #9579
Use fixed UID for etcd user and restrict to legacy provider @johngmyers #9581
Adding feature stability table to docs and including one example for encryption support in cilium @MoShitrit #9555
Print error during cluster delete for dependency violation @hakman #9589
Specify user on export kubecfg @olemarkus #9280
Require extra flag when updating cluster with downgraded kops version @johngmyers #9362
Create one nodes instance group per zone @johngmyers #9471
Promote Ciprian & John to approvers @hakman #9590
Remove unused and unmaintained Docker build targets @hakman #9576
Remove min width on tables @mikesplain #9592
Remove support for legacy IAM permissions @johngmyers #9492
Update stable channel with July releases @hakman #9596
Improve locking in memfs @johngmyers #9597
Docs - Add the new feature table to various feature sections @rifelpet #9585
Update stretch images (from 1.11) in alpha channel @justinsb #9599
Restore default SELinux security contexts for container runtime binaries @hakman #9584
Revert move to explicit dependencies @johngmyers #9605
Prefer nodes with "master" role for Calico Typha pods @hakman #9609
Add Ubuntu 20.04 support for Docker 18.06.3 @hakman #9616
Openstack fixes @olemarkus #9554
remove LB circular in OpenStack @zetaab #9623
fix(docs): render double curly braces @FrankYang0529 #9626
Use public client accessors within openstackCloud functions @rifelpet #9628
Exempt OpenStack from the EnableExternalCloudController feature flag @johngmyers #9629
Fix int to string conversions @hakman #9630
add os.RemoveAll err verification @zhouhao3 #9610
Update instructions for fixing verify-gomod.sh @johngmyers #9636
Add repo SECURITY.md @joelsmith #9638
Use "tag on create" for AWS Route Tables @rifelpet #9639
Spotinst: Upgrade the Spotinst controller to version 1.0.62 @liranp #9642
Add tagging support for AWS Keypairs @rifelpet #9533
Make ARM64 job blocking with TravisCI @hakman #9644
Upgrade Go to version 1.15rc1 @hakman #9641
Replace custom codegen package with gengo @johngmyers #9632
Calico: Upgrade the "k8s-ec2-srcdst" controller to version v0.3.0 @seh #9647
Remove dead code from tasks @johngmyers #9646
Cleanup AWS EC2 eventual consistency warnings @hakman #9637
Cleanup unused loader features @johngmyers #9649
Promote alpha channel to stable @johngmyers #9652
Remove tags from NodeupConfig @johngmyers #9650
Release 1.19.0-alpha.2 @justinsb #9654

