48 KiB

Raw Blame History

Release notes for kops 1.19 series

(The kops 1.19 release has not been released yet; this is a document to gather the notes prior to the release).

Significant changes

Changes to kubernetes config export

Kops will no longer automatically export the kubernetes config on kops update cluster. In order to export the config on cluster update, you need to either add the --user <user> to reference an existing user, or --admin to export the cluster admin user. If neither flag is passed, the kubernetes config will not be modified. This makes it easier to reuse user definitions across clusters should you, for example, use OIDC for authentication.

Similarly, kops export kubecfg will also require passing either the --admin or --user flag if the context does not already exist.

kops create cluster --yes exports the admin user along with rest of the cluster config, as is existing behaviour.

Other significant changes

New clusters will now have one nodes group per zone. The number of nodes now defaults to the number of zones.
On AWS kops now defaults to using launch templates instead of launch configurations.
Clusters using the Amazon VPC CNI provider now perform an ec2.DescribeInstanceTypes call at instance launch time. In large clusters or AWS accounts this may lead to API throttling which could delay node readiness. If this becomes a problem please open a GitHub issue.
Alpha support for Hashicorp Vault as store for secrets and keys. See the Vault state store docs.
New clusters running Cilium will have enabled BPF NodePort by default if kubernetes version is 1.12 or newer.
The kops update cluster command will now refuse to run on a cluster that has been updated by a newer version of kops unless it is given the --allow-kops-downgrade flag.

Breaking changes

Support for Kubernetes 1.9 and 1.10 has been removed.
Support for the Romana networking provider has been removed.
Support for legacy IAM permissions has been removed. This removal may be temporarily deferred to kops 1.20 by setting the LegacyIAM feature flag.

Required Actions

Deprecations

Support for Kubernetes versions 1.11 and 1.12 are deprecated and will be removed in kops 1.20.

