kops/docs/releases/1.8-NOTES.md

Significant changes

• flannel now has a backend property in the manifest, which can be either udp or vxlan. udp is not recommended, but will be the default value for existing clusters or clusters created via manifests. kops create cluster with --networking flannel will use vxlan, --networking flannel-vxlan or --networking flannel-udp can be specified to explicitly choose a backend mode.

• IAM lockdown on new clusters: we define the existing policy as legacy, it defaults to true for existing clusters; new clusters will have legacy: false which will mean that only IAM policies needed by kops / k8s are guaranteed to be set. If you are using IAM credentials for your application workload, please either set legacy: true, or use your own IAM roles (direct credentials or kube2iam)

• New AWS instance types: P3, C5, M5, H1. Please note that NVME volumes are not supported on the default jessie image, so masters will not boot on M5 and C5 instance types unless a stretch image is chosen (change stretch to jessie in the image name). Also note that kubernetes will not support mounting persistent volumes on NVME instances until Kubernetes v1.9.

• While Aggregated API Servers are supported, there are known issues in kubernetes such as (#55022)[https://github.com/kubernetes/kubernetes/issues/55022]. Note that this includes metrics-server and kopeio authentication. Please consider waiting for 1.8.5 / 1.9.0 before deploying into production.

• Includes fix for kube-dns CVE-2017-14491 (was also included in kops 1.7.1)

Required Actions

• Existing Calico users on clusters that were created prior to kops 1.8.0 need to be updated for the new "DefaultDeny" behavior for Kubernetes NetworkPolicies. See the Changes to k8s-policy section in the Calico release notes for help.
• Due to ThirdPartyResources becoming fully deprecated in Kubernetes v1.8 (replaced by CustomResourceDefinitions), existing Canal users upgrading their Clusters to Kubernetes v1.8 must follow the below TPR->CRD migration steps:
  1. Run: kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v2.6.2/upgrade/v2.5/manifests/upgrade-job.yaml
  2. Retrieve the pod name from describing the job: kubectl describe job/calico-upgrade-v2.5
  3. Validate the last log line from the pod reports that it completed successfully: kubectl logs calico-upgrade-v2.5-<random-id>
  4. Update the KubernetesVersion within your ClusterSpec to v1.8 (or above), performing an update & rolling-update to all nodes (will involve downtime)
  5. Confirm cluster is back up and all canal pods are running successfully: kops validate cluster (this may take a few minutes for the cluster to fully validate)
  6. Delete the upgrade job as it is no longer required: kubectl delete job calico-upgrade-v2.5 (you can also safely delete the clusterrole, clusterrolebinding and serviceaccount resources that were created by the above manifest file)

Highlighted changes

• Support for etcd3 for new clusters, also allow etcd TLS to be enabled for new clusters. etcd peer port is also locked down.

• Support for custom metrics. Please exercise caution enabling before kubernetes 1.8.5 due to aggregation known issues.

• Add kops create secret dockerconfig

• kops replace --force will now replace-or-create, which is useful for CI / automated workflows

• --watch-ingress flag on dns-controller can now be configured through cluster.spec.externalDns.watchIngress: true

• kubelet security can be enabled with cluster.spec.kubelet.anonymousAuth: true. Will likely be default in kops 1.9

• Improved logic around when a rolling-update is needed

• Better support and documentation for node resources

• Enhanced cluster hooks support

• Support for clusters where network access must use an HTTP proxy

• We now automatically add a default NodeLabel with the InstanceGroup name

• Addons: added external-dns, kube-state-metrics addon. Updates for autoscaler, dashboard, heapster,

• Networking: initial support for kube-router & romana. Updates for weave, kopeio-networking, flannel, canal, calico.

• Docker: Docker 1.13.1 will be used with kubernetes 1.8 (overrides for 17.03.2 and 17.09 possible).

• Debian 9 (stretch) now supported. AMIs updated with 4.4.102 kernel. A stretch based AMI is available, but jessie remains the default. We will likely change the default to stretch in kops 1.9 or kops 1.10.

• CoreOS: logrotate support & docker fixes

• Don't store unneeded secrets on the node

• ExperimentalCriticalPodAnnotation now enabled by default. Updated critical pod annotations to avoid eviction of system pods

• Ensure iptables forwarding is enabled, avoiding breaking CNI plugins if Docker or the OS sets a different default.

