Release notes for kOps 1.20 series ¶
Significant changes ¶
-
Default container runtime is now set to
containerd
for new clusters running Kubernetes 1.20.0+. -
Added experimental Azure support. To get started check the docs
-
Default settings for AWS instances are updated to take advantage of recent performance and security features:
- Default etcd volumes encryption changes to enabled for newly created clusters
- Default root volume encryption changes to enabled
- Default etcd volumes type changes from
gp2
togp3
- Default root volume type changes from
gp2
togp3
-
Added template funtions for kubernetes version based on channel data.
-
kOps now use helm3 functions for merging template
--set
and--values
arguments. This has slightly different behaviour than previous helm2-like logic. -
Following kubeadm, control plane nodes are now labelled with
node-role.kubernetes.io/control-plane=""
-
Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.18.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.
Breaking changes ¶
-
Support for Kubernetes 1.11 and 1.12 has been removed.
-
Support for Terraform version 0.11 has been removed.
-
Support for the feature flag
Terraform-0.12
has been removed. All generated Terraform HCL2/JSON files will support versions0.12.26+
and0.13.0+
.
Required Actions ¶
-
If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (
k8s-ec2-srcdst
) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature. -
If you are using self-hosted channels files, you have to add the new
architectureID
field, with one of theamd64
orarm64
values. -
If you are running
kops toolbox template
in an airgapped environment, you have to set--channel
to point to a local channel file. -
If your workload targets control plane nodes, you need to change them to select the
node-role.kubernetes.io/control-plane=""
label. You should also add thenode-role.kubernetes.io/control-plane:NoSchedule
toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.
Deprecations ¶
-
Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.
-
The manifest based metrics server addon has been deprecated in favour of a configurable addon.
-
The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.
-
The
node-role.kubernetes.io/master
andkubernetes.io/role
labels are deprecated and will be removed from control plane nodes in kOps 1.22 -
The experimental node-authorizer that could be enabled using
nodeAuthorization
has been removed. Setting this value is now forbidden. -
Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.
-
Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.
Full change list since 1.19.0 release ¶
1.19.0-beta.3 to 1.20.0-alpha.1 ¶
- Update docs for cutting new release branches @rifelpet #10084
- Update security_groups.md @yurrriq #10078
- Take node labels from cloud tags on AWS @johngmyers #9575
- Update Office Hours Zoom link @johngmyers #10087
- Update zoom links on the spanish README @rdrgmnzs #10088
- Ignore changes to ForAPIServer field @justinsb #10086
- Update Flannel CNI to v0.13.0 @hakman #10064
- kubetest2 - Implement create/validate/delete cluster functionality @rifelpet #10083
- Cert circular deps @olemarkus #10092
- Fix cilium template by specifying boolean as a string for enable-metrics @h3poteto #10094
- Release notes for 1.18.2 @justinsb #10097
- Update Kops Go build supported versions 1.15 @bmelbourne #10099
- Spotinst: Bump the Spot Cluster Controller to 1.0.68 @liranp #10103
- Remove hack/workaround from etcd-manager certificate expiration advisory @hakman #10102
- Install container runtime packages as assets @hakman #10048
- Default to exporting a kubecfg, even without credentials @justinsb #10105
- Remove dependency of TerraformJSON feature flag @johngmyers #10106
- Makefile and hack script cleanup @rifelpet #10112
- Update channels @hakman #10117
- Update Calico config for eBPF mode @hakman #10115
- Add random AWS zone logic + specify build stage location @rifelpet #10121
- Update AWS VPC CNI to 1.7.5 @MoShitrit #10124
- Add nodeLocalDNSCache.kubeDnsOnly option @javipolo #10111
- Align AWS VPC CNI manifest with upstream @hakman #10126
- Fix release notes links to point to https://kops.sigs.k8s @hakman #10118
- Add verify-cloudformation script @rifelpet #10130
- Fix cloudformation lint errors @rifelpet #10131