Full change list since 1.18.0 release

v1.18.0-alpha.3 to v1.19.0-alpha.1

Add etcd-manager certificate expiration advisory @rifelpet #9030
Treat NatGatewaysNotFound error as already-deleted @johngmyers #9052
Allow cluster maintenance when channel is unavailable @johngmyers #9053
Release notes for 1.18.0-alpha.3 @justinsb #9075
Release notes for 1.17.0-beta.2 @justinsb #9073
Disable TX checksum offload for Flannel VXLAN @hakman #9074
Added support for configuring disable-attach-detach-reconcile-sync in… @andersosthus #9068
Add advisory notice to readme and docs homepage @rifelpet #9083
Revert "feat(openstack): propagate cloud labels to machines" @zetaab #9087
kube-apiserver: healthcheck via sidecar container @justinsb #9069
Include secondary protocol flag always @jacksontj #9008
Fix port conflict on etcd-cilium vs dns-controller memberlist @justinsb #9097
kube-apiserver-healthcheck: actually enable on 1.17 @justinsb #9098
Update instance_groups.md @ranshn #9072
Fix containerd image side-loading @hakman #9101
Dont use terraform's file() for singleline strings in GCE metadata @rifelpet #9084
Add documentation on gossip @olemarkus #9111
upgrade to use cinder v3 api @zetaab #9113
Fix zsh completion @olemarkus #9108
Add unit test for util/pkg/hashing/hash.go @Hellcatlk #9114
Spotinst: Allow users to disable the controller add-on @liranp #9091
Fail cluster validation if too few nodes for ig's target size @johngmyers #9126
Adding most recent version of kube-state-metrics - 1.9.5 @MoShitrit #9125
PKI code cleanup @johngmyers #9106
Return cluster validation failure if ASG missing @johngmyers #9118
Add EC2 Instance LifeCycle label @atmosx #9121
add some unit tests @q384566678 #8960
Remove code for unsupported Kubernetes version @johngmyers #9134
http download: set a timeout to avoid hangs @justinsb #9136
Move CNI docs to their own files @olemarkus #9107
Added Launch Template support for instance interruption behavior @tomesm,@rifelpet #9024
DNS: Don't try to apply empty changesets @justinsb #8464
Remove redundant menu item in the docs site @rifelpet #9144
Remove Classic networking from docs @johngmyers #9142
doc: Typo in docs/state.md @nvanheuverzwijn #9147
Spotinst: Documentation @liranp #9139
Map kube-apiserver service-account-jwks-uri flag @justinsb,@rifelpet #9133
Don't put bastions in the utility subnets @johngmyers #9124
Create golden image test for nodeup kube-apiserver @justinsb #8950
Add unit test for func matchesElbTags @hs0210 #8989
Remove support for reading legacy-format keypairs @johngmyers #9131
Update alpha channels with May updates @MoShitrit #9155
Add support for Kubenet with containerd @hakman #9104
[Digital Ocean] Handle logic for kops edit/update cluster @srikiz #9116
Move OS deprecations to deprecations section of relnotes @johngmyers #9093
Add unit test case for pkg/k8sversion/version_test.go @Hellcatlk #9112
Update OWNERS file @johngmyers #9105
Minor doc fix. address is not valid to use, will cuase etcd faili… @granular-ryanbonham #9160
GCE: don't rely on hostname being correct @justinsb,@rifelpet #9135
Reduce test flakiness @johngmyers #9164
Add unit test case for pkg/apis/kops/util/versions_test.go @Hellcatlk #9156
Spotinst: New hybrid integration mode @liranp #7252
Fix nodetask.File dependency on owner @johngmyers #9169
Networking cleanup @olemarkus #9157
Update DigitalOcean cloud-controller-manager to v0.1.24 @timoreimann #9179
Update etcd-manager to 3.0.20200527 @justinsb #9184
Use debian as default image for DO images @srikiz #9181
Remove all versions of a file form the S3 bucket @hakman #9171
Remove unused VFSScan @johngmyers #9174