AWS:

• New instance types: P3, C5, M5, H1. Please note that NVME volumes are not supported on the default jessie image, so masters will not boot on M5 and C5 instance types unless a stretch image is chosen (change stretch to jessie in the image name). Also kubernetes will not support mounting persistent volumes on NVME instances until Kubernetes v1.9.
• Support for root provisioned IOPS.
• Properly tag public and private subnets for ELB creation in advanced network topologies
• Use SSL in ELB API server health check

GCE:

• Checks that networks are in auto mode, not legacy mode. You can either switch your network (gcloud compute networks switch-mode) or specify a different network (current using --vpc flag)
• Supports rolling updates and the containerized mounter.
• Sets bucket permissions, so your state bucket and compute can be in different projects.

Early support for:

• DigitalOcean
• OpenStack
• Templating with kops toolbox template
• cloud-controller-manager
• encryption-at-rest for the kube-apiserver
• Mirroring assets to a private S3 bucket, for airgapped installs
• Mirroring configuration so that kops-state store need not be cluster-accessible (for use with kops-server)
• Phases, to allow separation of networking, security & compute management
• Audit Policy
• CA keypair rotation
• Additional Subject Alternate Names
• building code using bazel

All PRs

to beta.1

• Fix typo in the apireference README @jphuynh #3056
• Adding remainder of 1.7 relnotes @justinsb #3059
• raising logging levels and removing dead code @chrislovecnm #3051
• Node Secrets @gambol99 #3058
• Striking unnecessary conversion-gen instruction @AlexB138 #3084
• Fix small typo @PaulCapestany #3100
• AWS: root volume provisioned IOPS support @yoz2326 #3102
• Update update_kops.md @DevipriyaSarkar #3108
• Fix Wildcard domains returned as ASCII in dns-controller @mikesplain #3110
• remove source/destination check requirement for kube-router from docs @murali-reddy #3107
• docs/topology - Fix the rolling-update command @msvbhat #3095
• Updated Heapster for kubernetes 1.7.0 @Globegitter #3074
• Vetting / Formatting / Cleanup @gambol99 #3078
• Sync image version @bhack #3128
• Add kops create secret dockerconfig feature @blakebarnett #3087
• added wider toleration to calico-node daemonset (#2857) @igorcanadi #3097
• Update kube-proxy to handle aws returning multiple hostnames @erickt #3067
• adding warning about --full @chrislovecnm #2950
• Configure docker on CoreOS/ContainerOS @johanneswuerbach #3098
• added missing command in documentation @gekart #3116
• Add k8s dashbard v1.6.2 @Globegitter #3075
• Kube Proxy Feature Gates @gambol99 #3130
• Update aws.md for SSH Key pair generation instructions @sathiyas #3138
• MVP of templating @mad01 #3040
• Rename OWNERS assignees: to approvers: @spiffxp #3133
• CoreOS: Ensure docker configuration is loaded @johanneswuerbach #3134
• Fixing clusterautoscaler rbac @BradErz #3145
• Fix for Canal Taints and Tolerations @prachetasp #3142
• Etcd TLS Options @gambol99 #3114
• Kops Replace Command - create unprovisioned @gambol99 #3089
• Add support for cluster using http forward proxy #2481 @DerekV #2777
• Fix Typo to improve GoReportCard @asifdxtreme #3156
• Update alpha channel with update image & versions @justinsb #3103
• Fix dropped error in kops cmd package @alrs #3175
• Use SSL in ELB API server health check @johanneswuerbach #3151
• Specify initial period in gossip-based cluster name pattern @neocortical #3173
• Clarify docs: rename spec/specification into desired configuration @kenden #2542
• Kubelet API Certificate @gambol99 #3125
• better error messages with docker api @chrislovecnm #3034
• Add cluster spec to node user data so component config changes are detected @KashifSaadat #3120
• Tighten down S3 IAM policy statements @KashifSaadat #3158
• Initial cloud interface for DigitalOcean @andrewsykim #3188
• Etcd v3 Support @gambol99 #3176