1.19.0-alpha.2 to 1.19.0-alpha.3 ¶

Update Calico to v3.15.1 for k8s 1.16+ @hakman #9656
Release notes for 1.19.0-alpha.2 @justinsb #9658
Use BAZEL_OPTIONS for bazel build @srikiz #9651
Document new release process for kops 1.19 and on @justinsb,@rifelpet #9660
Prefer nodes with "master" role for Canal Typha pods @hakman #9663
Refactor networking assets finder @hakman #9665
Release notes for 1.18.0 @justinsb #9668
Update releases.md and alpha channel for 1.18.0 release @johngmyers #9669
Refactor openstackCloud to be mockable, add a MockCloud @rifelpet #9645
GCE: Fix spurious comparison failures on adddress & InstanceTemplate @justinsb #9671
Upgrade cluster-proportional-autoscaler to multi-arch image @johngmyers #9674
Move cluster-proportional-autoscaler to worker nodes @hakman #9676
When channel is unavailable, don't try to validate things from it @olemarkus #9559
Determine fixedip during nodeup directly @olemarkus #9560
Remove embedded structs from spotinst terraform types @rifelpet #9682
Spotinst: Change ScaleDown.MaxPercentage from int to float64 @liranp #9683
Update protobuf to v1.4.2 @hakman #9686
Add missing locking in MockEC2 @johngmyers #9677
Openstack - Don't panic if the dns zone is not found @rifelpet #9690
Add an initial structure for openstack cloudmock @rifelpet #9691
Spotinst: Upgrade the Spot Cluster Controller to version 1.0.63 @liranp #9696
Add markdown code block to bug report GH issue template @rifelpet #9697
Spotinst: Selecting a default Instance Group in Spot Ocean should be optional @liranp #9699
[Digital Ocean] Upload binaries to DO Spaces @srikiz #9672
Adds support for using OS application credentials @olemarkus #9702
Allow configurable backend modes for aws-iam-authenticator @WarpRat #9500
Add support for cilium on openstack @olemarkus #9703
Update Go to v1.15rc2 @hakman #9709
Update k8s dependencies to v1.18.6 @hakman #9711
Fix bazel darwin hash for Go 15rc2 @hakman #9714
Make it possible to change subnet dns servers @olemarkus #9715
Update example for Resources Reservation @hakman #9708
Improve the error logged when multiple DNS Zones match the provided name @rifelpet #9717
Default kubelet authorization-mode to Webhook for k8s 1.19+ @johngmyers #9718
Respect Topology when assigning floating ips or not @olemarkus #9701
Capture logs from a kops cluster @justinsb,@rifelpet #8577
Update docs for Amazon Linux 2 @hakman #9720
Update SECURITY_CONTACTS @johngmyers #9627
Remove amd64 TravisCI jobs @rifelpet #9005
Implement Openstack cloudmock, add integration test @rifelpet #9722
Add cinder plugin @olemarkus #9700
Add windows job to GH workflows @hakman #9721
Add instance-selector cmd to toolbox @bwagner5 #9478
Upgrade CI jobs to go 1.15.0 @rifelpet #9733
Upgrade AWS VPC CNI provider to 1.6.4 @rifelpet #9734
Update Go to v1.15.0 for Bazel @hakman #9735
Add missing cli options for kube-controller-manager and kube-scheduler @Evalle #9726
Fix test-windows target @hakman #9738
Add an integration test for openstack floating ip @olemarkus #9739
Fix update and verify goimports @hakman #9740
Upgrade to Terraform 0.13.0 @rifelpet #9742
Update cluster-proportional-autoscaler to v1.8.3 @hakman #9744
Update link names for releases @hakman #9743
Update images docs @hakman #9736
Remove unused Tags and FSRoot from NodeUp @hakman #9737
Spotinst: Support for Instance Types in Ocean Launch Spec @liranp #9746
Update alpha channel with August releases @MoShitrit #9748
Update shared-VPC documentation @johngmyers #9719
Support for using hostPort when using kube-router @andsens #9689
Move kubernetes 1.18 from alpha to stable @mariusv #9754
Add the client cert / ACM cert known issue to the 1.18 release notes @rifelpet #9758
Remove unused tags functionality @johngmyers #9759
Default kubelet authenticationTokenWebhook to true for k8s 1.19+ @johngmyers #9757
Reduce the lifetime of exported kubecfg credentials @johngmyers #9593
Add ARM64 support for masters @hakman #9566
Clear KOPS_FEATURE_FLAGS in update-expected.sh @justinsb #9764
Bootstrap worker nodes using kops-controller @johngmyers #9653
Upgrade to klog v2 @rifelpet #9765
Issue more certs out of kops-controller @johngmyers #9771
Fix backwards compatibility when backend mode isn't set @WarpRat #9755
Update more klog v1 references to v2 @rifelpet #9772
Document Docker iptables settings @hakman #9760
Use /etc/os-release to identify the distribution @hakman #9766
Issue the cilium etcd client cert out of kops-controller @johngmyers #9776
Only add OS variables if they are needed @olemarkus #9778
Add support for containerd v1.4.0 @hakman #9777
Don't give access to calico-client key when not needed @johngmyers #9779
Squash patch versions of old release notes @hakman #9770
Enhancement in Ubuntu or debian apt-get and CI issue fix @Rajpratik71 #8687
feat(openstack): propagate cloud labels to machines @mitch000001 #9211
Add release note about cert expiration @johngmyers #9781
Put userid in kubecfg cert CommonName @johngmyers #9780
Adding support for permission boundaries for AWS IAM Roles @victorfrancax1 #9773
Update Weave Net to v2.7.0 @hakman #9783
Upgrade AWS VPC CNI to 1.7.0 @MoShitrit #9786
Unset more env vars in update-expected.sh @rifelpet #9789
Ignore the disableTxChecksumOffloading flag for Flannel and Canal @hakman #9782
Add flag for root volume encryption @hakman #9793
Don't use nova for glance mocks @olemarkus #9792
Fix feature flag typo in release notes @rifelpet #9796
De-emphasize bootstrap tokens and document node authorization as depr… @johngmyers #9791
Update the openstack getting started docs @olemarkus #9797
Mock create server should associate with mock ports @olemarkus #9798
Upgrade gophercloud to v1.11.0 @olemarkus #9800
Update validation for Calico to assume etcd3 as default @hakman #9803
Update API slice fields to not use pointers @rifelpet #9802
Bump stable versions from alpha @MoShitrit #9804
Release 1.19.0-alpha.3 @hakman #9801