Remove loader support for nodeup tasks not used in models @johngmyers #9170
Document etcd-manager backups retention settings @hakman #9187
Add gjtempleton as reviewer @johngmyers #9183
Fix nits for removal of S3 file versions @hakman #9188
Remove support for CoreOS and Jessie @johngmyers #9065
Update Bazel rules for Docker to v0.14.2 @hakman #9196
Remove support for the legacy etcd provider as of k8s 1.18 @johngmyers #8826
Add deprecation notice for legacy etcd provider to 1.17 relnotes @johngmyers #9201
Add comment in OWNERS linking to test-infra OWNERS files @rifelpet #9202
Fix repo packages not being installed @hakman #9203
Allow listing versions for objects in the S3 bucket @hakman #9205
Try validating multiple times before updating instancegroup @johngmyers #9165
Use kubescheduler.config.k8s.io/v1beta1 for Kubernetes 1.19 @hakman #9204
Update adding_a_feature.md with more modern example @johngmyers #9208
Add example for delete secret @q384566678 #9198
Upgrade docker/containerd/containeros hashes to SHA256 @johngmyers #9215
Release notes for 1.16.3 @justinsb #9219
Remove extraneous markdown files in pkg/apis @rifelpet #9220
Release notes for 1.17.0 @justinsb #9222
Remove unused file @johngmyers #9218
Update set-version script to bump tag in Makefile @justinsb #9224
Start release notes for kops 1.19 @justinsb #9223
Use AWS SDK to fetch metadata @justinsb #9227
S3 DeleteAllVersions: use pagination @justinsb #9228
Bump compatibility matrix for kops 1.17 @johngmyers #9225
Validation: MixedInstancePolicy need not override instance types @justinsb #9231
GCE: fix typo @justinsb #9232
Add packages hashes verification for containerd and Docker @hakman #9234
Remove vsphere cloud provider @olemarkus #9177
Update etcd-manager to 3.0.20200531 @hakman #9237
Don't build site when docs are unchanged @hakman #9235
Updating stable channel with May updates @MoShitrit #9212
Upgrde amazon vpc cni to 1.6.2 @MoShitrit #9214
Disable static tokens by default as of Kubernetes 1.18 @johngmyers #8850
Add example for describe secret @q384566678 #9241
Release notes for 1.18.0-beta.1 @justinsb #9242
1.18 release note corrections @johngmyers #9243
Update channels for 1.18 @mikesplain #9250
[Digital Ocean] Update RBAC for DO CCM @srikiz #9249
Remove redundant ValidateInstanceGroup call @rifelpet #9252
Add ARM64 build targets for kops and nodeup @hakman #8922
Remove all traces of utils.tar.gz @hakman #9197
Enable configuration of the calico IP_AUTODETECTION_METHOD and IP6_AUTODETECTION_METHOD @mtl-wgtwo #9175
Use CNI 0.8.6 for Kubernetes 1.15+ @hakman #9256
Add table of networking providers and their status @olemarkus #9140
Use Docker 19.03.11 for Kubernetes 1.18+ @hakman #9258
Fix link to point to aws docs @mikesplain #9263
Refactor Debian automatic upgrades to Go code @johngmyers #9213
Remove romana support @olemarkus #9255
Don't make it possible to toggle ipv4/6. We only support ipv4 anyway @olemarkus #9253
Update channel 1.15 k8s recommendation to 1.15.12 @jeffb4 #9266
Add support for encryption in Cilium @MoShitrit #9154
Bump Dashboard to v2.0.1 @maciaszczykm #9199
Update Calico and Canal for CVE-2020-13597 @hakman #9268
Tag all cilium keys with omitempty @olemarkus #9254
When building to staging, split out the marker files by branch @justinsb #9272
Move networking in nodeup to dedicated subpackage @olemarkus #9137
Bump supported and recommended k8s versions for kops 1.19 @johngmyers #9226
Clean up wording in releases.md @johngmyers #9230
Spotinst: Allow a user specifiable node draining timeout @liranp #9221
Validate IG RootVolumeType @olemarkus #9265
