Release notes for kOps 1.21 series
Significant changes
Service Account Issuer Discovery and AWS IAM Roles for Service Accounts (IRSA)
kOps now supports publishing an OIDC-compatible discovery document to an S3 bucket and configuring AWS to use it for IAM Roles for Service Accounts (IRSA).
See the Service Account Issuer Discovery documentation for more information.
Dedicated API Server nodes.
kOps now supports extending the control plane with dedicated apiserver nodes. These nodes run in dedicated instance groups that can be scaled horizontally.
In 1.21, this feature is behind a feature flag as node role name, labels, taints, and domains can change based on feedback from the community.
Warm Pool (AWS only)
A Warm Pool contains pre-initialized EC2 instances that can join the cluster significantly faster than regular instances. These instances run the kOps configuration process, pull known container images, and then shut down. When the ASG needs to scale out it will pull instances from the warm pool if any are available.
See the warm pool documentation for more information.
Other significant changes
Protokube now runs as a systemd process rather than a docker container.
Support for AWS launch configurations has been removed in favour of launch templates.
kOps can now use Node Termination Handler’s Queue Processor mode, which offers more functionality than the IMDS Processor mode. See the addons page for more information.
New addon for the CSI snapshot-controller.
Breaking changes
- Support for Kubernetes versions 1.13 and 1.14 has been removed.
Required Actions
The ClusterRoleBinding for AWS EBS CSI DaemonSet has changed name. If you installed this addon before kOps 1.21, you need run
kubectl delete crb ebs-csi-node-binding
.To support Node Termination Handler’s Queue Process mode, AWS cluster deletion now requires the kops CLI have
sqs:ListQueues
andevents:ListRules
permissions regardless of whether or not the addon is used.
Deprecations
Support for Kubernetes versions 1.15 and 1.16 is deprecated and will be removed in kOps 1.22.
Support for Kubernetes version 1.17 is deprecated and will be removed in kOps 1.23.
Support for CentOS 7 is deprecated and will be removed in future versions of kOps.
Support for CentOS 8 is deprecated and will be removed in future versions of kOps.
Support for Debian 9 (Stretch) is deprecated and will be removed in future versions of kOps.
Support for RHEL 7 is deprecated and will be removed in future versions of kOps.
Support for Ubuntu 18.04 (Bionic) is deprecated and will be removed in future versions of kOps.
The legacy location for downloads
s3://https://kubeupv2.s3.amazonaws.com/kops/
has been deprecated and will not be used as of kOps 1.22. The new canonical downloads location ishttps://artifacts.k8s.io/binaries/kops/
.The manifest based metrics server addon has been deprecated in favour of a configurable addon.
The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.
The
node-role.kubernetes.io/master
andkubernetes.io/role
labels are deprecated and might be removed from control plane nodes in kOps 1.23.Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.