- Update shell style for CLI docs for better compatibility @hakman #10128
- Prevent unintended resource updates to LB attatchments @rdrgmnzs #9794
- Make verify-cloudformation job fail when issues are found @rifelpet #10133
- Set minimum Terraform version to 0.12.26/0.13.0 @bmelbourne #10109
- ELB/TargetGroup/ASG attachment fixes @rifelpet #10138
- Prepare for version 1.20 @johngmyers #10101
- Rebrand kops to kOps @hakman #10077
- Remove code for no-longer-supported k8s releases @johngmyers #10141
- allow reauth for openstack client @zetaab #10144
- Simplify etcd options builder @hakman #10145
- Update AWS Cloudmock for complex and externallb integration test clusters @rifelpet #10140
- Deprecate field calico.majorVersion @hakman #10143
- [Digital Ocean] Use Debian10 as default image @srikiz #10098
- Fix NLB naming for terraform and cloudformation targets @rifelpet #10158
- Move NLB's VPC CIDR security group rule logic into model @rifelpet #10161
- Fix additionalSecurityGroups support for NLB @rifelpet #10162
- Some typos @Hellcatlk #10160
- Fix output for CF and TF @hakman #10164
- Avoid waiting on validation during rolling update for inapplicable instance groups @bharath-123 #10065
- OpenStack Reset deviceID status if needed @zetaab #10178
- Remove unused bearer token field from kubeconfig builder @rifelpet #10181
- Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically @havulv #10186
- Consistent naming of security group rules @olemarkus #10179
- Upgrade Hashicorp HCLv2 Go module v2.7.0 @bmelbourne #10189
- Fix auto scaling group changes when using spot instances @hakman #10187
- Upgrade sprig to v3 @olemarkus #10191
- Upgrade helm to 2.17 and use the helm.sh reference @olemarkus #10192
- Fix AWS NLB reconciliation @hakman #10199
- Fix disabling spot instances when using launch templates @hakman #10198
- Add ACM cert permalink @rifelpet #10156
- Setup a second NLB listener when an AWS ACM certificate is used @rifelpet,@hakman #10157
- Update Go to v1.15.4 @hakman #10209
- Upgrade docker client @olemarkus #10193
- Spotinst: Configure Resource Limits in Ocean Auto Scaler @liranp #10190
- Release notes 1.19.0-beta.1 @hakman #10213
- Use LaunchTemplate versions instead of timestamped LaunchTemplates @hakman #10151
- Update kOps version after 1.19.0-beta.1 release @hakman #10216
- Remove components from cluster validation @johngmyers #10214
- Allow to use custom csi plugin image and enable topology support @zetaab #10215
- Update validate cluster cli docs @johngmyers #10219
- Fix cluster autoscaler docs @djablonski-moia #10225
- Make etcd-manager log verbosity configurable @elblivion #10194
- Update k8s versions nov 2020 @MoShitrit #10227
- Update Ubuntu ami to latest version @MoShitrit #10195
- Fix various nits @hakman #10217
- Switch ARM64 CI to Graviton2 CPU @hakman #10230
- Update docs related to audit logging @hakman #10231
- Don't install the misc packages for k8s 1.20+ @johngmyers #10222
- Fix readme @karancode #10228
- Update kops as kOps and remove extra spaces from .md files @axpraka,@hakman #10235
- Add default runtime and runtimes fields in the docker config @bharath-123 #10238
- Fix cluster validation dependency on local kubeconfig @eddycharly #10221
- Associate instance group to pod validation failures in cluster validation. @bharath-123 #10237
- Add HPA Flags for
horizontal-pod-autoscaler-initial-readiness-delay
&horizontal-pod-autoscaler-cpu-initialization-period
@JoelBCarter #10241 - Remove more code specific to unsupported etcd v2 @johngmyers #10245
- GCE: ignore (output-only) networkInterface.name @justinsb #10242
- Make it possible to use OnDelete update strategy on addon daemonset @olemarkus #10167
- Fix version of storage-aws addon manifest @johngmyers #10247
- Fix cloudformation lint job @rifelpet #10256
- Update etcd-manager to 3.0.20201117 @justinsb #10257
- Use separate domain for kops-controller bootstrap @johngmyers #10239
- Revert "Switch ARM64 CI to Graviton2 CPU" @hakman #10262
- Update Bazel rules for Go to v0.24.7 @hakman #10240
- Update k8s dependencies to 1.20.0-beta.2 @rifelpet #10266
- Push multi-arch images @hakman #10265
- alpha channel: update legacy images @justinsb #10269
- Fix multi-arch image pushing @hakman #10270