gce: log bucket-policy-only message at a level that always appears @justinsb #9276
Prepare Kops for multi-architecture support @hakman #9216
Ensure we have IAM bucket permissions to other S3 buckets @justinsb #9274
Refactor cert issuance code @johngmyers #9130
Allow failure of the ARM64 job in TravisCI @hakman #9279
Use Ubuntu 20.04 as the default image for Kubernetes 1.18+ @hakman #9283
Disable disk based evictions for Kubernetes 1.19 @hakman #9296
More nodeup golden tests @justinsb #9248
Adding recent releases to docs site @MoShitrit #9293
Update Weave for CVE-2020-13597 @hakman #9285
Create nodetasks.IssueCert() @johngmyers #9282
Don't export basic auth credentials if basic auth is disabled @johngmyers #9284
Copy "portmap" to /opt/cni/bin for Weave @hakman #9286
Update shipbot config @hakman #9277
Fix some go-lint warning @Hellcatlk #9236
Docs - add syntax highlighting + markdown cleanup @rifelpet #9308
Install common CNI plugin binaries for all network plugins @hakman #9310
Don't try building TLS for etcd-manager if not using etcd-manager @johngmyers #9302
Use ec2.DescribeInstanceTypes for machine type info @rifelpet #8856
Don't require nodeup tasks to have SetName() @johngmyers #9299
Refactor and improve API validation @johngmyers #9217
Disable kubeproxy when creating a kube-router cluster @rifelpet #9321
Use Docker 19.03.11 for Kubernetes 1.17+ @hakman #9317
Install all CNI plugin binaries for all network plugins @hakman #9320
Fix NPD when creating a kube-router cluster @rifelpet #9323
Fix mismatch in SecurityGroups handling with launch templates @johngmyers #9288
Allow docker options to be specified by create cluster overrides @bertinatto #9324
Issue kube-scheduler and kube-controller-manager certs in nodeup @johngmyers,@justinsb #9313
IAM: Refactor vfs-access logic so we can see the required readable paths @justinsb #9328
Update Weave Net to 2.6.5 @hakman #9330
Docs helptext @olemarkus #9333
Use launch templates by default @johngmyers #9289
Refactor kubemanifest to be clearer @justinsb #9342
Refactor BootstrapChannelBuilder to use a KopsModelContext @justinsb #9338
Issue kubecfg and kops certs in nodeup @johngmyers #9347
Update release notes for Ubuntu 20.04 and CVEs @hakman #9332
Add nodelocal dns cache to release notes and add kops version to docs @olemarkus #9351
Bug: Explicitly set default StorageClass to support upgrades @joshbranham #9337
Promote alpha channel to stable @johngmyers #9366
Prefer the GA label for node zone @johngmyers #9363
Cleanup networking docs @ari-becker #9349
Bump recommended kops versions in alpha channel @johngmyers #9361
Validate cilium version @olemarkus #9295
Fix kube-apiserver-healthcheck image @coreypobrien #9359
Remove the baremetal cloud provider @johngmyers #9360
Add "--selinux-enabled" flag for Docker @hakman #9334
Issue kubelet-api cert in nodeup @johngmyers #9356
Revert "Fix kube-apiserver-healthcheck image" @johngmyers #9371
Move host-network services off of port 8080 @johngmyers #9355
Remove bundler as baremetal support was removed @johngmyers #9372
Add support for AWS OIDC Provider @rifelpet #9375
NodeLocalDNS config population: small tweaks @justinsb #9376
Add comment on blocking jobs to actions @mikesplain #9305
Prune old metrics-server and update HPA docs @johngmyers #9233
Upgrade mkdocs to latest versions @rifelpet #9309
Store terraform launchtemplate userdata in plaintext rather than b64 @rifelpet #9340
Update alpha channel with June releases @MoShitrit #9384
try github actions failure to see if PRs can't be merged @rifelpet #9015
Run "go mod vendor" in verify-gomod @rifelpet #9389
