kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3999 from justinsb/relnotes 

Release notes for 1.8.0
This commit is contained in:
Justin Santa Barbara 2017-12-03 16:41:06 -05:00 committed by GitHub
parent 14f67c1f68 442c0093ca
commit 3c0161b74f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 102 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
docs/releases/1.8-NOTES.md
View File

@ -1,11 +1,25 @@
_This is a WIP document describing changes to the upcoming kops 1.8 release_
# Significant changes # Significant changes
* flannel now has a `backend` property in the manifest, which can be either `udp` or `vxlan`. `udp` * flannel now has a `backend` property in the manifest, which can be either `udp` or `vxlan`. `udp`
is not recommended, but will be the default value for existing clusters or clusters created via manifests. is not recommended, but will be the default value for existing clusters or clusters created via manifests.
`kops create cluster` with `--networking flannel` will use `vxlan`, `--networking flannel-vxlan` `kops create cluster` with `--networking flannel` will use `vxlan`, `--networking flannel-vxlan`
or `--networking flannel-udp` can be specified to explicitly choose a backend mode. or `--networking flannel-udp` can be specified to explicitly choose a backend mode.
* IAM lockdown on new clusters: we define the existing policy as `legacy`, it defaults to true for existing clusters;
new clusters will have `legacy: false` which will mean that only IAM policies needed by kops / k8s are guaranteed to be
set. If you are using IAM credentials for your application workload, please either set `legacy: true`, or use your own
IAM roles (direct credentials or kube2iam)
* New AWS instance types: P3, C5, M5, H1. Please note that NVME volumes are not supported on the default jessie
image, so masters will not boot on M5 and C5 instance types unless a stretch image is chosen (change stretch to jessie in the image name).
Also note that kubernetes will not support mounting persistent volumes on NVME instances until Kubernetes 1.9.
* While Aggregated API Servers are supported, there are known issues in kubernetes
such as (#55022)[https://github.com/kubernetes/kubernetes/issues/55022]. Note that this includes metrics-server and kopeio
authentication. Please consider waiting for 1.8.5 / 1.9.0 before deploying into production.
* Includes fix for kube-dns CVE-2017-14491 (was also included in kops 1.7.1)
# Required Actions # Required Actions
@ -22,10 +36,77 @@ or `--networking flannel-udp` can be specified to explicitly choose a backend mo
5. Confirm cluster is back up and all canal pods are running successfully: `kops validate cluster` (this may take a few minutes for the cluster to fully validate) 5. Confirm cluster is back up and all canal pods are running successfully: `kops validate cluster` (this may take a few minutes for the cluster to fully validate)
6. Delete the upgrade job as it is no longer required: `kubectl delete job calico-upgrade-v2.5` (you can also safely delete the `clusterrole`, `clusterrolebinding` and `serviceaccount` resources that were created by the above manifest file) 6. Delete the upgrade job as it is no longer required: `kubectl delete job calico-upgrade-v2.5` (you can also safely delete the `clusterrole`, `clusterrolebinding` and `serviceaccount` resources that were created by the above manifest file)
# Full changelist # Highlighted changes
* ExperimentalCriticalPodAnnotation feature gate is now enabled by default in kubelet [@andreychernih](https://github.com/andreychernih) [#3345](https://github.com/kubernetes/kops/pull/3345) * Support for etcd3 for new clusters, also allow etcd TLS to be enabled for new clusters. etcd peer port is also locked down.
* Upgrade Calico to v2.4.1 (thanks @tmjd)
* Support for custom metrics. Please exercise caution enabling before kubernetes 1.8.5 due to aggregation known issues.
* Add `kops create secret dockerconfig`
* `kops replace --create` will now replace-or-create, which is useful for CI / automated workflows
* `--watch-ingress` flag on dns-controller can now be configured through `cluster.spec.externalDns.watchIngress: true`
* kubelet security can be enabled with `cluster.spec.kubelet.anonymousAuth: true`. Will likely be default in kops 1.9
* Improved logic around when a rolling-update is needed
* Better support and [documentation](../node_resource_handling.md) for node resources
* Enhanced cluster hooks support
* Support for clusters where network access must use an HTTP proxy
* We now automatically add a default NodeLabel with the InstanceGroup name
* Addons: added external-dns, kube-state-metrics addon. Updates for autoscaler, dashboard, heapster,
* Networking: initial support or kube-router & romana. Updates for weave, kopeio-networking, flannel, canal, calico.
* Docker: Docker 1.13.1 will be used with kubernetes 1.8 (overrides for 17.03.2 and 17.09 possible).
* Debian 9 (stretch) now supported. AMIs updated with 4.4.102 kernel. A stretch based AMI is available, but jessie
remains the default. We will likely change the default to stretch in kops 1.9 or kops 1.10.
* CoreOS: logrotate support & docker fixes
* Don't store unneeded secrets on the node
* ExperimentalCriticalPodAnnotation now enabled by default. Updated critical pod annotations to avoid eviction of system pods
* Ensure iptables forwarding is enabled, avoiding breaking CNI plugins if Docker or the OS sets a different default.
*AWS*:
* New instance types: P3, C5, M5, H1. Please note that NVME volumes are not supported on the default jessie
image, so masters will not boot on M5 and C5 instance types unless a stretch image is chosen (change stretch to jessie in the image name).
Also kubernetes will not support mounting persistent volumes on NVME instances until Kubernetes 1.9.
* Support for root provisioned IOPS.
* Properly tag public and private subnets for ELB creation in advanced network topologies
* Use SSL in ELB API server health check
*GCE*:
* Checks that networks are in auto mode, not legacy mode. You can either switch your network (`gcloud compute networks switch-mode`)
or specify a different network (current using `--vpc` flag)
* Supports rolling updates and the containerized mounter.
* Sets bucket permissions, so your state bucket and compute can be in different projects.
*Early support for*:
* DigitalOcean
* OpenStack
* Templating with `kops toolbox template`
* cloud-controller-manager
* encryption-at-rest for the kube-apiserver
* Mirroring assets to a private S3 bucket, for airgapped installs
* Mirroring configuration so that kops-state store need not be cluster-accessible (for use with kops-server)
* Phases, to allow separation of networking, security & compute management
* Audit Policy
* CA keypair rotation
* Additional Subject Alternate Names
* building code using bazel
# All PRs # All PRs

14
docs/releases/1.9-NOTES.md Normal file
View File

@ -0,0 +1,14 @@
## This document will be used to build the release notes for kops 1.9
# Significant changes
# Required Actions
# Highlighted changes
# Full change list
(will be populated from git log)