- Add sslPolicy for NLB to change listener's security policy @FrankYang0529 #9666
- Optimize Bazel builds by os and arch @hakman #10267
- Fix incorrect URLs in kops cluster documentation @bycEEE #10274
- Use etcd v3.4.13 for k8s v1.19+ @hakman #10277
- Parse TargetGroup names from ARNs @hakman #10276
- Add Go code-generator v0.20.0-beta.2 crypto hash @bmelbourne #10285
- Add ACM/NLB instructions to 1.19 release notes @rifelpet #10292
- Release notes for 1.19.0-beta.2 @hakman #10293
- Add more NLB release notes and documentation @rifelpet #10294
- Can check cert expiry using openssl @alok87,@hakman #10282
- [weave] Add support for default version override @dntosas,@hakman #10273
- Add support of Azure Blob storage to VFS @kenji-cloudnatix #10258
- Update kOps version after 1.19.0-beta.2 release @hakman #10295
- Remove support for using legacy ELB name @hakman #10296
- Remove dead code @hakman #10297
- Remove support for disabling manifest normalization @johngmyers #10298
- Upgrade cloud-provider-openstack to 1.19.2 @rifelpet #10303
- Fix a typo in an error message returned from buildAzureBlobPath @kenji-cloudnatix #10305
- Allow setting CPU limit and Mem request / limit for kube API server @rdrgmnzs #10275
- Optimize Bazel dev builds by arch @hakman #10309
- Update Calico to v3.17.0 @hakman #10310
- [Digital Ocean] Upgrade godo sdk to v1.54 @srikiz #10320
- Tolerate missing detached EC2 instances @hwoarang #10319
- Don't try to detach masters @olemarkus #10328
- Remove copyright notice from nodeup scripts to reduce the user-data size. @rdrgmnzs #10333
- Add docs for metrics server @olemarkus #10332
- Push alpha to stable @MoShitrit #10336
- Add paramaeters related to Taint based Evictions in kube-apiserver @h3poteto #10339
- Allow using gp3 for root volumes @olemarkus #10345
- Update containerd and Docker versions @hakman #10341
- Update aws-sdk-go to v1.36.0 @hakman #10347
- Bump aws-vpc-cni version to 1.7.6 @MoShitrit #10337
- Update etcd-manager to 3.0.20201202 @justinsb #10351
- Update DigitalOcean cloud-controller-manager to v0.1.30 @timoreimann #10352
- Add aws-cloud-controller-manager config to addons @nckturner #9704
- Allow attaching same external target group to multiple instance groups @hakman #10335
- Add fuzzer and OSS-fuzz build script @AdamKorcz #10326
- Set --service-account-issuer for k8s 1.20+ @johngmyers #10284
- Promote addon docs to first level menu item @olemarkus #10355
- [Digital Ocean] Promote to Beta @srikiz #10312
- Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data @rdrgmnzs #10357
- Add integration test for creating an HA cluster in shared zone @hakman #10365
- Add minimal cert-manager addon @olemarkus #10318
- Add option to reuse existing Elastic IPs for NAT gateways @hakman #10374
- Remove resource limits from cluster autoscaler @olemarkus #10375
- Remove dependency on TravisCI @hakman #10366
- fix cluster-autoscaler README url from cluster_spec -> addons @isaachui #10373
- Rename duplicate ci target to quick-ci @hakman #10378
- Use custom-configured ServiceAccountIssuer when present @johngmyers #10364
- Add option for setting the volume encryption key in AWS @hakman #10359
- Add support for AWS IMDS v2 @bharath-123 #10324
- Update k8s dependencies to v1.20.0 @hakman #10390
- Update docs for CentOS 8 @hakman #10368
- Move tools into separate
hack
go module @rifelpet #10308 - Update etcd-manager to 20201209 @justinsb #10394
- Mount /lib64 for Protokube only on AMD64 @hakman #10396
- Explicitly specify http_endpoint in terraform launch template @bharath-123 #10398
- Update alpha channel with December 2020 k8s releases and bump Ubuntu AMI version @MoShitrit #10401
- Hack script improvements @rifelpet #10407
- hack/goimports - Replace mapfile with read @rifelpet #10410
- Allow override of registry and tag for Calico images @hakman #10316
- Update Calico to v3.17.1 @hakman #10408
- Bump aws-cni to 1.7.7 @MoShitrit #10416
- Add support for containerd v1.4.3 ARM64 @hakman #10418
- Add release note for terraform launch template migration @rifelpet #10423
- Expose metrics port when PrometheusMetricsEnabled set to true in Calico @avdhoot #10414
- Bump etcd client to 3.4.13. Use go modules @olemarkus #10425
- Use the kubernetes-sigs version of yaml @olemarkus #10427
- Bump heredoc to v2 @olemarkus #10429