1.19.0-alpha.3 to 1.19.0-alpha.4 ¶

Upgrade kubernetes dependencies to 1.19.0-rc.4 @rifelpet #9565
Release notes for 1.19.0-alpha.3 @hakman #9805
Stop trying to pull the Protokube image @hakman #9809
Add all images to GH release @hakman #9811
Refactor: kOpsModelContext embeds IAMModelContext @justinsb #9814
Adding docs on AWS Permissions Boundaries support @victorfrancax1 #9807
Fix GCE cluster creation with private topology @rifelpet #9815
Support writing a full certificate chain @justinsb #9812
Update Calico to v3.15.2 for k8s 1.16+ @hakman #9816
Update kube-router to v1.0.1 @hakman #9818
Remove compute floating ip extension @olemarkus #9790
Pull images from k8s.gcr.io/kops instead of docker.io/kope @hakman #9808
Upgrade AWS VPC CNI to 1.7.1 @MoShitrit #9822
Update k8s dependencies to v1.19.0 @hakman #9824
Remove unknown rules from managed security groups on openstack @olemarkus #9820
Add --internal flag for export kubecfg that targets the internal dns name @rifelpet #9732
Reconcile ports and floating ips @olemarkus #9821
GCE - Set Bastion InstanceGroup zone @rifelpet #9827
Move from debian-hyperkube-base to debian-base for node-authorizer @rdrgmnzs #9828
Add kops delete instance command @olemarkus #9784
remove nodeAffinity from typha @ozdanborne #9826
Use the get_workspace_status script to get the versions @justinsb #9830
cloudbuild: allow CI env var to be specified @justinsb #9831
TaskDependentResource: support preview when the task isn't ready @justinsb #9837
Addons: Support arbitrary additional objects @justinsb #8119
add support for cors-allowed-origins @etwillbefine #9838
Implement setter by reflection @justinsb #8896
Expose JWKS via a feature-flag @justinsb #9813
Support authentication helper for kubectl @justinsb #9667
Always use OpenStack Swift reauthentication @justinsb #9836
Upgrade cilium versions @olemarkus #9843
Dont generate the ssl_certificate_id field on TCP listeners in Terraform @rifelpet #9839
Spotinst: Upgrade the Spot Cluster Controller to version 1.0.64 @liranp #9846
Update OpenStack CSIDriver to v1 and update few csi deps @zetaab #9847
Remove more machinery for file-based cloudup models @johngmyers #9841
Keep SHELLCHECK_IMAGE vesion sync with SHELLCHECK_VERSION defined before @MaXinjian #9849
Cloudinstances refactor @olemarkus #9799
Populate cloudinstances data on openstack @olemarkus #9850
Refactor IAM route53 construction @justinsb #9853
Improve description of detaching instances @johngmyers #9859
Add command for listing cloud instances @olemarkus #9762
fix "unbound variable" issue @MaXinjian #9851
Add instance info to detached nodes @olemarkus #9860
Update installation @inductor #9864
Update Calico to v3.16.0 for k8s 1.16+ @hakman #9829
Update alpha channel k8s 1.16 to 1.16.15 and Ubuntu image to latest available @MoShitrit #9869
Implement cluster autoscaler as bootstrap addon @olemarkus #9787
Bump cilium to 1.8.3 @olemarkus #9871
Openstack golden servergrouptests @olemarkus #9874
Map ENOENT to ErrNotExist in FSPath @johngmyers #9877
Update Go to v1.15.1 @hakman #9878
Add kubelet cgroup driver property @bmelbourne #9879
verify-terraform: rearrange arguments to find @justinsb #9881
Update mock version to 1.19.0-alpha.3 @hakman #9884
Use new GitHub artifact names for mirrored assets @hakman #9882
Use root volume encryption flag for LaunchConfiguration with TF and CF @hakman #9872
Errors when encryptionConfig is enabled, but no encryptionconfig secret @olemarkus #9885
Add missing spot support to launch template direct render @johngmyers #9897
Don't explicitly set insecure-bind-address on newer k8s @olemarkus #9899
Deprecate old cluster autoscaler addon @olemarkus #9892
Update Calico to v3.16.1 @hakman #9894
Nodelocalcache configure resources @commixon #9901
Release notes for 1.17.2 @justinsb #9902
Release notes for 1.18.1 @justinsb #9904
Allow caching of Nodeidentity Info in kops-controller for AWS. @rdrgmnzs #9908
Simplified form of IAM Roles for ServiceAccounts @justinsb #9352
Detect AWS region for S3 inside containers @hakman #9857
Only apply external policies when these are defined @kesor #9867
Get launch template versions after filtering templates @johngmyers #9909
Remove constraint of setting volume type for OS @olemarkus #9907
Remove force_tcp flag for nodelocalcache dot zone @astrikos #9917
Validate labels @olemarkus #9918
Add missing setResources on CA task @justinsb #9919
Add missing flags to cluster autoscaler template @olemarkus #9925
Add unit test for pkg/apis/kops/model/features.go @hs0210 #9883
Continue if asg instance is unknown @olemarkus #9900
Allow the BootstrapClient task to run after Protokube @hakman #9911
Document process to get older releases into artifacts.k8s.io @justinsb #9934
Don't write application credentials to cloud config unless external CCM is enabled @olemarkus #9935
add kube-system psp to system:nodes @zetaab #9941
use subnet also when creating floatingip @zetaab #9936
Block external CCM for k8s less than 1.13 @olemarkus #9943
Force external cloud controller manager on OS @olemarkus #9942
Update Go to v1.15.2 @hakman #9944
Only add additional policies to kops managed IAMRoles @hakman #9924
Release 1.19.0-alpha.4 @hakman #9949

