Release notes for kOps 1.20 series
Significant changes
Default container runtime is now set to
containerd
for new clusters running Kubernetes 1.20.0+.Added experimental Azure support. To get started check the docs
Default settings for AWS instances are updated to take advantage of recent performance and security features:
- Default etcd volumes encryption changes to enabled for newly created clusters
- Default root volume encryption changes to enabled
- Default etcd volumes type changes from
gp2
togp3
- Default root volume type changes from
gp2
togp3
Added template funtions for kubernetes version based on channel data.
kOps now use helm3 functions for merging template
--set
and--values
arguments. This has slightly different behaviour than previous helm2-like logic.Following kubeadm, control plane nodes are now labelled with
node-role.kubernetes.io/control-plane=""
Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.18.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.
Breaking changes
Support for Kubernetes 1.11 and 1.12 has been removed.
Support for Terraform version 0.11 has been removed.
Support for the feature flag
Terraform-0.12
has been removed. All generated Terraform HCL2/JSON files will support versions0.12.26+
and0.13.0+
.
Required Actions
If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (
k8s-ec2-srcdst
) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature.If you are using self-hosted channels files, you have to add the new
architectureID
field, with one of theamd64
orarm64
values.If you are running
kops toolbox template
in an airgapped environment, you have to set--channel
to point to a local channel file.If your workload targets control plane nodes, you need to change them to select the
node-role.kubernetes.io/control-plane=""
label. You should also add thenode-role.kubernetes.io/control-plane:NoSchedule
toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.
Deprecations
Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.
The manifest based metrics server addon has been deprecated in favour of a configurable addon.
The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.
The
node-role.kubernetes.io/master
andkubernetes.io/role
labels are deprecated and will be removed from control plane nodes in kOps 1.22The experimental node-authorizer that could be enabled using
nodeAuthorization
has been removed. Setting this value is now forbidden.Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.
Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.
Full change list since 1.19.0 release
1.19.0-beta.3 to 1.20.0-alpha.1
- Update docs for cutting new release branches @rifelpet #10084
- Update security_groups.md @yurrriq #10078
- Take node labels from cloud tags on AWS @johngmyers #9575
- Update Office Hours Zoom link @johngmyers #10087
- Update zoom links on the spanish README @rdrgmnzs #10088
- Ignore changes to ForAPIServer field @justinsb #10086
- Update Flannel CNI to v0.13.0 @hakman #10064
- kubetest2 - Implement create/validate/delete cluster functionality @rifelpet #10083
- Cert circular deps @olemarkus #10092
- Fix cilium template by specifying boolean as a string for enable-metrics @h3poteto #10094
- Release notes for 1.18.2 @justinsb #10097
- Update Kops Go build supported versions 1.15 @bmelbourne #10099
- Spotinst: Bump the Spot Cluster Controller to 1.0.68 @liranp #10103
- Remove hack/workaround from etcd-manager certificate expiration advisory @hakman #10102
- Install container runtime packages as assets @hakman #10048
- Default to exporting a kubecfg, even without credentials @justinsb #10105
- Remove dependency of TerraformJSON feature flag @johngmyers #10106
- Makefile and hack script cleanup @rifelpet #10112
- Update channels @hakman #10117
- Update Calico config for eBPF mode @hakman #10115
- Add random AWS zone logic + specify build stage location @rifelpet #10121
- Update AWS VPC CNI to 1.7.5 @MoShitrit #10124
- Add nodeLocalDNSCache.kubeDnsOnly option @javipolo #10111
- Align AWS VPC CNI manifest with upstream @hakman #10126
- Fix release notes links to point to https://kops.sigs.k8s @hakman #10118
- Add verify-cloudformation script @rifelpet #10130