Full change list since 1.20.0 release
1.20.0-alpha.2 to 1.21.0-alpha.1
- Release notes for 1.20.0-alpha.2 @hakman #10768
- Add troubleshooting of corrupted api server leases @olemarkus #10764
- Boot nodes without state store access @justinsb #10469
- Update GCE zones @bharath-123 #10771
- Kubetest2 - Use a shell lexer for passing extra args to
create cluster
@rifelpet #10772 - Use the kubeApiServerConfig clientCAFile field @slu2011 #10707
- Kubetest2 - Fix splitting of —create-args @rifelpet #10775
- Logging: don’t suggest we are pre-creating DNS records unless we are @justinsb #10782
- Add missing versions to channels @olemarkus #10781
- fix: asset task copy docker image @johanneswuerbach #10767
- Add support for creating world-readable managedFiles @olemarkus #10778
- Update kubectl documentation with new flags @rpadovani,@hakman #10779
- Add overrides testing in lifecycle integration tests @rifelpet #10752
- Add AWS LoadBalancerController @olemarkus #10489
- Update Calico to v3.17.2 @hakman #10787
- Enable CSIMigrationAWS if CSI EBS driver is installed @olemarkus #10791
- Fill Role names in kops-controller-config instead of instance profile names when it is specified @h3poteto #10728
- Storage: Allow disabling of kOps’s management of StorageClasses @seh #10733
- kubetest2 - Dump all pod logs in addition to host logs @rifelpet #10799
- Update Docker to v19.03.15 @hakman #10802
- Fix LaunchSpec TF output @hakman #10806
- Make protokube CP label setting consistent with kops-controller @olemarkus #10780
- Add deprecation notice for launch templates. @bharath-123 #10809
- add azure support for internal loadbalancer to k8s api @collin-woodruff-t1cg #10744
- Allow managed images for Azure instance groups @NickSchleicher #10797
- kubenet containerd: match upstream @justinsb #10759
- kubetest2: Add —host argument @justinsb #10814
- iptables: Use the lock when checking for existing rules @justinsb #10812
- Spotinst: Replace corev1.Taint to fix HCL2 serialization @liranp #10819
- Spotinst: Bump the Ocean Controller to 1.0.72 @liranp #10820
- Allow to control which subnets and IPs get used for the API loadbalancer @codablock #10741
- kubetest2: Call Test, not Execute @justinsb #10824
- Fix kdi ‘must specify’ error @olemarkus #10825
- Update aws-sdk-go @rifelpet #10830
- Use correct tag when creating node labels from azure cloud tags @NickSchleicher #10619
- Precreate the kops-controller DNS name @rifelpet #10833
- containerd installation: always configure, even if we don’t install @justinsb #10813
- Release binaries for protokube and channels @hakman #10840
- Release 1.21.0-alpha.1 @hakman #10841
1.21.0-alpha.1 to 1.21.0-alpha.2
- Release notes for 1.21.0-alpha.1 @hakman #10844
- Update mock to v1.21.0-alpha.1 @hakman #10845
- Kubetest2 - terraform support @rifelpet #10697
- Actually enable systemd cgroup for containerd @codablock #10846
- Update Go to v1.15.8 @hakman #10853
- Add liveness probe for calico-kube-controllers @hakman #10856
- Fix OpenStack delete functions @ottosulin #10849
- Add support for CAS 1.20 + support for disabling CAS for a given IG @olemarkus #10857
- Bump aws node termination handler to 1.12.0 @bharath-123 #10863
- Kubetest2 - add ginkgo node debug logs @rifelpet #10866
- K8s Version Updates February 2021 @MoShitrit #10865
- Add note about remote identities @olemarkus #10868
- Bump metrics-server to 0.4.2 @olemarkus #10858
- kubetest2 - support terraform with
kops create cluster
@rifelpet #10867 - Add validation for instanceType and ami architecture @bharath-123 #10747
- Upgrade k8s 1.20 to latest patch version @MoShitrit #10875
- Update AWS CNI to latest patch version @MoShitrit #10876
- Fixes for 1.21 e2e tests @olemarkus #10879
- Release notes for 1.19.1 @justinsb #10883