• Fix Typo in Contributor Code of Conduct @mbssaiakhil #3192
• Cluster Hooks Enhancement @gambol99 #3063
• Add documentation on handling node resources @itskingori #2992
• resolve #3169 @orrchen #3193
• Update Code of Conduct @mbssaiakhil #3204
• Bump version to 1.7.1-beta.1 @justinsb #3216
• Fix quote typo on dev-build @mikesplain #3214
• fix typo in boot-sequence.md @lichuqiang #3212
• s/addding/adding/ in ssh logs @krzyzacy #3209
• Fix typo in link (lables.md -> labels.md) @lsowen #3213
• Fix docs to reference kubernetesApiAccess, not apiAccess @justinsb #3113
• fix typo in bastion.md @lichuqiang #3217
• Correctly set lifecycle on LB resources @KashifSaadat #3226
• Rework legacy validation to use field error helpers @justinsb #3148
• fix kops_completion.md doc @lichuqiang #3228
• Changes on CoreOS related documentation. @tigerlinux #3205
• Update Canal to the latest @tmjd #3187
• Update to Calico 2.4.1 @tmjd #3162
• adding socat with rhel family @chrislovecnm #3231
• fix typo in docs/node_resource_handling.md @lichuqiang #3233
• Add hooks to bootstrapscript output @KashifSaadat #3195
• Don't force ig image change on cluster upgrade if it is custom. @KashifSaadat #3232
• Add iptables to docker-xenial dependencies @justinsb #3092
• Add integration tests for shared subnet & VPC @justinsb #3041
• starting work on file assets builder @chrislovecnm #3085
• Bump alpha channel: 1.7.4 and 1.6.7 @justinsb #3239
• Implement DigitalOcean Volume FI Task @andrewsykim #3244
• Set lifecycle on ElasticIP and NAT Gateway tasks to avoid spurious changes @KashifSaadat #3242
• Delete old tags when cloudLabels / labels / taints are removed @KashifSaadat #3207
• Improving etcd volume detection logic, ensuring that root volumes are not mounted @chrislovecnm #3208
• Add proxy client support @tsandall #3165
• Fix minor typo @Rajadeepan #3241
• Create cluster requirements for DigitalOcean @andrewsykim #3248
• inventory assets - mapping and uploading kubernetes containers @chrislovecnm #3025
• Cluster / InstanceGroup File Assets @gambol99 #3090
• Allow the strict IAM policies to be optional @KashifSaadat #3210
• Promote alpha to stable channel @justinsb #3238
• Fix README.md fragment links @poweld #3260
• Fix heading on 1.7 notes @justinsb #3237
• Add hints to CF integration test @justinsb #3139
• Add documentation to kube-router section of docs/networking @murali-reddy #3262
• Update images in CI tests @justinsb #3264
• Validate AWS machine type on cluster ig update @KashifSaadat #3257
• Docker Default Ulimits @gambol99 #3259
• Read the channel from the local filesystem during tests @justinsb #3183
• Started release notes for 1.7.1 @tmjd #3261
• Inline Component Configuration Fix @gambol99 #3267
• Adding support for adding ssh public key from file @mad01 #3245
• Fix Broken Link @Rajadeepan #3266
• Explicit CreateCluster & UpdateCluster functions @justinsb #3240
• remove --cluster-cidr from kube-router's manifest. @murali-reddy #3263
• Replace deprecated aws session.New() with session.NewSession() @alrs #3255
• Kops command fixes @alrs #3277
• Update go-ini dep to v1.28.2 @justinsb #3283
• Add go1.9 target to travis @justinsb #3279
• Refactor apiserver templates @georgebuckerfield #3284
• Kops Secrets on Nodes @gambol99 #3270
• Add Initializers admission controller @justinsb #3289
• Limit the IAM EC2 policy for the master nodes @KashifSaadat #3186
• Allow user defined endpoint to host action for Canal @KashifSaadat #3272
• Fix space in rolling-update cluster help @justinsb #3285
• AWS: Always use verbose errors @justinsb #3281
• Fixes reading /root/.docker/config.json on debian @blakebarnett #3198
• Implementing GCE as an interface - modelling aws cloud provider @chrislovecnm #3292
• Add missed error handling on session.NewSession @justinsb #3280
• Refactor PKI classes into their own package @justinsb #3288
• baremetal: relax validation on subnets & networking @justinsb #3301