- Fix cloudformation lint errors @rifelpet #10131
- Update shell style for CLI docs for better compatibility @hakman #10128
- Prevent unintended resource updates to LB attatchments @rdrgmnzs #9794
- Make verify-cloudformation job fail when issues are found @rifelpet #10133
- Set minimum Terraform version to 0.12.26/0.13.0 @bmelbourne #10109
- ELB/TargetGroup/ASG attachment fixes @rifelpet #10138
- Prepare for version 1.20 @johngmyers #10101
- Rebrand kops to kOps @hakman #10077
- Remove code for no-longer-supported k8s releases @johngmyers #10141
- allow reauth for openstack client @zetaab #10144
- Simplify etcd options builder @hakman #10145
- Update AWS Cloudmock for complex and externallb integration test clusters @rifelpet #10140
- Deprecate field calico.majorVersion @hakman #10143
- [Digital Ocean] Use Debian10 as default image @srikiz #10098
- Fix NLB naming for terraform and cloudformation targets @rifelpet #10158
- Move NLB’s VPC CIDR security group rule logic into model @rifelpet #10161
- Fix additionalSecurityGroups support for NLB @rifelpet #10162
- Some typos @Hellcatlk #10160
- Fix output for CF and TF @hakman #10164
- Avoid waiting on validation during rolling update for inapplicable instance groups @bharath-123 #10065
- OpenStack Reset deviceID status if needed @zetaab #10178
- Remove unused bearer token field from kubeconfig builder @rifelpet #10181
- Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically @havulv #10186
- Consistent naming of security group rules @olemarkus #10179
- Upgrade Hashicorp HCLv2 Go module v2.7.0 @bmelbourne #10189
- Fix auto scaling group changes when using spot instances @hakman #10187
- Upgrade sprig to v3 @olemarkus #10191
- Upgrade helm to 2.17 and use the helm.sh reference @olemarkus #10192
- Fix AWS NLB reconciliation @hakman #10199
- Fix disabling spot instances when using launch templates @hakman #10198
- Add ACM cert permalink @rifelpet #10156
- Setup a second NLB listener when an AWS ACM certificate is used @rifelpet,@hakman #10157
- Update Go to v1.15.4 @hakman #10209
- Upgrade docker client @olemarkus #10193
- Spotinst: Configure Resource Limits in Ocean Auto Scaler @liranp #10190
- Release notes 1.19.0-beta.1 @hakman #10213
- Use LaunchTemplate versions instead of timestamped LaunchTemplates @hakman #10151
- Update kOps version after 1.19.0-beta.1 release @hakman #10216
- Remove components from cluster validation @johngmyers #10214
- Allow to use custom csi plugin image and enable topology support @zetaab #10215
- Update validate cluster cli docs @johngmyers #10219
- Fix cluster autoscaler docs @djablonski-moia #10225
- Make etcd-manager log verbosity configurable @elblivion #10194
- Update k8s versions nov 2020 @MoShitrit #10227
- Update Ubuntu ami to latest version @MoShitrit #10195
- Fix various nits @hakman #10217
- Switch ARM64 CI to Graviton2 CPU @hakman #10230
- Update docs related to audit logging @hakman #10231
- Don’t install the misc packages for k8s 1.20+ @johngmyers #10222
- Fix readme @karancode #10228
- Update kops as kOps and remove extra spaces from .md files @axpraka,@hakman #10235
- Add default runtime and runtimes fields in the docker config @bharath-123 #10238
- Fix cluster validation dependency on local kubeconfig @eddycharly #10221
- Associate instance group to pod validation failures in cluster validation. @bharath-123 #10237
- Add HPA Flags for
horizontal-pod-autoscaler-initial-readiness-delay
&horizontal-pod-autoscaler-cpu-initialization-period
@JoelBCarter #10241 - Remove more code specific to unsupported etcd v2 @johngmyers #10245
- GCE: ignore (output-only) networkInterface.name @justinsb #10242
- Make it possible to use OnDelete update strategy on addon daemonset @olemarkus #10167
- Fix version of storage-aws addon manifest @johngmyers #10247
- Fix cloudformation lint job @rifelpet #10256
- Update etcd-manager to 3.0.20201117 @justinsb #10257
- Use separate domain for kops-controller bootstrap @johngmyers #10239
- Revert “Switch ARM64 CI to Graviton2 CPU” @hakman #10262
- Update Bazel rules for Go to v0.24.7 @hakman #10240
- Update k8s dependencies to 1.20.0-beta.2 @rifelpet #10266
- Push multi-arch images @hakman #10265