- Improve machine type and image validation @hakman #10884
- fix loadBalancerID null pointer @collin-woodruff-t1cg #10886
- Update Openstack Cloud Go module to v1.20.1 @bmelbourne #10896
- Enforce 1.14 deprecation @olemarkus #10897
- add usage of subnet and routetable shared resources in azure @ngalantowicz #10900
- Update Calico to v3.18.0 @hakman #10904
- Adding Elastic IP Allocations to NLB API @timothyclarke #10872
- Release notes for 1.20.0-beta.1 @hakman #10909
- Update Google Cloud Go module to v0.77.0 @bmelbourne #10894
- Add Tagging to Instance Profiles and OIDC Providers @rifelpet #10832
- AWS LB controller is as of 1.20, not 1.19 @olemarkus #10919
- Spotinst: Prevent instance groups with the same suffix from being deleted @liranp #10918
- add support for azure public loadbalancer @collin-woodruff-t1cg #10915
- Fix nil pointer deference for image ID with spotinst @hakman #10924
- Update SSH documentation for ubuntu @jpugliesi #10931
- Fix no-schedule issue @christian-schlichtherle #10928
- Update Controller Runtime Go module to v0.8.2 @bmelbourne #10914
- Sort external policies when checking for changes @hakman #10940
- Instruct GH to collapse BUILD.bazel diffs by default @rifelpet #10912
- Further improve cloudLabel validation @olemarkus #10910
- Add a standardised set of labels on all resources @olemarkus #10796
- Bump external-dns to 0.7.6 @olemarkus #10946
- Update etcd-manager to 3.0.20210228 @justinsb #10949
- gce doesn’t suffix the IG names with ClusterName @olemarkus #10944
- Add AWS Transit Gateway support @rifelpet #10948
- Fix node label conversion in Azure @kenji-cloudnatix #10935
- Spotinst: Bump the Ocean Controller to 1.0.73 @liranp #10960
- Spotinst: Don’t skip LB attachments when SpotinstHybrid is enabled @liranp #10961
- Add explicit RBAC permissions for finalizers subresources @olemarkus #10966
- Fix typos in docs/getting_started @roim #10921
- Add support for CPU Credits on AWS t2 and t3 instance families @rifelpet #10934
- Add support for enable-cadvisor-json-endpoints with Kubelet @adrianmoisey #10957
- Exclude CP nodes from load balancers @olemarkus #10945
- Update k8s.io Go modules to v0.20.4 @bmelbourne #10965
- Update Go to v1.16 @bmelbourne #10892
- Add a note about informal office hours @olemarkus #10650
- Removing duplicate local and output values in terraform(#10786) @mmerrill3 #10978
- Add CloudLabels as —extra-tags to aws-ebs-csi driver @codablock #10976
- Use internal api url for jwks @olemarkus #10888
- Disable Calico Prometheus metrics by default @hakman #10982
- Add etcd-manager discoveryPollInterval option @ottosulin #10975
- Remove manually added labels from addons @hakman #10987
- Fix kops-controller rbac due to leader election change @olemarkus #10988
- Various cleanups around apply_cluster and awsmodel @olemarkus #10579
- Fix very minor formatting typos in docs/manifests_and_customizing_via_api @vitaliyf #10990
- Run protokube as a systemd service @bharath-123,@hakman #10574
- kubetest2 - don’t overwrite create args that use equals signs @rifelpet #10994
- Remove support for launch configurations @bharath-123 #10937
- Use exponential backoff for DNS updates @hakman #10996
- Storage: Amend default choice for StorageClass management to honor a specified OpenStack-related value @seh #11002
- Add to 1.21 release notes @bharath-123 #11004
- Kubetest2 - Add support for publishing the kops version marker @rifelpet #11006
- Kubetest2 - Fix kops’ —kubernetes-version with k8s version markers @rifelpet #11007
- Don’t build kops during periodic upgrade tests @rifelpet #11005
- Remove extraneous field from integration test @rifelpet #11010
- Remove trailing newline from kubernetes version marker @rifelpet #11011