• Update aws.md pointing links to the k8s slack directly @krishna-mk #3306
• Kubelet Readonly Port @gambol99 #3303
• Additional Kubelet Options @gambol99 #3302
• Misc go vet fixes @justinsb #3307
• Adds DNSControllerSpec and WatchIngress flag @geojaz #2504
• Fixes #3317 allowing to spawn flannel on all nodes in the cluster @BradErz #3318
• Fix broken link in aws.md @BlueMonday #3324
• refactor resource tracker to be usable across packages @andrewsykim #3331
• Fix RenderGCE issue on Address @justinsb #3338
• Extract UserData from CloudFormation output during testing @justinsb #3299
• Create Keyset API type @justinsb #3286
• Check actual EbsOptimized status during cluster update @Pharb #3314
• Makefile clean @alrs #3332
• nodePortAccess, experimental spec override flag @justinsb #3336
• Toolbox template @gambol99 #3287
• docs: fix broken vSphere doc link @PI-Victor #3361
• Prevent Docker build environments from creating root-owned artifacts @alrs #3354
• Add CreateSecurityGroup permission @justinsb #3362
• Flannel: change default backend type @justinsb #3190
• Warn if SSH fingerprint is obviously bad @justinsb #3300
• Other regions require LocationConstraint @reenl #3337
• Skeleton bare-metal provider @justinsb #3291
• switch monitoring-standalone to v1.7.0 @fvasco #3372
• Added ability to set --service-node-port-range @robinpercy #3333
• small docs improvement @RichardBronosky #3377
• add autoscaling:DescribeLaunchConfigurations permission @rushtehrani #3346
• Add a doc to describe how to use kops in AWS China @qqshfox #3360
• Allow cluster autoscaler addon to read statefulsets @johanhubens #3364
• Support for deleting tokens & keypairs @justinsb #3359
• Makefile improvements @alrs #3369
• Add romana to built-in CNI options @cgilmour #3290
• Correct typo in Hooks Spec examples @KashifSaadat #3381
• Honor ServiceNodePortRange when opening NodePort access @justinsb #3379
• More Makefile improvements @alrs #3380
• Revision to IAM Policies created by Kops @chrislovecnm #3343
• Add file assets to node user data scripts, fingerprint fileAssets and hooks content. @KashifSaadat #3323
• Makefile remove redundant logic @alrs #3390
• Makefile: build kops in dev-mode by default @justinsb #3402
• GCS: Don't reuse same error message @justinsb #3396
• Create minimal mock GCECloud, first test @justinsb #3391
• GCE: Fix logic around change detection @justinsb #3401
• baremetal: more wiring up @justinsb #3407
• cluster-autoscaler should use dnsPolicy Default @andrewsykim #3395
• Update provisioned iops doc example @afalko #3417
• GCE: Prevent instancetemplate spurious mismatches @justinsb #3404
• Makefile: use hack/.packages instead of go list @justinsb #3400
• Allow specifying a SSH key name for AWS @johnzeringue #3215
• Allow cluster-autoscaler to list/watch StatefulSets @carlossg #3202
• SecretStore and CAStore implementations backed by API @justinsb #3409
• GCE: move file assets to writeable location @justinsb #3399
• GCE: Don't open NodePort range to all by default @justinsb #3403
• Support additional config options for Canal Networking @KashifSaadat #3421
• Changed the s3 bucket creation command. @timothyjosefik #3422
• Remove unused GCE/AWS options @justinsb #3405
• Makefile kops-install default @alrs #3426
• Dump invalid HCL if we hit it @justinsb #3393
• DNS Controller Limitation @gambol99 #3330
• Add apimachinery changes to enable cloud controller manager @wlan0 #3408
• Support for using hostPort when using calico @felipejfc #3206
• improve documentation for secrets @smelchior #2925
• GCE: Don't remove (shared) DNS Zone @justinsb #3398
• Support encryption-at-rest for the kube-apiserver @georgebuckerfield #3368
• Add function to get etcd status @justinsb #3147
• Makefile: use go install @justinsb #3430
• Makefile: add missing deps to gobindata @justinsb #3431
• Fix a few typos and clean up hooks section @orangejulius #3429
• Makefile: was not exiting on test failures @justinsb #3434