- alpha channel: update legacy images @justinsb #10269
- Fix multi-arch image pushing @hakman #10270
- Add sslPolicy for NLB to change listener’s security policy @FrankYang0529 #9666
- Optimize Bazel builds by os and arch @hakman #10267
- Fix incorrect URLs in kops cluster documentation @bycEEE #10274
- Use etcd v3.4.13 for k8s v1.19+ @hakman #10277
- Parse TargetGroup names from ARNs @hakman #10276
- Add Go code-generator v0.20.0-beta.2 crypto hash @bmelbourne #10285
- Add ACM/NLB instructions to 1.19 release notes @rifelpet #10292
- Release notes for 1.19.0-beta.2 @hakman #10293
- Add more NLB release notes and documentation @rifelpet #10294
- Can check cert expiry using openssl @alok87,@hakman #10282
- [weave] Add support for default version override @dntosas,@hakman #10273
- Add support of Azure Blob storage to VFS @kenji-cloudnatix #10258
- Update kOps version after 1.19.0-beta.2 release @hakman #10295
- Remove support for using legacy ELB name @hakman #10296
- Remove dead code @hakman #10297
- Remove support for disabling manifest normalization @johngmyers #10298
- Upgrade cloud-provider-openstack to 1.19.2 @rifelpet #10303
- Fix a typo in an error message returned from buildAzureBlobPath @kenji-cloudnatix #10305
- Allow setting CPU limit and Mem request / limit for kube API server @rdrgmnzs #10275
- Optimize Bazel dev builds by arch @hakman #10309
- Update Calico to v3.17.0 @hakman #10310
- [Digital Ocean] Upgrade godo sdk to v1.54 @srikiz #10320
- Tolerate missing detached EC2 instances @hwoarang #10319
- Don’t try to detach masters @olemarkus #10328
- Remove copyright notice from nodeup scripts to reduce the user-data size. @rdrgmnzs #10333
- Add docs for metrics server @olemarkus #10332
- Push alpha to stable @MoShitrit #10336
- Add paramaeters related to Taint based Evictions in kube-apiserver @h3poteto #10339
- Allow using gp3 for root volumes @olemarkus #10345
- Update containerd and Docker versions @hakman #10341
- Update aws-sdk-go to v1.36.0 @hakman #10347
- Bump aws-vpc-cni version to 1.7.6 @MoShitrit #10337
- Update etcd-manager to 3.0.20201202 @justinsb #10351
- Update DigitalOcean cloud-controller-manager to v0.1.30 @timoreimann #10352
- Add aws-cloud-controller-manager config to addons @nckturner #9704
- Allow attaching same external target group to multiple instance groups @hakman #10335
- Add fuzzer and OSS-fuzz build script @AdamKorcz #10326
- Set —service-account-issuer for k8s 1.20+ @johngmyers #10284
- Promote addon docs to first level menu item @olemarkus #10355
- [Digital Ocean] Promote to Beta @srikiz #10312
- Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data @rdrgmnzs #10357
- Add integration test for creating an HA cluster in shared zone @hakman #10365
- Add minimal cert-manager addon @olemarkus #10318
- Add option to reuse existing Elastic IPs for NAT gateways @hakman #10374
- Remove resource limits from cluster autoscaler @olemarkus #10375
- Remove dependency on TravisCI @hakman #10366
- fix cluster-autoscaler README url from cluster_spec -> addons @isaachui #10373
- Rename duplicate ci target to quick-ci @hakman #10378
- Use custom-configured ServiceAccountIssuer when present @johngmyers #10364
- Add option for setting the volume encryption key in AWS @hakman #10359
- Add support for AWS IMDS v2 @bharath-123 #10324
- Update k8s dependencies to v1.20.0 @hakman #10390
- Update docs for CentOS 8 @hakman #10368
- Move tools into separate
hack
go module @rifelpet #10308 - Update etcd-manager to 20201209 @justinsb #10394
- Mount /lib64 for Protokube only on AMD64 @hakman #10396
- Explicitly specify http_endpoint in terraform launch template @bharath-123 #10398
- Update alpha channel with December 2020 k8s releases and bump Ubuntu AMI version @MoShitrit #10401
- Hack script improvements @rifelpet #10407
- hack/goimports - Replace mapfile with read @rifelpet #10410
- Allow override of registry and tag for Calico images @hakman #10316
- Update Calico to v3.17.1 @hakman #10408
- Bump aws-cni to 1.7.7 @MoShitrit #10416
- Add support for containerd v1.4.3 ARM64 @hakman #10418
- Add release note for terraform launch template migration @rifelpet #10423
- Expose metrics port when PrometheusMetricsEnabled set to true in Calico @avdhoot #10414