- aws: Graceful handling of EC2 detach errors @hwoarang #10740
- Kubetest2 - use same kops binary for all commands in upgrade scenario @rifelpet #11017
- Update Calico to v3.18.1 @hakman #11018
- Increase route53 retry count from 3 to 5 @rifelpet #11020
- Spotinst: Add support for block device mappings in Ocean Launch Spec @liranp #11009
- Allow cilium 1.10 @olemarkus #11026
- Fix rendering of multiple Docker insecure registries @hakman #11027
- azure: fix null pointer when updating in place cluster @collin-woodruff-t1cg #11015
- Release notes for 1.20.0-beta.2 @hakman #11034
- Update k8s dependencies to v1.21.0-beta.1 @hakman #11013
- Trim space on kops version markers @rifelpet #11037
- Honor OS update policy at InstanceGroup level too @seh #10913
- Update Go to v1.16.2 @hakman #11039
- Create an environment file for kops-configuration systemd process @bharath-123 #11042
- Improve instance type validation error message @bharath-123 #11043
- Revert upgrade script to build kops @rifelpet #11044
- cluster validation - allow flapping of validation errors @rifelpet #11049
- Update Terraform to v0.14.8 @bmelbourne #11051
- Cleanup some nodeup & protokube logging @rifelpet #11052
- Update Go modules to latest versions @bmelbourne #11047
- Add channels entries for image architecture @hakman #11046
- fix CNI bin path in troubleshoot.md @adrianmester #11061
- Kubetest2 - Add GCE default SSH key values from prow jobs @rifelpet #11065
- correct a word for readme @yojay11717 #11066
- Update Bazel to v3.5.0 @hakman #11041
- Install bazelisk before pushing images @hakman #11067
- Kubetest2 - Add boskos for GCE support @rifelpet #11070
- Download kubectl to /opt/kops/bin on Flatcar OS @rifelpet #11054
- Kubetest2 - initialize boskos heartbeat channel @rifelpet #11073
- Instance roles for service accounts (IRSA) contd @rifelpet,@olemarkus #10756
- Kubetest2 - add more validation time for —target terraform @rifelpet #11077
- Fix GCE channels version constraints @rifelpet #11076
- Update k8s versions with March 2021 releases @MoShitrit #11075
- Upgrade AWS CNI to version 1.7.10 @MoShitrit #11078
- Improve error messages around PublicJWKS @justinsb #11085
- Don’t add control-plane DNS permissions with UseServiceAccountIAM @justinsb #11086
- Ensure a publicdatastore exists for jwks and that it can only be s3 @olemarkus #11081
- Apiserver nodes @olemarkus #10722
- fix(docs): cpuCFSQuotaPeriod needs a feature gate @danmx #11071
- Update Ubuntu 20.04 to latest AMI @bmelbourne #11083
- Re-add integration tests for jwks @justinsb #11087
- Replace go-bindata with go:embed @rifelpet #11089
- Dns controller fixes @olemarkus #11069
- Remove unused RoleLabelName16 @justinsb #11097
- Add additional IOPS validation for AWS EBS gp3 volumes @lichuan0620 #10843
- Update google SDK libraries @justinsb #11096
- Add values page @justinsb #11094
- Deeper validation in dns controller tests @justinsb #11095
- Ensure protokube can connect to kube-apiserver before starting the sync loop @olemarkus #11093
- Remove dbus dependency @bharath-123 #11082
- Have nodeup retry kops-controller bootstrapping sooner if DNS isn’t setup @rifelpet #11101
- Update AWS zones used by e2e tests @rifelpet #11103
- Add docs about dedicated apiserver ndoes @olemarkus #11090
- Put awslbcontroller on the control-plane @olemarkus #11091
- Release 1.21.0 alpha.2 @hakman #11109
1.21.0-alpha.2 to 1.21.0-alpha.3
- Release notes for 1.21.0-alpha.2 @hakman #11111
- Update release process docs @hakman #11112
- Use “tag on create” for EIPs, NLBs, and TargetGroups @rifelpet #11107
- Load env vars from file for kops-configuration service @hakman #11114
- Update containerd to v1.3.10/v1.4.4 @bmelbourne #11084
- [DigitalOcean] Fix DO Tag issue @srikiz #11102
- Kubetest2 - Setup SSH keys for GCE @rifelpet #11123