1.19.0-alpha.4 to 1.19.0-alpha.5 ¶

Release notes for 1.19.0-alpha.4 @hakman #9950
Support ChainInsertMode config option for Calico Networking @asmith030 #9945
Add instance groups and k8s 1.19 to bootstrapchannelbuilder tests @rifelpet #9962
Bump k8s versions and Ubuntu ami version to latest @MoShitrit #9963
AWS add cluster tag to detachinstances/findinstances filters @zetaab #9961
Update containerd to v1.4.1 @hakman #9968
Add addon for aws node termination handler @olemarkus #9921
Use all kops mirrors to determine artifacts hashes @hakman #9958
OpenStack: allow to specify storageClass creation to false @zetaab #9971
Add AWS partition support to iam service account roles @rifelpet #9964
Update Docker to v19.03.13 @hakman #9969
Improve kops get instances when api is unavailable @olemarkus #9938
Fix fip description @olemarkus #9965
Updating the Version @christus02 #9975
Add missing permissions for cilium-operator @codablock #9979
Consolidate all buildMinimalClusters into a generic test cluster builder @olemarkus #9972
Build cloud outside of PerformAssignments @olemarkus #9973
Bumping k8s versions and ubuntu AMI version from alpha to stable @MoShitrit #9986
Update mkdocs dependencies and pin macro plugin @rifelpet #9988
Fix nil pointer when instance has not joined the cluster @olemarkus #9985
Production recommendations document @olemarkus #9984
Clarified S3 state store encryption default @CrossRoast #9991
Add deprecation notice for support of Terraform v0.11 @bmelbourne #9989
Fix CAS ASG configuration @olemarkus #9993
Fix small typo in create cluster help output @erismaster #9995
Set ctx and cluster on the rolling update struct instead of passing it around everywhere @olemarkus #9974
Fix pair of typos in openstack docs @erismaster #9997
Add label to prevent kops-controller from running on old nodes @johngmyers #9998
Update prometheus-operator to support k8sv >= 1.16.0 @flouthoc #10001
Bump NTH to 1.8 @olemarkus #10002
Cilium hubble pointer @olemarkus #9967
Add missing closing inline code character @mbacchi #10005
Update rules_docker in order to build protokube @DerrickMartinez #10007
Bump cilium to 1.8.4 @olemarkus #10008
Fix support for multiple additionalNetworkCIDR blocks @rifelpet #9996
More removals of BuildCloud @olemarkus #9981
OpenStack floatingip fixes for clean cluster @zetaab #10010
Support rolling upgrade on openstack @olemarkus #9927
Spotinst: Upgrade the Spot Cluster Controller to version 1.0.67 @liranp #10011
Don't disassociate additional CIDR blocks with shared VPCs @rifelpet #10013
enable kubelet --housekeeping-interval flag @nareshku #10016
Move kops-controller serving port out of conflict @olemarkus #10024
Sort wellknown ports and add missing ports to table @olemarkus #10025
[calico] awsSrcDstCheck to disable src/dest checks in AWS @monicagangwar #10019
Minor fixes to swiftfs.go @olemarkus #10030
Open etcd port only when Calico uses "etcd" datastore @hakman #10032
Kubelet serving certificate and metrics server addon @olemarkus #10022
Update Calico to v3.16.3 @hakman #10036
Update Docker version defaults for older k8s versions @hakman #10033
Add support for KubeAPIServer --request-timeout flag @dntosas #10038
Add WireGuard support for Calico CNI @h3poteto #10037
Fix docs feature table not being rendered @hakman #10042
Fix nil pointer when deleting instance @olemarkus #10046
Don't require PriorityClassName to pass missing-static-pod checks @johngmyers #10049
Upgrade aws-iam-authenticator to 0.5.2 @rifelpet #10047
Recommend kops 1.18.1 for kops >= 1.15 in alpha channel @johngmyers #10051
upgrade-cluster: test that new image in stable or alpha channel will … @nvanheuverzwijn #10052
Release 1.19.0-alpha.5 @hakman #10054