- Bump etcd client to 3.4.13. Use go modules @olemarkus #10425
- Use the kubernetes-sigs version of yaml @olemarkus #10427
- Bump heredoc to v2 @olemarkus #10429
- Update container runtime service files @hakman #10428
- Template functions for recommended kubernetes versions @olemarkus #10369
- Make CoreDNS the default DNS server @rajansandeep #7919
- Delay defaulting to CoreDNS to k8s v1.20 @hakman #10435
- Bump go-bindata and use go module @olemarkus #10421
- Bump sftp to 1.12 @olemarkus #10436
- IAM ServiceAccount Roles: truncate name at 64 characters @justinsb #10437
- Bump helm to v3 @olemarkus #10426
- cloudmock - guard the VPC CIDR association calls with a mutex @rifelpet #10440
- Upgrade mkdocs dependencies to latest @rifelpet #10433
- Spotinst: Schedule Ocean Controller to Linux nodes only @liranp #10444
- Bump AWS-CNI to version 1.7.8 @MoShitrit #10447
- protokube - query host by label when setting tags @rdrgmnzs #10413
- Allow Calico to run on systems with loose reverse path forwarding @hakman #10442
- Bump k8s versions on alpha and bump Ubuntu AMI version on stable @MoShitrit #10464
- Remove gjtempleton as reviewer @gjtempleton #10466
- Calico: Allow operators to choose which encapsulation mode to use @seh #10404
- Spotinst: Ignore volume type case sensitivity to prevent unnecessary updates @liranp #10450
- Spotinst: Expose Ocean Headroom percentage and autoconfig labels @liranp #10449
- Spotinst: Support for multiple subnets per zone @liranp #10452
- Add new-pod-scale-up-delay in Cluster Autoscaler spec @akshedu #10471
- Replace (some) deprecated ResourceHolder with Resource @justinsb #10472
- Remove ResourceHolder: remove last usages and remove code @justinsb #10478
- Refactor MirroredAsset into mirrors package @justinsb #10475
- Refactor nodeUpConfigBuilder to be standalone @justinsb #10476
- Avoid recursive type definitions in schema @justinsb #10482
- Drop support for containerd 1.2 @hakman #10483
- Update CNI plugins to v0.8.7 @hakman #10481
- Add Azure support @kenji-cloudnatix #10114
- Refactor GCE InstanceTemplate @justinsb #10477
- Use Region method of fi.Cloud @justinsb,@rifelpet #10474
- Spotinst: Bump the Ocean Controller to 1.0.69 @liranp #10487
- Added event-qps and event-burst flags to kubelet @DOboznyi #10486
- Add config options for container runtime package URL and Hash @hakman #10473
- Fix cluster setup when KOPS_ARCH is set @hakman #10496
- Docs: Rename “Development” section to “Contributing” and add instructions to update the base AMI version of Ubuntu @MoShitrit #10455
- Release notes for 1.19.0-beta.3 @hakman #10497
- Use containerd.sock for AmazonVPC CNI with containerd @hakman #10502
- Remove support for Kubenet with containerd @hakman #10501
- Add containerd option for registry mirrors @hakman #10507
- Treat InvalidDhcpOptionsId.NotFound as already-deleted @wongma7 #10508
- Add required toleration to gpu documentation @silashansen #10509
- AWS IAM Role Tagging @rifelpet #10488
- Update stable channel with recent k8s releases @MoShitrit #10514
- Run k/k’s e2e suite via new kubetest2 make target @rifelpet #10504
- Remove copyright YEAR from generated Go files @bmelbourne #10520
- e2e - dump cluster manifests into artifacts and add —kubernetes-version @rifelpet #10522
- kubetest2: Pass through some AWS env vars @justinsb #10525
- kubetest2: add initial support for GCE @justinsb #10524
- Add gp3 Volume Type to etcd @msidwell #10453
- Only include API server additional security groups in InstanceGroups for masters @seh #10519
- Update kube-router to v1.1.1 @hakman #10512
- IRSA - continue adding route53 permisions to masters @rifelpet #10529
- Add possibility to set volume throughput for gp3 volumes @hakman #10530
- Prefix etcd cluster names with letters @hakman #10361
- Recognize ubuntu 20.10 @justinsb #10278
- Don’t allow ebs volume TF resource names to begin with digit @rifelpet #10424
- Add K8s Docker runtime support deprecation release note @bmelbourne,@hakman #10371
- Make it possible to change the etcd volume type and iops @olemarkus #10461
- Promote Ole Markus to approvers list @hakman #10542
- Add containerd config file to Flatcar based instances @hakman #10540