• Create GCE networks in auto mode, not legacy mode @justinsb #3435
• baremetal: fill out more of the baremetal mappings @justinsb #3406
• AWS mock provider should use the AWS cloudprovider id @justinsb #3436
• getting rid of uneeded logging in ux @chrislovecnm #3437
• promoting drain and validate by setting feature flag to true @chrislovecnm #3329
• bump channels dashboard to 1.6.3 @so0k #3444
• GCE: Avoid nil dereference on new GCE networks @justinsb #3447
• Enable ExperimentalCriticalPodAnnotation feature gate @andreychernih #3345
• Fix version comparison: mask out pre & build fields @justinsb #3449
• Add external-dns as addon. @haad #3383
• ETCD container mount /etc/hosts file @catherinetcai #3423
• Fix integration test @justinsb #3451
• Add permissions for cluster autoscaler addon to scale down @johanhubens #3419
• Manifest files @gambol99 #3229
• Doc updates to clarify and fix typos in rolling-update cmd. @jlaswell #3458
• GCE: Ignore Lifecycle in forwarding rule @justinsb #3456
• baremetal: error if NetworkCIDR set @justinsb #3495
• Set critical pod annotations @julianvmodesto #3481
• Refactoring to use cloud method for getting cloud groups @chrislovecnm #3446
• Support GCE MIGs of size 0 @justinsb #3480
• using same disk sizes for gce @chrislovecnm #3478
• Debian 9 (stretch) support @justinsb #3491
• Minor cleanups to #3446 @justinsb #3493
• Add docs that debian 9 images should work @justinsb #3497
• Add Zones field to InstanceGroup @justinsb #3439
• GCE: fix makefile push-gce-run @justinsb #3484
• Reduce log severity of not-unexpected nodeup log message @justinsb #3485
• Clean up comment on MaxTaskDuration @justinsb #3487
• golint: rename two receievers for awsCloudImplementation @justinsb #3492
• makefile: add 3 PHONY targets @justinsb #3483
• Use IsKubernetesGTE helper instead of reparsing semver @justinsb #3486
• Add critical pod annotations to our system pods @justinsb #3494
• Mirror keystore & secretstore @justinsb #3411
• Makefile basic debugging in Travis @alrs #3506
• Update dependencies to match kubernetes 1.8 @justinsb #3508
• Update kube-dns to 1.14.5 for CVE-2017-14491 @mikesplain #3511
• Fix silly typo @mikesplain #3513
• docs: clean up installation instructions @justinsb #3517
• Tweak signature in #3478 @justinsb #3496
• rolling-update - initial GCE support @justinsb #3507
• Support wget for download, not just curl @justinsb #3490
• Initial bazel support @justinsb #3510
• bazel: tweaks to get build & test working @justinsb #3523
• bumping k8s versions in test files @chrislovecnm #3477
• Map docker 1.13.1 & 17.03.1, default 1.8 to 1.13.1 @justinsb #3462
• bazel: fix overlapping file paths in update cluster test @justinsb #3525
• GCE: strip prefixes from Zone & MIG Name @justinsb #3531
• GCE: use recreateInstance when rolling a MIG @justinsb #3533
• Update Google COS image @justinsb #3460
• Added documentation on best practices for creating clusters with HA m… @jatan28 #3540
• Minor spelling fix @thomaschaaf #3542
• nodeup: warn if no docker version matched @justinsb #3532
• Fix CVE for kube-dns pre k8s 1.6 @mikesplain #3538
• First tutorial page: getting started with GCE @justinsb #3528
• setting variable in func instead inside of func call @chrislovecnm #3548
• updating paths in Makefile for docker oddness @chrislovecnm #3556
• Newer versions of docker do not follow Semantic Versioning @brdude #3559
• updating kops version so that we do not get warnings, fixing cf tests @chrislovecnm #3547
• Fixing stdout on tests - cleaning house @chrislovecnm #3474
• Add unit test for model helper functions @justinsb #3448
• GCE: Fix subnets vs zones formatting of instance groups @justinsb #3524
• GCE: install containerized mounter on COS @justinsb #3482
• GCS paths; retry on error @justinsb #3461
• CVE-2017-14491 Documentation Hot Fixes and kops fixes @chrislovecnm #3563
• Enable logrotate for Kubernetes configs on CoreOS @julianvmodesto #3488
• Etcd V3 & TLS Support @gambol99 #3514