1.19.0-alpha.5 to 1.19.0-beta.1 ¶

Release notes for 1.19.0-alpha.5 @hakman #10055
Rewrite ssh user to ubuntu in bastions docs @h3poteto #10044
Updating alpha with October releases and latest Ubuntu AMI version @MoShitrit #10062
Simplify node local dns @olemarkus #10059
Fix bug in MergeAddons and test @nckturner #10045
do not create egress rules when using vipacl octavia @zetaab #10061
Add some quick notes on how to get GPU opertor working @olemarkus #10067
Cleanup channels error output @rifelpet #10068
Add eBPF dataplane support for Calico CNI @hakman #10069
Upgrade aws sdk to 1.35.10 @rifelpet #10074
Use AWS SDK lists of enum values for API validation @rifelpet #10075
Allow more volume types @olemarkus #10073
Initial kubetest2 structure for e2e testing @rifelpet #10031
Hotfix/10015 cloud formation lint error @binkkatal #10066
Update Flannel CNI to v0.13.0 @hakman #10064
Cert circular deps @olemarkus #10092
Ignore changes to ForAPIServer field @justinsb #10086
Fix cilium template by specifying boolean as a string for enable-metrics @h3poteto #10094
Take node labels from cloud tags on AWS @johngmyers #9575
Default to exporting a kubecfg, even without credentials @justinsb #10105
Remove dependency of TerraformJSON feature flag @johngmyers #10106
Update Calico config for eBPF mode @hakman #10115
Update AWS VPC CNI to 1.7.5 @MoShitrit #10124
Install container runtime packages as assets @hakman #10048
Align AWS VPC CNI manifest with upstream @hakman #10126
Add verify-cloudformation script @rifelpet #10130
Update shell style for CLI docs for better compatibility @hakman #10128
Prevent unintended resource updates to LB attatchments @rdrgmnzs,@rifelpet #9794
[Digital Ocean] Use Debian10 as default image @srikiz #10098
Fix NLB naming for terraform and cloudformation targets @rifelpet #10158
Move NLB's VPC CIDR security group rule logic into model @rifelpet #10161
Fix output for CF and TF @hakman #10164
OpenStack Reset deviceID status if needed @zetaab #10178
Mount the whole /etc/ssl/certs directory for k8s-ec2-srcdst @kitos9112,@hakman #10169
Fix auto scaling group changes when using spot instances @hakman #10187
Fix AWS NLB reconciliation @hakman #10199
allow reauth for openstack client @zetaab #10144
Setup a second NLB listener when an AWS ACM certificate is used @rifelpet,@hakman #10157
Update Go to v1.15.4 @hakman #10209
Release 1.19.0-beta.1 @hakman #10212