- Add control-plane node role label to cp nodes @olemarkus #10397
- Move bootstrapchannelbuilder to a dedicated package @olemarkus #10409
- kubetest2: support specifying admin-access value @justinsb #10526
- GCE: Don’t warn about NVME @justinsb #10548
- Simple upgrade test using kubetest2 framework @justinsb #10523
- Refactor and centralize distribution logic @justinsb #10538
- Fix to handle exit code of gazelle command in hack/verify-bazel.sh @h3poteto #10182
- COS/GCE: exec on kubelet/flexvolume dirs @justinsb #10547
- Fix typo in comment @fenggw-fnst #10541
- Openstack: Prevent data race in servergroup member list @justinsb #10553
- Updates GCE channels to use ubuntu over COS @geojaz #10554
- Kubetest2 - use our own tester that wraps kubetest2’s ginkgo tester @rifelpet #10549
- Spotinst: Specify Spot percentage per Instance Group @liranp #10551
- update gophercloud dependency @zetaab #10556
- Upgrade Go v1.15.6 / Bazel v3.4.1 @bmelbourne #10550
- Remove node-authorization @olemarkus #10439
- [addons/CA] Add support for specifying resources and metrics @dntosas #10281
- Spotinst: Iterate over metadata labels only once @liranp #10560
- Default cgroup driver to systemd from k8s 1.20 @bharath-123 #10419
- AWS CSI driver @olemarkus #10467
- Upgrade cfn-lint to 0.44.3 @rifelpet #10565
- Fix file not found error detection in fs:// @rifelpet #10566
- Fix NLB listener -> target group association for TF & CF @rifelpet #10567
- Spotinst: Bump the Ocean Controller to 1.0.70 @liranp #10573
- Spotinst: Specify whether scale-down activities should be restricted @liranp #10561
- [OpenStack] Use new hash format in instance names @zetaab #10557
- kubetest2 - Add manifest template support @rifelpet #10559
- Updates to Alpha versions - k8s & kOps @MoShitrit #10576
- Use Bazel 3.4.1 for postsubmit jobs @hakman #10578
- Give kubetest2 its own makefile @rifelpet #10577
- Use consistent naming for the remaining SGRs part two @olemarkus #10188
- [DigitalOcean] add e2e tests @srikiz #10575
- Allow nodeup (and others) to replace in-use files @justinsb #10581
- Dial-down logging on flagbuilder @justinsb #10582
- Fix default make target @rifelpet #10584
- containerd: Add /etc/crictl config to enable crictl @justinsb #10585
- Add CF integration test for gp3 volumes @hakman #10569
- Release 1.20.0-alpha.1 @hakman #10591
1.20.0-alpha.1 to 1.20.0-alpha.2
- Release notes for 1.20.0-alpha.1 @hakman #10592
- Make cluster proportional autoscaler image configurable. @bjhaid #10564
- Set default container runtime to containerd @bmelbourne #10370
- Fix minor docs typos @JamesJJ #10598
- Validate cluster cloud labels @olemarkus #10599
- Exclude terraform.lock.hcl files from Git repo @bmelbourne #10597
- Provide required —kubernetes-version flags to kubetest2-kops —up @rifelpet #10600
- Kubetest - add networking support + misc fixes @rifelpet #10601
- Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage @justinsb,@hakman #10602
- Add troubleshooting documentation @olemarkus #10594
- Fix menu link to troubleshooting @olemarkus #10607
- Use kops binary built by kubetest2-kops in upgrade script @rifelpet #10613
- Warn if cilium encryption is enabled, but no secret has been set @olemarkus #10608
- kubetest2 upgrade script - PATH needs to be a directory @rifelpet #10617
- Add support for container-log-max-size/files with kubelet @hakman #10612
- Add network and router availability zone hints to OpenStack @ottosulin #10616
- Increase CoreDNS default ttl @johanneswuerbach #10610
- Update Go to v1.15.7 @hakman #10614
- kubetest2 - Add support for specifying a kubernetes version marker file @rifelpet #10620
- kubetest 2 - fix parsing of k8s version semver values @rifelpet #10621
- Update Weave to v2.8.0 @hakman #10604
- Update AWS instances defaults @hakman #10624
- kubetest2 - update the skip regex for the upgrade scenario @rifelpet #10626
- Install dbus if needed for protokube with containerd @justinsb #10583
- Ensure SpecOverrideFlag is set in upgrade test @rifelpet #10628
- Fix unbound variable in upgrade scenario script @rifelpet #10631
- kubetest2 - increase validation timeout for the upgrade scenario @hakman #10632