• Use system:kube-router User for clusterrole binding @murali-reddy #3522
• thinning out issue template @chrislovecnm #3479
• Makefile: fix order of directory creation @justinsb #3569
• Add missing hack/make-gendocs.sh script @justinsb #3567
• Move old 1.7.1 release notes to 1.8.0 to expedite hotfix release @mikesplain #3572
• 1.7.1 Release notes for master @mikesplain #3573
• Added PolicyConfigMap and PolicyConfigMapNamespace to KubeSchedulerConfig @whs #3546
• Document Enabling custom metrics API using kops @RahulMahale #3570
• Replace logrotate crontab with systemd timer @julianvmodesto #3568
• Update gce storage url @enxebre #3582
• mounting kubectl from the host instead to installing in protokube @chrislovecnm #3550
• update kubernetes-dashboard image version to v1.7.0 @zouyee #3459
• Docs tweak - specify flag, not kube-up env var @justinsb #3583
• Release docs update git push command @justinsb #3584
• Create logrotate service where not installed by default @justinsb #3590
• Mock kops version in tests @justinsb #3594
• Update homebrew release docs. @mikesplain #3596
• Fix old custom build instructions @justinsb #3585
• bazel versions of test, build, push-aws-run & push-gce-run @justinsb #3591
• Fix .PHONY @mikesplain #3598
• GCE: Limit length of InstanceTemplate names @justinsb #3593
• Sort terraform literals in ELB task @justinsb #3588
• Promote alpha channel to stable, update alpha channel with latest @justinsb #3586
• updating cve advisory for kops-1.7.1 release @chrislovecnm #3580
• kops get ... should exit with non-zero if the resource don't exist @erickt #3610
• Update Weave Net to version 2.0.5 @bboreham #3614
• Add permissions to cluster autoscaler to get statefulsets @carlossg #3624
• Modified OS detection logic when updating http proxy settings. @KashifSaadat #3587
• Reduce log level in protokube @justinsb #3622
• updating bazel test to output failed tests @chrislovecnm #3627
• Simplify protokube mounter using nsenter executor @justinsb #3621
• Docker dependencies for docker 1.12.6 on RHEL @justinsb #3628
• GCE: Install correct storage class @justinsb #3629
• adding missing lifecycle to route table task @chrislovecnm #3616
• Phase integration tests @chrislovecnm #3619
• kopeio-vxlan: mark critical, remove cpu limit @justinsb #3632
• Weave Net: add critical-pod annotation and toleration for rescheduler @bboreham #3638
• Add missing "-nanny" in image name. @willaustin #3640
• Add Calico v2.5 support for Kubernetes v1.8+ @KashifSaadat #3623
• link to cve Advisory release doc fixed @alifa20 #3648
• fixing bazel missed BUILD stuff @chrislovecnm #3641
• Avoid spurious mirror tasks in plan @justinsb #3656
• Fix misssing bazel dependency @justinsb #3657
• Add kops toolbox template docs @kenden #3655
• simplified AWS tutorial instruction to export AWS env variables @choang #3662
• fixing bazel testing for upup @chrislovecnm #3660
• Add HorizontalPodAutoscalerSyncPeriod for kubeControllerManager @mikesplain #3673
• Added example output from a 1.4.12 cluster @r4j4h #3674
• Add Cloud Controller Manager addon @wlan0 #3630
• Add etcd settings to nodeup and protokube @mschurenko #3675
• Add myself as a reviewer @andrewsykim #3667
• update kubernetes-dashboard image version to v1.7.1 @tallaxes #3652
• Bump channels version of dashboard to 1.7.1 @so0k #3681
• [AWS] Properly tag public and private subnets for ELB creation @geojaz #3682
• Kops Toolbox Template Missing Variables @gambol99 #3680
• Delete firewall rules on GCE @justinsb #3684
• Fix typo in SessionAffinity terraform field @justinsb #3685
• Grant kubelets system:node role in 1.8 @justinsb #3683
• bazel: Add missing dep on k8s.io/kubernetes/pkg/cloudprovider/providers/aws @justinsb #3687
• Rename flag from network-plugin-dir -> cni-bin-dir @justinsb #3688
• Bump kopeio networking to 20171015 @justinsb #3637
• Add IAM Permissions so nodes can access AWS ECR @KashifSaadat #3690