1.19.0-beta.1 to 1.19.0-beta.2 ¶

Remove components from cluster validation @johngmyers #10214
Update validate cluster cli docs @johngmyers #10219
Switch ARM64 CI to Graviton2 CPU @hakman #10230
Fix various nits @hakman #10217
Make etcd-manager log verbosity configurable @elblivion #10194
Use LaunchTemplate versions instead of timestamped LaunchTemplates @hakman #10151
Add default runtime and runtimes fields in the docker config @bharath-123 #10238
Add HPA Flags for horizontal-pod-autoscaler-initial-readiness-delay & horizontal-pod-autoscaler-cpu-initialization-period @JoelBCarter #10241
Fix version of storage-aws addon manifest @johngmyers #10247
Update etcd-manager to 3.0.20201117 @justinsb #10257
Use separate domain for kops-controller bootstrap @johngmyers #10239
Revert "Switch ARM64 CI to Graviton2 CPU" @hakman #10262
Push multi-arch images @hakman #10265
Use etcd v3.4.13 for k8s v1.19+ @hakman #10277
Fix cloudformation lint job @rifelpet,@FrankYang0529 #10256
Parse TargetGroup names from ARNs @hakman #10276
Release 1.19.0-beta.2 @hakman #10291

1.19.0-beta.2 to 1.19.0-beta.3 ¶

[weave] Add support for default version override @dntosas,@hakman #10273
Automated cherrypick of #10275 onto release-1.19 @rdrgmnzs #10306
Update Calico to v3.17.0 @hakman #10310
Tolerate missing detached EC2 instances @hwoarang #10319
Remove copyright notice from nodeup scripts to reduce the user-data size. @rdrgmnzs #10333
Update containerd and Docker versions @hakman #10341
Allow using gp3 for root volumes @olemarkus #10345
Bump aws-vpc-cni version to 1.7.6 @MoShitrit #10337
[Digital Ocean] Upgrade godo sdk to v1.54 @srikiz,@timoreimann #10320
Update etcd-manager to 3.0.20201202 @justinsb #10351
Add paramaeters related to Taint based Evictions in kube-apiserver @h3poteto #10339
Remove support for using legacy ELB name @hakman #10296
Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data @rdrgmnzs #10357
Remove resource limits from cluster autoscaler @olemarkus #10375
Remove dependency on TravisCI @hakman #10366
Add option to reuse existing Elastic IPs for NAT gateways @hakman #10374
Upgrade docker client @olemarkus #10193
Update aws-sdk-go to v1.36.0 @hakman #10347
Add option for setting the volume encryption key in AWS @hakman #10359
Add support for AWS IMDS v2 @bharath-123 #10324
Update etcd-manager to 20201209 @justinsb #10394
Explicitly specify http_endpoint in terraform launch template @bharath-123 #10398
Update k8s dependencies to v1.19.5 @hakman #10385
Mount /lib64 for Protokube only on AMD64 @hakman #10396
Update cilium to 1.8.6 @olemarkus #10406
Allow override of registry and tag for Calico images @hakman #10316
Bump aws-cni to 1.7.7 @MoShitrit #10416
Add support for containerd v1.4.3 ARM64 @hakman #10418
Update container runtime service files @hakman #10428
Expose metrics port when PrometheusMetricsEnabled set to true in Calico @avdhoot #10414
Bump AWS-CNI to version 1.7.8 @MoShitrit #10447
Allow Calico to run on systems with loose reverse path forwarding @hakman #10442
Calico: Allow operators to choose which encapsulation mode to use @seh #10404
protokube - query host by label when setting tags @rdrgmnzs #10413
Drop support for containerd 1.2 @hakman #10483
Added event-qps and event-burst flags to kubelet @DOboznyi #10486
Add new-pod-scale-up-delay in Cluster Autoscaler spec @akshedu #10471
Add config options for container runtime package URL and Hash @hakman #10473
Release 1.19.0-beta.3 @hakman #10494