- Update container runtime service files @hakman #10428
- Template functions for recommended kubernetes versions @olemarkus #10369
- Make CoreDNS the default DNS server @rajansandeep #7919
- Delay defaulting to CoreDNS to k8s v1.20 @hakman #10435
- Bump go-bindata and use go module @olemarkus #10421
- Bump sftp to 1.12 @olemarkus #10436
- IAM ServiceAccount Roles: truncate name at 64 characters @justinsb #10437
- Bump helm to v3 @olemarkus #10426
- cloudmock - guard the VPC CIDR association calls with a mutex @rifelpet #10440
- Upgrade mkdocs dependencies to latest @rifelpet #10433
- Spotinst: Schedule Ocean Controller to Linux nodes only @liranp #10444
- Bump AWS-CNI to version 1.7.8 @MoShitrit #10447
- protokube - query host by label when setting tags @rdrgmnzs #10413
- Allow Calico to run on systems with loose reverse path forwarding @hakman #10442
- Bump k8s versions on alpha and bump Ubuntu AMI version on stable @MoShitrit #10464
- Remove gjtempleton as reviewer @gjtempleton #10466
- Calico: Allow operators to choose which encapsulation mode to use @seh #10404
- Spotinst: Ignore volume type case sensitivity to prevent unnecessary updates @liranp #10450
- Spotinst: Expose Ocean Headroom percentage and autoconfig labels @liranp #10449
- Spotinst: Support for multiple subnets per zone @liranp #10452
- Add new-pod-scale-up-delay in Cluster Autoscaler spec @akshedu #10471
- Replace (some) deprecated ResourceHolder with Resource @justinsb #10472
- Remove ResourceHolder: remove last usages and remove code @justinsb #10478
- Refactor MirroredAsset into mirrors package @justinsb #10475
- Refactor nodeUpConfigBuilder to be standalone @justinsb #10476
- Avoid recursive type definitions in schema @justinsb #10482
- Drop support for containerd 1.2 @hakman #10483
- Update CNI plugins to v0.8.7 @hakman #10481
- Add Azure support @kenji-cloudnatix #10114
- Refactor GCE InstanceTemplate @justinsb #10477
- Use Region method of fi.Cloud @justinsb,@rifelpet #10474
- Spotinst: Bump the Ocean Controller to 1.0.69 @liranp #10487
- Added event-qps and event-burst flags to kubelet @DOboznyi #10486
- Add config options for container runtime package URL and Hash @hakman #10473
- Fix cluster setup when KOPS_ARCH is set @hakman #10496
- Docs: Rename "Development" section to "Contributing" and add instructions to update the base AMI version of Ubuntu @MoShitrit #10455
- Release notes for 1.19.0-beta.3 @hakman #10497
- Use containerd.sock for AmazonVPC CNI with containerd @hakman #10502
- Remove support for Kubenet with containerd @hakman #10501
- Add containerd option for registry mirrors @hakman #10507
- Treat InvalidDhcpOptionsId.NotFound as already-deleted @wongma7 #10508
- Add required toleration to gpu documentation @silashansen #10509
- AWS IAM Role Tagging @rifelpet #10488
- Update stable channel with recent k8s releases @MoShitrit #10514
- Run k/k's e2e suite via new kubetest2 make target @rifelpet #10504
- Remove copyright YEAR from generated Go files @bmelbourne #10520
- e2e - dump cluster manifests into artifacts and add --kubernetes-version @rifelpet #10522
- kubetest2: Pass through some AWS env vars @justinsb #10525
- kubetest2: add initial support for GCE @justinsb #10524
- Add gp3 Volume Type to etcd @msidwell #10453
- Only include API server additional security groups in InstanceGroups for masters @seh #10519
- Update kube-router to v1.1.1 @hakman #10512
- IRSA - continue adding route53 permisions to masters @rifelpet #10529
- Add possibility to set volume throughput for gp3 volumes @hakman #10530
- Prefix etcd cluster names with letters @hakman #10361
- Recognize ubuntu 20.10 @justinsb #10278
- Don't allow ebs volume TF resource names to begin with digit @rifelpet #10424
- Add K8s Docker runtime support deprecation release note @bmelbourne,@hakman #10371
- Make it possible to change the etcd volume type and iops @olemarkus #10461
- Promote Ole Markus to approvers list @hakman #10542
- Add containerd config file to Flatcar based instances @hakman #10540
- Add control-plane node role label to cp nodes @olemarkus #10397
- Move bootstrapchannelbuilder to a dedicated package @olemarkus #10409
- kubetest2: support specifying admin-access value @justinsb #10526
- GCE: Don't warn about NVME @justinsb #10548