• Add a v1.7.0 storage addon resource. @mikesplain #3677
• Initial aggregation work @justinsb #3679
• kops-server: ig short-name @justinsb #3686
• bazel updates to generate go-bindata @chrislovecnm #3689
• Renaming IAM Phase to Security @chrislovecnm #3639
• Fixing phases for security groups and elbs @chrislovecnm #3704
• etcd using asset builder @chrislovecnm #3661
• adding kubernetes core rate limiter handlers @chrislovecnm #3472
• UsePolicyConfigMap for kube-scheduler @whs #3581
• Allow disabling kube-proxy @brdude #3699
• Implement DigitalOcean Droplet FI Task @andrewsykim #3707
• update to imports that apimachinery is doing now automatically @chrislovecnm #3710
• Updates from running gazelle @justinsb #3713
• GCE: Set up permissions for cross-project configurations @justinsb #3712
• Updates for p3 machine type @dvavili #3715
• API docs updates @chrislovecnm #3520
• Use compute API to fetch default service account directly @justinsb #3718
• Audit Policy File @gambol99 #3692
• Refactor toolbox dump & dump structured instances @justinsb #3719
• Apply goimports formatting to upup/pkg/fi/cloudup/gcetasks/ @justinsb #3725
• Fix comment on Lifecycle constant @justinsb #3724
• Fix error message in StorageBucketIam task @justinsb #3723
• Move DeleteResources into pkg/resources/utils @justinsb #3720
• Refactor gce resources into pkg/resources/gce @justinsb #3721
• Add initial docs for how to rotate a CA keypair @justinsb #3727
• GCS: Use ACLs for GCE permissions @justinsb #3726
• Kops Template YAML Formatting @gambol99 #3706
• Tolerate errors from Find for tasks with WarnIfInsufficientAccess @justinsb #3728
• GCE Dump: Include instance IPs @justinsb #3722
• Route53 based example @tigerlinux #3367
• Update IAM roles documentation based on recent changes. @KashifSaadat #3732
• GCE: log the service account & scopes in use @justinsb #3742
• Add comment on purpose of kops keypair @justinsb #3741
• Fix log messages from storage acl tasks @justinsb #3737
• Generate gazelle @justinsb #3738
• Clarify comment on ReadTree @justinsb #3740
• fix typo in comment: mananging @justinsb #3739
• GCE: Use CloudPlatformScope when requesting a token @justinsb #3736
• Audit Policy Docs @gambol99 #3747
• update gophercloud to the newest version @zengchen1024 #3744
• Fix shared subnet/vpc tags @justinsb #3184
• GCE: log when loading from GOOGLE_APPLICATION_CREDENTIALS @justinsb #3748
• updating files for goimports - and fixed a unit test @chrislovecnm #3752
• Adding back to the approvers @geojaz #3756
• Template Fixes @gambol99 #3731
• Add node-to-master IPIP to kuberouter @iterion #3730
• Enable IAM Container Registry permissions by default when creating a cluster (#3760). @KashifSaadat #3761
• [Add-on] Add kube-state-metrics add-on @tuannvm #3653
• Add makefile target to check markdown links @aledbf #3758
• Add service account for elasticsearch and fluentd @thoslin #3743
• Implement vfs with openstack swift @zengchen1024 #3708
• Spelling fixes @justinsb #3700
• goimports cleanup && basel files @chrislovecnm #3764
• Create YAML or JSON Clusterspec without creating the cluster @chrislovecnm #2954
• deprecated API values that are no longer used with kube-dns @chrislovecnm #3771
• Rationalize timeouts for rolling-update @justinsb #3658
• windows kops.exe binary support @chrislovecnm #3770
• updating to bazel 0.0.7 and adding verify scripts @chrislovecnm #3769
• adding -y @chrislovecnm #3767
• updating api documentation @chrislovecnm #3774
• removing windows from shipbot @chrislovecnm #3775
• Fix Sirupsen/logrus submodule path error @liranp #3779
• Add additional Describe permissions required for Romana CNI @cgilmour #3778
• gazelle updates with new bazel version @chrislovecnm #3776
• fixing panic with iam unit tests @chrislovecnm #3782
• Updates for latest bazel / vendor @justinsb #3781
• Allows additional Subject Alternate Names @pdh #2063
• Add --master-public-name argument to kops create_cluster @mdavidsen,@justinsb #3385

