From 3268e432731b5bd6e3044847372474ad4baf641c Mon Sep 17 00:00:00 2001 From: justinsb Date: Tue, 12 Mar 2024 10:14:42 -0400 Subject: [PATCH] docs: update relnotes for 1.29 for deferred deletion Document our deferred deletion flows. --- docs/releases/1.29-NOTES.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/releases/1.29-NOTES.md b/docs/releases/1.29-NOTES.md index 15c74486cc..b6bafe5795 100644 --- a/docs/releases/1.29-NOTES.md +++ b/docs/releases/1.29-NOTES.md @@ -6,6 +6,25 @@ This is a document to gather the release notes prior to the release. # Significant changes +## Deferred deletion / pruning phase + +Some infrastructure changes are potentially disruptive to the continued +operation of the cluster. For the most disruptive operations, particularly +those that break rolling-update of the cluster, we have started to use deferred +deletion to minimize the impact. For example, on AWS we create a second NLB +during the `kops update` phase when we cannot change the NLB directly. +`kops update` will report that a `--prune` is needed. To minimize disruption, +we recommend you perform this after a rolling-update, for example: + +``` +kops update $MYCLUSTER --yes --admin +kops rolling-update $MYCLUSTER --yes +kops update $MYCLUSTER --yes --admin --prune # NEW! +``` + +Deferred deletion is currently used to safely introduce security groups for NLBs on AWS, +and to move to an internal load balancer for `kops-controller` on GCP. + ## Initial OpenTelemetry Support We are starting to add (experimental) support for OpenTelemetry, @@ -38,6 +57,9 @@ instances. * As of Kubernetes version 1.29, credentials for private GCR/AR repositories will be handled by the out-of-tree credential provider. This is an additional binary that each instance downloads from the assets repository. +* We now use a private load-balancer for in-cluster traffic on GCP, which allows us + to use network tags to restrict access only to the cluster nodes. + ## Openstack # Breaking changes