Start moving InstanceGroup data to NodeupConfig @johngmyers #9391
Refactor to clean up TemplateFunctions @justinsb #9390
Revert "try github actions failures to see if PRs can't be merged" @rifelpet #9392
Add notice from k8s.io to docs site @mikesplain #9393
Issue aws-iam-authenticator cert in nodeup @johngmyers #9378
Updating cluster_spec doc. @michalschott #9380
Add a couple more "area" labels @rifelpet #9394
Cache terraform's providers between tests @rifelpet #9399
Stop creating SHA1 hashes for build artifacts @hakman #9400
Add initial support for ARM64 @hakman #8938
Use -mod=vendor for most go commands @rifelpet #9396
Add olemarkus as reviewer @hakman #9200
Temporarily use containerd from Docker packages @hakman #9346
Fix override css @mikesplain #9406
Upgrade Amazon VPC CNI to 1.6.3 @MoShitrit #9408
Fold multiple integration test cases into the complex test case @rifelpet #9409
Move apply logic down into pkg for import use @johngmyers #9411
Clean up the HA docs @olemarkus #9387
Add master and node image options when creating a cluster @hakman #9407
Implement VFS for vault @olemarkus #9094
Rolling update instance groups in consistent order @johngmyers #9412
Refactor lyft config file to Go code @johngmyers #9410
Update 1.17-NOTES.md @wangxy518 #9414
Make dns pods work on arm64 clusters @olemarkus #9418
Typo and wording fix to getting_started/commands doc @MoShitrit #9417
Alicloud: Refactor LoadBalancerWhiteList to LoadBalancerACL @bittopaz #8304
Remove PHONY declaration on non-phony targets @johngmyers #9419
Build and publish only Linux AMD64 Kops artifacts for CI @hakman #9401
Remove more sha1-generation code @johngmyers #9423
Fix: dns-controller: 3999 port address already in use @vgunapati #9404
Fix dns selectors for older k8s @olemarkus #9431
Fix staticcheck error with Go 1.14 @johngmyers #9434
Remove kube-discovery @johngmyers #9435
Start pushing create_cluster logic into pkg @johngmyers #9413
Spotinst: Add missing lifecycle to awstasks.SecurityGroup @liranp #9445
Prepatory refactoring of BootstrapScript @johngmyers #9402
Fix cilium etcd migration @olemarkus #9451
Spotinst: Support for Root Volume Size in Ocean Launch Spec @liranp #9459
Spotinst: Upgrade the Spotinst controller to version 1.0.61 @liranp #9460
Remove dead cloudup code @johngmyers #9422
Refactor BootstrapScript into a Task @johngmyers #9449
Refactor how api-server addresses are exported from tasks @johngmyers #9450
Add unit test for func VersionedJSON @Hellcatlk #9458
Cilium requires manual restart when migrating to nodeport @olemarkus #9454
Bump k8s versions for alpha channel with latest releases @MoShitrit #9455
Enable nodeport by default @olemarkus #9425
Update staticcheck to latest version @rifelpet #9463
Add Ambassador addon to kops @concaf #9115
Update Calico to v3.15.0 for k8s 1.16+ @hakman #9444
Update KubeDNS to v1.15.13 @hakman #9462
Refactor more cluster creation code into NewCluster() @johngmyers #9443
Update the service manifest for Docker @hakman #9465
Cleanup tempfiles @zhijianli88 #9472
Fix where etcd-cluster-spec is writen when etcd's BackupStore is defined -v2 @rdrgmnzs #9474
Create separate field for disabling rolling updates @johngmyers #9348
Move more cluster creation code to NewCluster() @johngmyers #9467
Continue moving InstanceGroup data to NodeupConfig @johngmyers #9415
Use new templates for cilium 1.8 @olemarkus #9424
Update terraform docs with version compatibility @rifelpet #9488
Updating the YAMLs for Ingress-Citrix Addon @christus02 #9480
Allow CI builds to build a tagged version @justinsb #9493
Release 1.19.0-alpha.1 @justinsb #9494