- Simple upgrade test using kubetest2 framework @justinsb #10523
- Refactor and centralize distribution logic @justinsb #10538
- Fix to handle exit code of gazelle command in hack/verify-bazel.sh @h3poteto #10182
- COS/GCE: exec on kubelet/flexvolume dirs @justinsb #10547
- Fix typo in comment @fenggw-fnst #10541
- Openstack: Prevent data race in servergroup member list @justinsb #10553
- Updates GCE channels to use ubuntu over COS @geojaz #10554
- Kubetest2 - use our own tester that wraps kubetest2's ginkgo tester @rifelpet #10549
- Spotinst: Specify Spot percentage per Instance Group @liranp #10551
- update gophercloud dependency @zetaab #10556
- Upgrade Go v1.15.6 / Bazel v3.4.1 @bmelbourne #10550
- Remove node-authorization @olemarkus #10439
- [addons/CA] Add support for specifying resources and metrics @dntosas #10281
- Spotinst: Iterate over metadata labels only once @liranp #10560
- Default cgroup driver to systemd from k8s 1.20 @bharath-123 #10419
- AWS CSI driver @olemarkus #10467
- Upgrade cfn-lint to 0.44.3 @rifelpet #10565
- Fix file not found error detection in fs:// @rifelpet #10566
- Fix NLB listener -> target group association for TF & CF @rifelpet #10567
- Spotinst: Bump the Ocean Controller to 1.0.70 @liranp #10573
- Spotinst: Specify whether scale-down activities should be restricted @liranp #10561
- [OpenStack] Use new hash format in instance names @zetaab #10557
- kubetest2 - Add manifest template support @rifelpet #10559
- Updates to Alpha versions - k8s & kOps @MoShitrit #10576
- Use Bazel 3.4.1 for postsubmit jobs @hakman #10578
- Give kubetest2 its own makefile @rifelpet #10577
- Use consistent naming for the remaining SGRs part two @olemarkus #10188
- [DigitalOcean] add e2e tests @srikiz #10575
- Allow nodeup (and others) to replace in-use files @justinsb #10581
- Dial-down logging on flagbuilder @justinsb #10582
- Fix default make target @rifelpet #10584
- containerd: Add /etc/crictl config to enable crictl @justinsb #10585
- Add CF integration test for gp3 volumes @hakman #10569
- Release 1.20.0-alpha.1 @hakman #10591
1.20.0-alpha.1 to 1.20.0-alpha.2 ¶
- Release notes for 1.20.0-alpha.1 @hakman #10592
- Make cluster proportional autoscaler image configurable. @bjhaid #10564
- Set default container runtime to containerd @bmelbourne #10370
- Fix minor docs typos @JamesJJ #10598
- Validate cluster cloud labels @olemarkus #10599
- Exclude terraform.lock.hcl files from Git repo @bmelbourne #10597
- Provide required --kubernetes-version flags to kubetest2-kops --up @rifelpet #10600
- Kubetest - add networking support + misc fixes @rifelpet #10601
- Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage @justinsb,@hakman #10602
- Add troubleshooting documentation @olemarkus #10594
- Fix menu link to troubleshooting @olemarkus #10607
- Use kops binary built by kubetest2-kops in upgrade script @rifelpet #10613
- Warn if cilium encryption is enabled, but no secret has been set @olemarkus #10608
- kubetest2 upgrade script - PATH needs to be a directory @rifelpet #10617
- Add support for container-log-max-size/files with kubelet @hakman #10612
- Add network and router availability zone hints to OpenStack @ottosulin #10616
- Increase CoreDNS default ttl @johanneswuerbach #10610
- Update Go to v1.15.7 @hakman #10614
- kubetest2 - Add support for specifying a kubernetes version marker file @rifelpet #10620
- kubetest 2 - fix parsing of k8s version semver values @rifelpet #10621
- Update Weave to v2.8.0 @hakman #10604
- Update AWS instances defaults @hakman #10624
- kubetest2 - update the skip regex for the upgrade scenario @rifelpet #10626
- Install dbus if needed for protokube with containerd @justinsb #10583
- Ensure SpecOverrideFlag is set in upgrade test @rifelpet #10628
- Fix unbound variable in upgrade scenario script @rifelpet #10631
- kubetest2 - increase validation timeout for the upgrade scenario @hakman #10632
- Add startup probe for calico-kube-controllers @hakman #10633
- Remove coredns dnsprovider @olemarkus #10629
- Spotinst: Avoid unnecessary duplication of tasks @liranp #10630
- enableRemoteNodeIdentity actually defaults to true @olemarkus #10635
- Replace gopkg yaml with k8s-sigs yaml @olemarkus #10634
- protokube: Remove unused ExecuteTemplate function @justinsb #10637