- Add startup probe for calico-kube-controllers @hakman #10633
- Remove coredns dnsprovider @olemarkus #10629
- Spotinst: Avoid unnecessary duplication of tasks @liranp #10630
- enableRemoteNodeIdentity actually defaults to true @olemarkus #10635
- Replace gopkg yaml with k8s-sigs yaml @olemarkus #10634
- protokube: Remove unused ExecuteTemplate function @justinsb #10637
- Fix phony make target for setting up kubetest2 @rifelpet #10636
- [Digital Ocean] Add SFO3 region. Also update e2e tests to use full list of supported zones @srikiz #10622
- etcd-manager: Update to 3.0.20210122 @justinsb #10638
- Update k8s versions in stable channel and bump ubuntu ami version in alpha channel @MoShitrit #10639
- Update kubetest2 library @rifelpet #10646
- feat: implement azure get api ingress status fn @ngalantowicz #10609
- Use the same package marker for kubectl as for e2e binary @rifelpet #10649
- Reword ‘what is kOps’ @olemarkus #10570
- Add back support for kubenet style networking with containerd @hakman #10651
- Add
set instancegroup
command @gabrieljackson #10593 - Set the tcp_rmem sysctl in bootstrap script @justinsb #10654
- Add —create-args kubetest2 flag @rifelpet #10658
- Fix cluster_spec.md indentation @trondhindenes #10660
- Allow attaching same external load balancer to multiple instance groups @hakman #10666
- Fix typo @adrianmoisey #10667
- Update kops e2e testing docs @bmelbourne #10652
- Create default loadbalancer when SSL certificate is specified @rudeigerc #10665
- Bump Ubuntu images for AWS and GCE @hakman #10670
- Release notes for 1.18.3 @justinsb #10673
- Remove taints from spotinst ocean terraform resource @rifelpet #10674
- Allow SSH user to be overridden for
toolbox dump
@rifelpet #10675 - kubetest2 - Use —ssh-user to dump logs @rifelpet #10676
- Update AWS etcd-manager volumes defaults @hakman #10661
- Update aws-sdk-go to 1.37.0 @rifelpet #10682
- Release notes for 1.19.0 @justinsb #10683
- Update release compatibility matrix @johngmyers #10684
- Default IMDSv2 to “optional” for AWS @hakman #10655
- Add link to 1.19 @olemarkus #10686
- Fix header indentation in addons.md @olemarkus #10685
- Documentation update: Corrected externalPolicy AWS ARN formatting @timothyclarke #10680
- Remove ‘not released’ notice from 1.19 notes @olemarkus #10688
- Fix bug preventing tasks using gp2 @olemarkus #10694
- Have channels create PKI for addons @olemarkus #10545
- Add template function returning the latest image @olemarkus #10689
- Update Weave to v2.8.1 @hakman #10698
- Increase IMDSv2 hop limit on control plane nodes @olemarkus #10702
- Kubetest2 - refactor how
kops create cluster
arguments are set @rifelpet #10701 - Update upgrade test to use 1.18->1.19 @rifelpet #10710
- Fix create args for upgrade test @rifelpet #10711
- Docs: Fix ServiceAccountVolume proposed configuration for Istio @dntosas #10712
- Update the skipped tests in the upgrade job to help the test stage pass @rifelpet #10713
- Remove unused instanceGroup parameter from setClusterFields @bharath-123 #10690
- Update code reference links in docs @bharath-123 #10696
- Fix rendering issue created by #10414 @avdhoot #10700
- Fix panic when exporting kubecfg for AWS cluster without load balancer @rifelpet #10720
- Cleanup kops-controller Route53 record during cluster deletion @rifelpet #10721
- Revert making imdsv2 default @olemarkus #10729
- Throw error if path being set by kops set is not present in struct @bharath-123 #10692
- Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed @h3poteto #10742
- Fix ineffassign issues @zhijianli88 #10739
- Deprecate aliyun @olemarkus #10746
- alpha channel: Update older images @justinsb #10748
- Fix docs build failure @bharath-123 #10750
- add user agent to openstack api requests @zetaab #10732
- Add support for cilium 1.9 @olemarkus #10695
- Use EnsureTask instead of prepending IG names to external ELB tasks @rifelpet #10754
- nodeup file: Set owner & group when we write the file. @justinsb,@hakman #10757
- Always generate kops-controller certs @hakman #10758
- Release 1.20.0-alpha.2 @hakman #10765
1.20.0-alpha.2 to 1.20.0-beta.1
- fix: asset task copy docker image @johanneswuerbach #10767
- Add AWS LoadBalancerController @olemarkus #10489
