Release notes for kOps 1.20 series

Significant changes

  • Default container runtime is now set to containerd for new clusters running Kubernetes 1.20.0+.

  • Added experimental Azure support. To get started check the docs

  • Default settings for AWS instances are updated to take advantage of recent performance and security features:

    • Default etcd volumes encryption changes to enabled for newly created clusters
    • Default root volume encryption changes to enabled
    • Default etcd volumes type changes from gp2 to gp3
    • Default root volume type changes from gp2 to gp3
  • Added template funtions for kubernetes version based on channel data.

  • kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.

  • Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""

  • Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.18.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

  • Support for Kubernetes 1.11 and 1.12 has been removed.

  • Support for Terraform version 0.11 has been removed.

  • Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions 0.12.26+ and 0.13.0+.

Required Actions

  • If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (k8s-ec2-srcdst) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature.

  • If you are using self-hosted channels files, you have to add the new architectureID field, with one of the amd64 or arm64 values.

  • If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.

  • If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the node-role.kubernetes.io/control-plane:NoSchedule toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

  • Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.

  • The manifest based metrics server addon has been deprecated in favour of a configurable addon.

  • The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

  • The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22

  • The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.

  • Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

  • Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Full change list since 1.19.0 release

1.19.0-beta.3 to 1.20.0-alpha.1

1.20.0-alpha.1 to 1.20.0-alpha.2

1.20.0-alpha.2 to 1.20.0-beta.1

1.20.0-beta.1 to 1.20.0-beta.2

1.20.0-beta.2 to 1.20.0

1.20.0 to 1.20.1

1.20.1 to 1.20.2