- Fix phony make target for setting up kubetest2 @rifelpet #10636
- [Digital Ocean] Add SFO3 region. Also update e2e tests to use full list of supported zones @srikiz #10622
- etcd-manager: Update to 3.0.20210122 @justinsb #10638
- Update k8s versions in stable channel and bump ubuntu ami version in alpha channel @MoShitrit #10639
- Update kubetest2 library @rifelpet #10646
- feat: implement azure get api ingress status fn @ngalantowicz #10609
- Use the same package marker for kubectl as for e2e binary @rifelpet #10649
- Reword 'what is kOps' @olemarkus #10570
- Add back support for kubenet style networking with containerd @hakman #10651
- Add
set instancegroup
command @gabrieljackson #10593 - Set the tcp_rmem sysctl in bootstrap script @justinsb #10654
- Add --create-args kubetest2 flag @rifelpet #10658
- Fix cluster_spec.md indentation @trondhindenes #10660
- Allow attaching same external load balancer to multiple instance groups @hakman #10666
- Fix typo @adrianmoisey #10667
- Update kops e2e testing docs @bmelbourne #10652
- Create default loadbalancer when SSL certificate is specified @rudeigerc #10665
- Bump Ubuntu images for AWS and GCE @hakman #10670
- Release notes for 1.18.3 @justinsb #10673
- Remove taints from spotinst ocean terraform resource @rifelpet #10674
- Allow SSH user to be overridden for
toolbox dump
@rifelpet #10675 - kubetest2 - Use --ssh-user to dump logs @rifelpet #10676
- Update AWS etcd-manager volumes defaults @hakman #10661
- Update aws-sdk-go to 1.37.0 @rifelpet #10682
- Release notes for 1.19.0 @justinsb #10683
- Update release compatibility matrix @johngmyers #10684
- Default IMDSv2 to "optional" for AWS @hakman #10655
- Add link to 1.19 @olemarkus #10686
- Fix header indentation in addons.md @olemarkus #10685
- Documentation update: Corrected externalPolicy AWS ARN formatting @timothyclarke #10680
- Remove 'not released' notice from 1.19 notes @olemarkus #10688
- Fix bug preventing tasks using gp2 @olemarkus #10694
- Have channels create PKI for addons @olemarkus #10545
- Add template function returning the latest image @olemarkus #10689
- Update Weave to v2.8.1 @hakman #10698
- Increase IMDSv2 hop limit on control plane nodes @olemarkus #10702
- Kubetest2 - refactor how
kops create cluster
arguments are set @rifelpet #10701 - Update upgrade test to use 1.18->1.19 @rifelpet #10710
- Fix create args for upgrade test @rifelpet #10711
- Docs: Fix ServiceAccountVolume proposed configuration for Istio @dntosas #10712
- Update the skipped tests in the upgrade job to help the test stage pass @rifelpet #10713
- Remove unused instanceGroup parameter from setClusterFields @bharath-123 #10690
- Update code reference links in docs @bharath-123 #10696
- Fix rendering issue created by #10414 @avdhoot #10700
- Fix panic when exporting kubecfg for AWS cluster without load balancer @rifelpet #10720
- Cleanup kops-controller Route53 record during cluster deletion @rifelpet #10721
- Revert making imdsv2 default @olemarkus #10729
- Throw error if path being set by kops set is not present in struct @bharath-123 #10692
- Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed @h3poteto #10742
- Fix ineffassign issues @zhijianli88 #10739
- Deprecate aliyun @olemarkus #10746
- alpha channel: Update older images @justinsb #10748
- Fix docs build failure @bharath-123 #10750
- add user agent to openstack api requests @zetaab #10732
- Add support for cilium 1.9 @olemarkus #10695
- Use EnsureTask instead of prepending IG names to external ELB tasks @rifelpet #10754
- nodeup file: Set owner & group when we write the file. @justinsb,@hakman #10757
- Always generate kops-controller certs @hakman #10758
- Release 1.20.0-alpha.2 @hakman #10765
1.20.0-alpha.2 to 1.20.0-beta.1 ¶
- fix: asset task copy docker image @johanneswuerbach #10767
- Add AWS LoadBalancerController @olemarkus #10489
- Update Calico to v3.17.2 @hakman #10787
- Enable CSIMigrationAWS if CSI EBS driver is installed @olemarkus #10791
- Fill Role names in kops-controller-config instead of instance profile names when it is specified @h3poteto #10728
- Update Docker to v19.03.15 @hakman #10802
- Fix LaunchSpec TF output @hakman #10806
- add azure support for internal loadbalancer to k8s api @collin-woodruff-t1cg #10744