beta.1 to beta.2

• Add PRs to 1.8 release notes @justinsb #3785
• Update Canal to use Calico v2.6.2. @KashifSaadat #3786
• Toolbox Templating Docs @gambol99 #3800
• DNS Controller Watch Command line @gambol99 #3798
• Update tolerations in Canal spec so the pods can run on all nodes. @KashifSaadat #3802
• Bugfix kops update always detecting changes when using ExecContainerAction. @KashifSaadat #3790
• Allow passing in extra user-data to cloud-init @brdude #3633
• Consolidate two separate CNI sections @ahrkrak #3811
• Update docs for 1.7.1 @mikesplain #3810
• updating bazel build version @chrislovecnm #3814
• Debian Stretch versions for Docker to support K8s 1.8 @mikn #3807
• Add Node IAM permissions to access kube-router key in S3. @KashifSaadat #3795
• Add a default NodeLabel with the InstanceGroup name @georgebuckerfield #3783
• Bump alpha and stable to latest @pierreozoux #3797
• Add support for C5 instance family @shamil #3794
• san api update @chrislovecnm #3815
• FeatureGates support in all the components @diegows #3805
• kube-router: remove beta annotation versions (deprectated in 1.8) of init container @murali-reddy #3620
• Fixed the broken link for aws doc. @shashanktomar #3831
• Bump alpha channel for 1.8 @justinsb #3825
• Fix resources for etcd-events @justinsb #3843
• Fix CNI CPU allocations @justinsb #3844
• Update bazel build files @justinsb #3842
• Fix CoreOS logrotate service failure. @KashifSaadat #3846
• Update calico template @itajaja #3803
• Fix error message when not specify --cloud or --zones @justinsb #3841
• Add HPA up/downscale delay @discordianfish #3847
• Updating API documentation @chrislovecnm #3827
• Add edit flag so create instancegroup command is usable on scripts @jchanam #3787
• add openstack cloud provider @zengchen1024 #3820
• Fix gazelle @justinsb #3850
• Tweak kops create ig flag to edit, not editor @justinsb #3849
• Apply gossip dns changes to 1.8 calico version also @marshallbrekka,@justinsb #3851
• Update Additional user-data per #3853 @dgem #3854
• updating api docs @chrislovecnm #3856
• Verify that no extra records remain after a reconnection @justinsb #3858
• Use upsert when applying DNS records @justinsb #3859
• Fix Autoscaling flag on Controller Manager Config @david92rl #3872
• Include encryptionConfig setting within userdata for masters. @KashifSaadat #3874
• Add Example for instance group tagging @sergeohl #3879
• README and issue template updates @chrislovecnm #3818
• Kops Template Config Value @gambol99 #3863
• Fix spelling @jonstacks #3864
• Improving UX for placeholder IP Address @chrislovecnm #3709
• Bump all flannel versions to latest release - v0.9.1 @tomdee #3880
• Add support for docker 17.09.0 version @dvavili #3881
• upscale-delay flag in two more places @justinsb #3890
• Changing the prefix of the ResourceTag condition @ftoresan #3889
• Support replacing kops secrets via force flag @KashifSaadat #3899
• Implement volume task for Openstack platform @zengchen1024 #3893
• fix: paths in cluster_template.md @Moshe-Immerman #3897
• Respect the shared tag when deleting route tables @georgebuckerfield #3887
• generate gazelle for cinder volume tasks @zengchen1024 #3904
• Owners files @gambol99 #3906
• Version and validation updates for romana networking. @cgilmour #3892
• Add homebrew devel and HEAD notes to docs. @mikesplain #3826
• Updated 1.8 release notes to cover Canal manual upgrade steps. @KashifSaadat #3908
• Updating Calico manifests to Calico release 2.6.2 @chrislovecnm #3869
• Set SleepDelay function in AWS @justinsb #3913
• bazel: fix tests/ directory @justinsb #3922
• Avoid generating a CA keypair on-demand @justinsb #3925
• Added .service to hooks unit files @aleerizw #3920
• DNS Controller Optional @gambol99 #3822
• Use EnsureTask so we don't have to track directories as closely @justinsb #3926
• Block etcd peer port from nodes @justinsb #3923
• Don't add .service extension if already there @aleerizw,@justinsb #3929
• Promote 1.5.8 and 1.6.11 to stable channel @justinsb #3931
• Put the 1.8 image into the alpha channel @justinsb #3930
• Bump alpha channel k8s versions @justinsb #3932
• Update kopeio auth @justinsb #3928
• Map horizontal-pod-autoscaler-use-rest-clients flag @itskingori #3939
• Bump all our base docker images @justinsb #3940

beta.2 to 1.8.0

• Add Dashboard v1.8.0 deployment @maciaszczykm #3936
• Rename dashboard manifest so it has extension @justinsb #3946
• Fix flannel version @mikesplain #3953
• Fix flannel error on starting @mikesplain #3956
• Fix brew docs typo @mikesplain #3949
• kops not Kops @chrislovecnm #3960
• openapi doc updates @chrislovecnm #3948
• Add kubernetes-dashboard addon version constraint @so0k #3959
• Initial support for nvme @justinsb #3969
• Fix typo in kops get cluster --full hint @justinsb #3968
• Ensure iptables forwarding is enabled @justinsb #3977
• Put latest AMIs into alpha channel @justinsb #3979
• Fix segfault when updating non-existent object @justinsb #3980
• Guard against nil pointers in tryResourceAsString @justinsb #3982
• Allow GCE network to be reconfigured @justinsb #3988
• Fix kubernetes version selectors on alpha channel @justinsb #3984
• Provide better message if GCE network is in legacy mode @justinsb #3989
• Add support for M5 and H1 instance families @ripta #3990
• Bump image in alpha channel: ENA in jessie @justinsb #3992