1.19.0-beta.3 to 1.19.0 ¶

Use containerd.sock for AmazonVPC CNI with containerd @hakman #10502
Remove support for Kubenet with containerd @hakman #10501
Remove copyright YEAR from generated Go files @bmelbourne #10520
Add gp3 Volume Type to etcd @msidwell #10453
Only include API server additional security groups in InstanceGroups for masters @seh #10519
Treat InvalidDhcpOptionsId.NotFound as already-deleted @wongma7 #10508
Update kube-router to v1.1.1 @hakman #10512
Manual cherry-pick of #10507: Add containerd option for registry mirrors @hakman #10510
Add possibility to set volume throughput for gp3 volumes @hakman #10530
Add integration test for creating an HA cluster in shared zone @hakman #10365
Don't allow ebs volume TF resource names to begin with digit @rifelpet #10424
Remove gjtempleton as reviewer @gjtempleton,@hakman #10466
Fix file not found error detection in fs:// @rifelpet #10566
Fix NLB listener -> target group association for TF & CF @rifelpet #10567
Allow setting gp3 for terraform volumes without setting throughput @hakman #10572
Add containerd config file to Flatcar based instances @hakman #10540
Update Go to v1.15.6 for 1.19 @hakman #10603
Update Go to v1.15.7 for 1.19 @hakman #10615
Increase CoreDNS default ttl @johanneswuerbach #10610
Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage @justinsb,@hakman #10602
Install dbus if needed for protokube with containerd @justinsb #10583
etcd-manager: Update to 3.0.20210122 @justinsb #10638
Backport gp3 volumes fixes @hakman #10644
Set the tcp_rmem sysctl in bootstrap script @justinsb #10654
Allow attaching same external load balancer to multiple instance groups @hakman #10666
Allow SSH user to be overridden for toolbox dump @rifelpet #10675

1.19.0 to 1.19.1 ¶

containerd: Add /etc/crictl config to enable crictl @justinsb,@hakman #10585
Allow nodeup (and others) to replace in-use files @justinsb #10581
Update Weave to v2.8.0 @hakman #10604
Fix panic when exporting kubecfg for AWS cluster without load balancer @rifelpet #10720
Cleanup kops-controller Route53 record during cluster deletion @rifelpet #10721
Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed @h3poteto #10742
Remove taints from spotinst ocean terraform resource @rifelpet #10674
Use EnsureTask instead of prepending IG names to external ELB tasks @rifelpet #10754
nodeup file: Set owner & group when we write the file. @justinsb,@hakman #10757
Always generate kops-controller certs @hakman #10758
fix: asset task copy docker image @johanneswuerbach #10767
Update Calico to v3.17.2 @hakman #10787
Fill Role names in kops-controller-config instead of instance profile names when it is specified @h3poteto #10728
Update Docker to v19.03.15 @hakman #10802
Fix LaunchSpec TF output @hakman #10806
kubenet containerd: match upstream @justinsb #10759
Fix kdi 'must specify' error @olemarkus #10825
Don't try to detach masters @olemarkus #10328
containerd installation: always configure, even if we don't install @justinsb #10813
Precreate the kops-controller DNS name @rifelpet #10833
Update Go to v1.15.8 @hakman #10853
Fix rendering issue created by #10414 @avdhoot,@hakman #10700
enableRemoteNodeIdentity actually defaults to true @olemarkus #10635
Release 1.19.1 @justinsb #10880

1.19.1 to 1.19.2 ¶

Update AWS CNI to latest patch version @MoShitrit #10876
Fix nil pointer deference for image ID with spotinst @hakman #10924
Sort external policies when checking for changes @hakman #10940
Allow multi-CNI setups to set usesSecondaryIP @ravens #10828
Update Calico to v3.17.3 for kOps 1.19 @hakman #10955
Add support for enable-cadvisor-json-endpoints with Kubelet @adrianmoisey #10957
Add explicit RBAC permissions for finalizers subresources @olemarkus #10966
Removing duplicate local and output values in terraform(#10786) #10978
Disable Calico Prometheus metrics by default @hakman #10982
Spotinst: Avoid unnecessary duplication of tasks @liranp #10630
Use exponential backoff for DNS updates @hakman #10996
Fix rendering of multiple Docker insecure registries @hakman #11027
Upgrade AWS CNI to version 1.7.10 @MoShitrit #11078
Validate that kube-apiserver has the necessary authz modes set @olemarkus #11127
Remove instance-selector label @bharath-123 #11048
replace hard coded aws region checks with aws sdk calls @guydog28 #11119
Release 1.19.2 @justinsb #11191

1.19.2 to 1.19.3 ¶

Remove Calico bgppeer KeepOriginalNextHop default @hakman #11203
Always secure api -> kubelet communication @olemarkus #11185
Exclude nodes from load balancers upon cordoning @johngmyers #11273
Make it possible to detect field changes when mixedInstancePolicy is removed @h3poteto #11255
Filter servers using cluster name in tags @zetaab #11305
Update Calico to v3.17.4 for kOps 1.19 @hakman #11334
Use etcd-manager built from etcdadm repo @justinsb,@hakman #11098
Verify all versions are set correctly @johngmyers #11413
Update verify-terraform to use latest 0.14 and 0.11 versions @rifelpet #11437
Backport rename of service-account key to 1.19 @johngmyers #11390