- Update Calico to v3.17.2 @hakman #10787
- Enable CSIMigrationAWS if CSI EBS driver is installed @olemarkus #10791
- Fill Role names in kops-controller-config instead of instance profile names when it is specified @h3poteto #10728
- Update Docker to v19.03.15 @hakman #10802
- Fix LaunchSpec TF output @hakman #10806
- add azure support for internal loadbalancer to k8s api @collin-woodruff-t1cg #10744
- Allow managed images for Azure instance groups @NickSchleicher #10797
- kubenet containerd: match upstream @justinsb #10759
- Storage: Allow disabling of kOps’s management of StorageClasses @seh #10733
- Spotinst: Replace corev1.Taint to fix HCL2 serialization @liranp #10819
- Spotinst: Bump the Ocean Controller to 1.0.72 @liranp #10820
- Allow to control which subnets and IPs get used for the API loadbalancer @codablock #10741
- Use correct tag when creating node labels from azure cloud tags @NickSchleicher #10619
- containerd installation: always configure, even if we don’t install @justinsb #10813
- Precreate the kops-controller DNS name @rifelpet #10833
- Actually enable systemd cgroup for containerd @codablock #10846
- Update Go to v1.15.8 @hakman #10853
- Add support for CAS 1.20 + support for disabling CAS for a given IG @olemarkus #10857
- Add liveness probe for calico-kube-controllers @hakman #10856
- Bump aws node termination handler to 1.12.0 @bharath-123 #10863
- Update AWS CNI to latest patch version @MoShitrit #10876
- Bump metrics-server to 0.4.2 @olemarkus #10858
- Fixes for 1.21 e2e tests @olemarkus #10879
- Add validation for instanceType and ami architecture @bharath-123,@hakman #10747
- fix loadBalancerID null pointer @collin-woodruff-t1cg #10886
- Update Calico to v3.18.0 @hakman #10904
- Adding Elastic IP Allocations to NLB API @timothyclarke #10872
- add usage of subnet and routetable shared resources in azure @ngalantowicz #10900
- Release 1.20.0-beta.1 @hakman #10906
1.20.0-beta.1 to 1.20.0-beta.2
- add support for azure public loadbalancer @collin-woodruff-t1cg #10915
- Spotinst: Prevent instance groups with the same suffix from being deleted @liranp #10918
- Fix nil pointer deference for image ID with spotinst @hakman #10924
- Sort external policies when checking for changes @hakman #10940
- Further improve cloudLabel validation @olemarkus #10910
- Update etcd-manager to 3.0.20210228 @justinsb #10949
- Allow multi-CNI setups to set usesSecondaryIP @ravens #10828
- Spotinst: Don’t skip LB attachments when SpotinstHybrid is enabled @liranp #10961
- Add AWS Transit Gateway support @rifelpet #10948
- gce doesn’t suffix the IG names with ClusterName @olemarkus #10944
- Fix node label conversion in Azure @kenji-cloudnatix #10935
- Spotinst: Bump the Ocean Controller to 1.0.73 @liranp #10960
- Add support for enable-cadvisor-json-endpoints with Kubelet @adrianmoisey #10957
- Add explicit RBAC permissions for finalizers subresources @olemarkus #10966
- Add support for CPU Credits on AWS t2 and t3 instance families @rifelpet #10934
- Update controller-runtime to v0.8.2 for kOps 1.20 @hakman #10967
- Removing duplicate local and output values in terraform(#10786) @mmerrill3 #10978
- Add CloudLabels as —extra-tags to aws-ebs-csi driver @codablock #10976
- Use internal api url for jwks @olemarkus #10888
- Disable Calico Prometheus metrics by default @hakman #10982
- Add etcd-manager discoveryPollInterval option @ottosulin #10975
- Storage: Amend default choice for StorageClass management to honor a specified OpenStack-related value @seh #11002
- Use exponential backoff for DNS updates @hakman #10996
- Update Calico to v3.18.1 @hakman #11018
- Various cleanups around apply_cluster and awsmodel @olemarkus #10579
- Spotinst: Add support for block device mappings in Ocean Launch Spec @liranp #11009
- Fix rendering of multiple Docker insecure registries @hakman #11027
- Release 1.20.0-beta.2 @hakman #11031
1.20.0-beta.2 to 1.20.0
- azure: fix null pointer when updating in place cluster @collin-woodruff-t1cg #11015
- Honor OS update policy at InstanceGroup level too @seh #10913
- Cleanup some nodeup & protokube logging @rifelpet #11052
- Improve instance type validation error message @bharath-123 #11043