- Allow managed images for Azure instance groups @NickSchleicher #10797
- kubenet containerd: match upstream @justinsb #10759
- Storage: Allow disabling of kOps's management of StorageClasses @seh #10733
- Spotinst: Replace corev1.Taint to fix HCL2 serialization @liranp #10819
- Spotinst: Bump the Ocean Controller to 1.0.72 @liranp #10820
- Allow to control which subnets and IPs get used for the API loadbalancer @codablock #10741
- Use correct tag when creating node labels from azure cloud tags @NickSchleicher #10619
- containerd installation: always configure, even if we don't install @justinsb #10813
- Precreate the kops-controller DNS name @rifelpet #10833
- Actually enable systemd cgroup for containerd @codablock #10846
- Update Go to v1.15.8 @hakman #10853
- Add support for CAS 1.20 + support for disabling CAS for a given IG @olemarkus #10857
- Add liveness probe for calico-kube-controllers @hakman #10856
- Bump aws node termination handler to 1.12.0 @bharath-123 #10863
- Update AWS CNI to latest patch version @MoShitrit #10876
- Bump metrics-server to 0.4.2 @olemarkus #10858
- Fixes for 1.21 e2e tests @olemarkus #10879
- Add validation for instanceType and ami architecture @bharath-123,@hakman #10747
- fix loadBalancerID null pointer @collin-woodruff-t1cg #10886
- Update Calico to v3.18.0 @hakman #10904
- Adding Elastic IP Allocations to NLB API @timothyclarke #10872
- add usage of subnet and routetable shared resources in azure @ngalantowicz #10900
- Release 1.20.0-beta.1 @hakman #10906
1.20.0-beta.1 to 1.20.0-beta.2 ¶
- add support for azure public loadbalancer @collin-woodruff-t1cg #10915
- Spotinst: Prevent instance groups with the same suffix from being deleted @liranp #10918
- Fix nil pointer deference for image ID with spotinst @hakman #10924
- Sort external policies when checking for changes @hakman #10940
- Further improve cloudLabel validation @olemarkus #10910
- Update etcd-manager to 3.0.20210228 @justinsb #10949
- Allow multi-CNI setups to set usesSecondaryIP @ravens #10828
- Spotinst: Don't skip LB attachments when SpotinstHybrid is enabled @liranp #10961
- Add AWS Transit Gateway support @rifelpet #10948
- gce doesn't suffix the IG names with ClusterName @olemarkus #10944
- Fix node label conversion in Azure @kenji-cloudnatix #10935
- Spotinst: Bump the Ocean Controller to 1.0.73 @liranp #10960
- Add support for enable-cadvisor-json-endpoints with Kubelet @adrianmoisey #10957
- Add explicit RBAC permissions for finalizers subresources @olemarkus #10966
- Add support for CPU Credits on AWS t2 and t3 instance families @rifelpet #10934
- Update controller-runtime to v0.8.2 for kOps 1.20 @hakman #10967
- Removing duplicate local and output values in terraform(#10786) @mmerrill3 #10978
- Add CloudLabels as --extra-tags to aws-ebs-csi driver @codablock #10976
- Use internal api url for jwks @olemarkus #10888
- Disable Calico Prometheus metrics by default @hakman #10982
- Add etcd-manager discoveryPollInterval option @ottosulin #10975
- Storage: Amend default choice for StorageClass management to honor a specified OpenStack-related value @seh #11002
- Use exponential backoff for DNS updates @hakman #10996
- Update Calico to v3.18.1 @hakman #11018
- Various cleanups around apply_cluster and awsmodel @olemarkus #10579
- Spotinst: Add support for block device mappings in Ocean Launch Spec @liranp #11009
- Fix rendering of multiple Docker insecure registries @hakman #11027
- Release 1.20.0-beta.2 @hakman #11031
1.20.0-beta.2 to 1.20.0 ¶
- azure: fix null pointer when updating in place cluster @collin-woodruff-t1cg #11015
- Honor OS update policy at InstanceGroup level too @seh #10913
- Cleanup some nodeup & protokube logging @rifelpet #11052
- Improve instance type validation error message @bharath-123 #11043
- Add channels entries for image architecture @hakman #11046
- Upgrade AWS CNI to version 1.7.10 @MoShitrit #11078
- Ensure protokube can connect to kube-apiserver before starting the sync loop @olemarkus #11093
- Put awslbcontroller on the control-plane @olemarkus #11091
- Have nodeup retry kops-controller bootstrapping sooner if DNS isn't setup @rifelpet #11101
- Update containerd to v1.3.10/v1.4.4 @bmelbourne #11084
- Update kube-router to v1.2.1 @hakman #11124
- Remove instance-selector label @bharath-123 #11048
