Release notes for kOps 1.21 series

Significant changes

Service Account Issuer Discovery and AWS IAM Roles for Service Accounts (IRSA)

kOps now supports publishing an OIDC-compatible discovery document to an S3 bucket and configuring AWS to use it for IAM Roles for Service Accounts (IRSA).

See the Service Account Issuer Discovery documentation for more information.

Dedicated API Server nodes.

kOps now supports extending the control plane with dedicated apiserver nodes. These nodes run in dedicated instance groups that can be scaled horizontally.

In 1.21, this feature is behind a feature flag as node role name, labels, taints, and domains can change based on feedback from the community.

Warm Pool (AWS only)

A Warm Pool contains pre-initialized EC2 instances that can join the cluster significantly faster than regular instances. These instances run the kOps configuration process, pull known container images, and then shut down. When the ASG needs to scale out it will pull instances from the warm pool if any are available.

See the warm pool documentation for more information.

Other significant changes

  • Protokube now runs as a systemd process rather than a docker container.

  • Support for AWS launch configurations has been removed in favour of launch templates.

  • kOps can now use Node Termination Handler’s Queue Processor mode, which offers more functionality than the IMDS Processor mode. See the addons page for more information.

  • New addon for the CSI snapshot-controller.

Breaking changes

  • Support for Kubernetes versions 1.13 and 1.14 has been removed.

Required Actions

  • The ClusterRoleBinding for AWS EBS CSI DaemonSet has changed name. If you installed this addon before kOps 1.21, you need run kubectl delete crb ebs-csi-node-binding.

  • To support Node Termination Handler’s Queue Process mode, AWS cluster deletion now requires the kops CLI have sqs:ListQueues and events:ListRules permissions regardless of whether or not the addon is used.

Deprecations

  • Support for Kubernetes versions 1.15 and 1.16 is deprecated and will be removed in kOps 1.22.

  • Support for Kubernetes version 1.17 is deprecated and will be removed in kOps 1.23.

  • Support for CentOS 7 is deprecated and will be removed in future versions of kOps.

  • Support for CentOS 8 is deprecated and will be removed in future versions of kOps.

  • Support for Debian 9 (Stretch) is deprecated and will be removed in future versions of kOps.

  • Support for RHEL 7 is deprecated and will be removed in future versions of kOps.

  • Support for Ubuntu 18.04 (Bionic) is deprecated and will be removed in future versions of kOps.

  • The legacy location for downloads s3://https://kubeupv2.s3.amazonaws.com/kops/ has been deprecated and will not be used as of kOps 1.22. The new canonical downloads location is https://artifacts.k8s.io/binaries/kops/.

  • The manifest based metrics server addon has been deprecated in favour of a configurable addon.

  • The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

  • The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and might be removed from control plane nodes in kOps 1.23.

  • Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

Full change list since 1.20.0 release

1.20.0-alpha.2 to 1.21.0-alpha.1

1.21.0-alpha.1 to 1.21.0-alpha.2

1.21.0-alpha.2 to 1.21.0-alpha.3

1.21.0-alpha.3 to 1.21.0-beta.1

1.21.0-beta.1 to 1.21.0-beta.2

1.21.0-beta.2 to 1.21.0-beta.3

1.21.0-beta.3 to 1.21.0