- Add channels entries for image architecture @hakman #11046
- Upgrade AWS CNI to version 1.7.10 @MoShitrit #11078
- Ensure protokube can connect to kube-apiserver before starting the sync loop @olemarkus #11093
- Put awslbcontroller on the control-plane @olemarkus #11091
- Have nodeup retry kops-controller bootstrapping sooner if DNS isn’t setup @rifelpet #11101
- Update containerd to v1.3.10/v1.4.4 @bmelbourne #11084
- Update kube-router to v1.2.1 @hakman #11124
- Remove instance-selector label @bharath-123 #11048
- Validate that kube-apiserver has the necessary authz modes set @olemarkus #11127
- [DigitalOcean] Fix DO Tag issue @srikiz #11102
- Revert “Update kube-router to v1.2.0” @hakman #11134
- replace hard coded aws region checks with aws sdk calls @guydog28 #11119
- Add scaleDownDelayAfterAdd to clusterAutoscaler spec @jurriaanpro #11140
- Add an option to skip NTP installation @kenji-cloudnatix #11160
- Spotinst: Use BDM to configure the root volume size at VNG level @liranp #11179
- Spotinst: Configure headroom resources only at the VNG level @liranp #11181
- Release 1.20.0 @justinsb #11192
1.20.0 to 1.20.1
- Correct typos @Akiros001 #11190
- Use “string” for architecture type in ChannelRecommendedImage @hakman #11220
- Always secure api -> kubelet communication @olemarkus #11185
- Fix etcd volume validation logic @hakman #11225
- Remove validations for EBS from cluster validation @h3poteto #11228
- Add support for Docker v20.10.6 @hakman #11236
- Add Azure image to alpha/stable channel @kenji-cloudnatix #11271
- Exclude nodes from load balancers upon cordoning @johngmyers #11273
- Fix cilium template scoping typo @javipolo #11270
- If one tries to use eip with a public ip that doesn’t exist, fail @olemarkus #11276
- Spotinst: Prevent nil pointer dereference @liranp #11289
- Spotinst: Update spotinst/ocean-controller to v1.0.74 @liranp #11286
- Make it possible to detect field changes when mixedInstancePolicy is removed @h3poteto #11255
- Add ability to set a default Issuer in certManager addon @javipolo #11281
- Filter servers using cluster name in tags @zetaab #11305
- Use the full operator instead of the generic one @olemarkus #11312
- Update Calico to v3.18.2 @hakman #11339
- Set SAN for addon CAs @olemarkus #11328
- Add support for configuring Cilium enable-host-reachable-services. @bjhaid,@hakman #11333
- Mount /run inside etcd-manager pods for systemd mounts @hakman #11352
- Expose hubble agent when hubble is enabled @olemarkus #11314
- Mark control-plane node for update when etcd volume size changes @hakman #11365
- Update Calico to v3.18.3 for kOps 1.20 @hakman #11377
- Don’t try to mount hubble TLS on the agent if we don’t use hubble @olemarkus #11379
- Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller @olemarkus #11393
- Use etcd-manager built from etcdadm repo @justinsb,@hakman #11098
- csi/aws: Bump templates + add support for warm pools @dntosas,@codablock #11304
- Verify all versions are set correctly @johngmyers #11413
- Backport rename of service-account key to 1.20 @johngmyers #11388
- Update verify-terraform to use 0.14.11 @rifelpet #11436
- Create new clusters without forcing a container runtime @hakman #11428
- Allow AWS instance types with multiple architectures @hakman #11463
1.20.1 to 1.20.2
- Release 1.20.1 @justinsb #11467
- Update containerd to v1.4.6 @hakman #11535
- Allow cert-manager to be provisioned externally @codablock #11354
- upup: gcetasks: force send AutoCreateSubnetworks field when set to false @nicktrav #11457
- [metrics-server] Bump manifest to latest stable @dntosas,@hakman #11319
- Allow Spotinst to use comma separated instance types @hakman #11560
- Only update kubeconfig user when we have user info @justinsb #11584
- Add init image field for Amazon VPC CNI @ryan-dyer #11602
- Fix duplicate CopyFile tasks @johngmyers #11619
- Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet @johngmyers #11590
- Consolidate CSI livenessprobe images for multi-arch support @rifelpet #11652
- Fix set-version leaving backup files with “-e” suffix @johngmyers #11691
- Add support for Docker v20.10.7 @hakman #11674
- Bump the cas addon version. @olemarkus #11780