1.19.0-alpha.1 to 1.19.0-alpha.2

Use kubelet docker-specific flags only for Docker @hakman #9495
cloudbuild: Push additional images from cloudbuild @justinsb #9497
Release notes for 1.19.0-alpha.1 @justinsb #9498
Release notes for 1.16.4 @justinsb #9501
Update bazel rules versions @rifelpet #9428
Release notes for 1.17.1 @justinsb #9503
Default ClusterDNS appropriately when NodeLocalDNS is enabled @johngmyers #9491
Fixing typos and rewording docs/examples/basic-requirements.md @MoShitrit #9442
Move more cluster creation code to NewCluster() @johngmyers #9490
Continue refactoring certs into nodeup @johngmyers #9354
Update AWS VPC CNI docs to use --networking amazonvpc @rifelpet #9509
Update aws-sdk-go to v1.32.13 @hakman #9510
Add Ambassador documentation to addons docs @concaf #9516
Move remaining new cluster setup to pkg @johngmyers #9513
Changing base image for node authorizer. @michalschott #9056
Update kube-router to v1.0.0 @hakman #9512
Remove deprecated function @johngmyers #9514
Add ability to set various cilium flags through CLI @olemarkus #8928
Add tag support to AWS launch templates @rifelpet #9519
Fix a link typo in the networking.md @nikola-milikic #9461
Cilium parse k8s version url @olemarkus #9525
Cloudmock cleanup - preparation for EC2 tag-on-create @rifelpet #9520
Update mock version to 1.19.0-alpha.1 @hakman #9527
Use EC2's tag-on-create for various resources @rifelpet #9529
Fix KubeDNS missing resourceVersion @phspagiari,@hakman #9521
Use filebase64 for launch template userdata and Terraform 0.12 @rifelpet #9532
Promote alphas to stable @olemarkus #9537
Add some err judgments @zhouhao3 #9538
Force single arch support via env var @hakman #9535
Add lyft hash environment variable @hintofbasil #9539
Update AWS IAM Authenticator to 0.5.1 @rifelpet #9540
Update CoreDNS to v1.7.0 - Take 2 @rajansandeep #9541
Add healthcheck to aws-iam-authenticator @rdrgmnzs #8991
Re-enable disk based evictions for Kubernetes 1.19 @hakman #9475
Switch AWS NAT Gateway creation to use tags on create @rifelpet #8726
Improve Makefile @johngmyers #9542
Remove the checksum workaround for Flannel VXLAN @hakman #9543
Widen the tolerations of kuberouter @johngmyers #9547
Add missing lifecycle to etcd keypair tasks @johngmyers #9553
Use a stable key for signing service account tokens @johngmyers #9534
Use distroless image as base for Protokube @justinsb,@hakman #9403
Use stable names for GH workflow jobs @hakman #9552
File permission test: clear umask before testing @justinsb #9562
Don't try to delete terraform providers @justinsb #9561
Release notes for 1.18.0-beta.2 @justinsb #9563
Remove old unused files @rifelpet #9564
Add support for uploading to private buckets @johngmyers #9568
Upgrade to go 1.14.4 @rifelpet #9499
Upgrade go to 1.14.5 @rifelpet #9572
Update goimports script for go 1.14 @rifelpet #9573
[Digital Ocean] Implement KOPS validate cluster @srikiz #9476
Update alpha channel with July releases @hakman #9579
Use fixed UID for etcd user and restrict to legacy provider @johngmyers #9581
Adding feature stability table to docs and including one example for encryption support in cilium @MoShitrit #9555
Print error during cluster delete for dependency violation @hakman #9589
Specify user on export kubecfg @olemarkus #9280
Require extra flag when updating cluster with downgraded kops version @johngmyers #9362
Create one nodes instance group per zone @johngmyers #9471
Promote Ciprian & John to approvers @hakman #9590
Remove unused and unmaintained Docker build targets @hakman #9576
Remove min width on tables @mikesplain #9592
Remove support for legacy IAM permissions @johngmyers #9492
Update stable channel with July releases @hakman #9596
Improve locking in memfs @johngmyers #9597
Docs - Add the new feature table to various feature sections @rifelpet #9585
Update stretch images (from 1.11) in alpha channel @justinsb #9599
Restore default SELinux security contexts for container runtime binaries @hakman #9584
Revert move to explicit dependencies @johngmyers #9605
Prefer nodes with "master" role for Calico Typha pods @hakman #9609
Add Ubuntu 20.04 support for Docker 18.06.3 @hakman #9616
Openstack fixes @olemarkus #9554
remove LB circular in OpenStack @zetaab #9623
fix(docs): render double curly braces @FrankYang0529 #9626
Use public client accessors within openstackCloud functions @rifelpet #9628
Exempt OpenStack from the EnableExternalCloudController feature flag @johngmyers #9629
Fix int to string conversions @hakman #9630
add os.RemoveAll err verification @zhouhao3 #9610
Update instructions for fixing verify-gomod.sh @johngmyers #9636
Add repo SECURITY.md @joelsmith #9638
Use "tag on create" for AWS Route Tables @rifelpet #9639
Spotinst: Upgrade the Spotinst controller to version 1.0.62 @liranp #9642
Add tagging support for AWS Keypairs @rifelpet #9533
Make ARM64 job blocking with TravisCI @hakman #9644
Upgrade Go to version 1.15rc1 @hakman #9641
Replace custom codegen package with gengo @johngmyers #9632
Calico: Upgrade the "k8s-ec2-srcdst" controller to version v0.3.0 @seh #9647
Remove dead code from tasks @johngmyers #9646
Cleanup AWS EC2 eventual consistency warnings @hakman #9637
Cleanup unused loader features @johngmyers #9649
Promote alpha channel to stable @johngmyers #9652
Remove tags from NodeupConfig @johngmyers #9650
Release 1.19.0-alpha.2 @justinsb #9654

48 KiB Raw Blame History