- Validate that kube-apiserver has the necessary authz modes set @olemarkus #11127
- [DigitalOcean] Fix DO Tag issue @srikiz #11102
- Revert "Update kube-router to v1.2.0" @hakman #11134
- replace hard coded aws region checks with aws sdk calls @guydog28 #11119
- Add scaleDownDelayAfterAdd to clusterAutoscaler spec @jurriaanpro #11140
- Add an option to skip NTP installation @kenji-cloudnatix #11160
- Spotinst: Use BDM to configure the root volume size at VNG level @liranp #11179
- Spotinst: Configure headroom resources only at the VNG level @liranp #11181
- Release 1.20.0 @justinsb #11192
1.20.0 to 1.20.1 ¶
- Correct typos @Akiros001 #11190
- Use "string" for architecture type in ChannelRecommendedImage @hakman #11220
- Always secure api -> kubelet communication @olemarkus #11185
- Fix etcd volume validation logic @hakman #11225
- Remove validations for EBS from cluster validation @h3poteto #11228
- Add support for Docker v20.10.6 @hakman #11236
- Add Azure image to alpha/stable channel @kenji-cloudnatix #11271
- Exclude nodes from load balancers upon cordoning @johngmyers #11273
- Fix cilium template scoping typo @javipolo #11270
- If one tries to use eip with a public ip that doesn't exist, fail @olemarkus #11276
- Spotinst: Prevent nil pointer dereference @liranp #11289
- Spotinst: Update spotinst/ocean-controller to v1.0.74 @liranp #11286
- Make it possible to detect field changes when mixedInstancePolicy is removed @h3poteto #11255
- Add ability to set a default Issuer in certManager addon @javipolo #11281
- Filter servers using cluster name in tags @zetaab #11305
- Use the full operator instead of the generic one @olemarkus #11312
- Update Calico to v3.18.2 @hakman #11339
- Set SAN for addon CAs @olemarkus #11328
- Add support for configuring Cilium enable-host-reachable-services. @bjhaid,@hakman #11333
- Mount /run inside etcd-manager pods for systemd mounts @hakman #11352
- Expose hubble agent when hubble is enabled @olemarkus #11314
- Mark control-plane node for update when etcd volume size changes @hakman #11365
- Update Calico to v3.18.3 for kOps 1.20 @hakman #11377
- Don't try to mount hubble TLS on the agent if we don't use hubble @olemarkus #11379
- Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller @olemarkus #11393
- Use etcd-manager built from etcdadm repo @justinsb,@hakman #11098
- csi/aws: Bump templates + add support for warm pools @dntosas,@codablock #11304
- Verify all versions are set correctly @johngmyers #11413
- Backport rename of service-account key to 1.20 @johngmyers #11388
- Update verify-terraform to use 0.14.11 @rifelpet #11436
- Create new clusters without forcing a container runtime @hakman #11428
- Allow AWS instance types with multiple architectures @hakman #11463
1.20.1 to 1.20.2 ¶
- Release 1.20.1 @justinsb #11467
- Update containerd to v1.4.6 @hakman #11535
- Allow cert-manager to be provisioned externally @codablock #11354
- upup: gcetasks: force send AutoCreateSubnetworks field when set to false @nicktrav #11457
- [metrics-server] Bump manifest to latest stable @dntosas,@hakman #11319
- Allow Spotinst to use comma separated instance types @hakman #11560
- Only update kubeconfig user when we have user info @justinsb #11584
- Add init image field for Amazon VPC CNI @ryan-dyer #11602
- Fix duplicate CopyFile tasks @johngmyers #11619
- Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet @johngmyers #11590
- Consolidate CSI livenessprobe images for multi-arch support @rifelpet #11652
- Fix set-version leaving backup files with "-e" suffix @johngmyers #11691
- Add support for Docker v20.10.7 @hakman #11674
- Bump the cas addon version. @olemarkus #11780
1.20.2 to 1.20.3 ¶
- Release 1.20.2 @justinsb #11800
- Also set haveUserInfo=true in case --user was provided in "kops export kubecfg" @codablock #11778
- Handle containerExec hooks when using containerd @hakman #11852
- Update aws-sdk-go to v1.37.33 for kOps 1.20 @hakman #11858
- Include GCP Project in terraform HCL2 output @rifelpet #11901
- cluster validation - allow flapping of validation errors @rifelpet #11049
- Add log rotation for etcd-cilium.log @hakman #11943
- Don't ignore channel value in toolbox template @hakman #12464
- Update containerd and Docker for kOps 1.20 @hakman #12509