- Validate that kube-apiserver has the necessary authz modes set @olemarkus #11127
- Remove instance-selector label @bharath-123 #11048
- Kubetest2 - fix temp directory created for GCE SSH keys @rifelpet #11133
- replace hard coded aws region checks with aws sdk calls @guydog28 #11119
- kubetest2 - Specify GCE network name @rifelpet #11139
- Update protokube systemd unit docs link @rifelpet #11138
- Add scaleDownDelayAfterAdd to clusterAutoscaler spec @jurriaanpro #11140
- Update cluster_spec.md @carnivorelogic #11142
- minor protokube code clean up @bharath-123 #11143
- Pass ctx to drain helper @olemarkus #11146
- Change registrable domains to placeholders @lukehinds #11147
- Add tags to instance profile and OIDC provider terraform resources @rifelpet #11149
- Clarify release notes around exporting kubeconfig @justinsb #11154
- Expand flag help on —user flags @justinsb #11153
- Update Getting Started AWS guide @allir #11150
- fix the mistake link in addons.md @maoyangLiu #11151
- cloudbuild: capture some hashes @justinsb #11159
- Only update kops-controller pods on deletion @olemarkus #10871
- Side load images also on apiserver @olemarkus #11156
- Add an option to skip NTP installation @kenji-cloudnatix #11160
- kubetest2 - Pass GOPATH when building kops @rifelpet #11167
- Filter kOps NatGateways from route table @zetaab #11169
- Bump k8s deps to 1.21-rc.0 @olemarkus #11168
- Allow setting dedicated apiserver node count from create cluster cmd @olemarkus #11152
- Update Go to v1.16.3 @bmelbourne #11174
- Add integration test for aws lb controller @olemarkus #11175
- Enable use of irsa for aws load balancer controller @olemarkus #11088
- Increase timeout and update images for postsubmit job @rifelpet #11177
- Update Go modules to latest versions @bmelbourne #11176
- Kubetest2 - Add flag to expose cluster validation wait time @rifelpet #11178
- Spotinst: Use BDM to configure the root volume size at VNG level @liranp #11179
- Spotinst: Configure headroom resources only at the VNG level @liranp #11181
- Update k8s dependencies to v1.21.0 @hakman #11188
- Release notes for 1.19.2 @justinsb #11193
- Update node local dns cache @zetaab #11057
- Update cilium.md @recollir #11189
- Release notes for 1.20.0 @justinsb #11196
- Docs: Remove ‘prerelease’ warning from 1.20 @justinsb #11198
- Kubetest2 - Create project-specific state store buckets in GCP @rifelpet #11200
- Update release compatibility matrix @johngmyers #11201
- Update integration tests to k8s v1.21.0 @bmelbourne #11206
- Kubetest2 - Set KOPS_BASE_URL to —build’s stage location @rifelpet #11210
- Update Docker to v20.10.5 @bmelbourne #11195
- Rename the service account key @johngmyers #11207
- Update go deps @zetaab #11208
- Kubetest2 - detect errors creating GCS bucket @rifelpet #11212
- Kubetest2 - Ensure the bucket path is the final gsutil arg @rifelpet #11215
- Update IG tutorial for per-AZ node groups @rifelpet #11218
- Use “string” for architecture type in ChannelRecommendedImage @hakman #11220
- Always secure api -> kubelet communication @olemarkus #11185
- Fix etcd volume validation logic @hakman #11225
- Replace k8s.io/utils/mount with k8s.io/mount-utils @hakman #11229
- Release 1.21.0-alpha.3 @hakman #11231
1.21.0-alpha.3 to 1.21.0-beta.1
- fix a typo @yojay11717 #11232
- Release notes for 1.21.0-alpha.3 @hakman #11233
- Remove validations for EBS from cluster validation @h3poteto #11228
- Add support for Docker v20.10.6 @hakman #11236
- Don’t start kubelet if instance is entering the warm pool @olemarkus #11216
- Correct typos @Akiros001 #11238
- Logging cleanup @rifelpet #11080
- Update kops_create_secret_dockerconfig.md @integrii,@hakman #11186
- Remove BLM banner @hakman #10672
- Run tests only in zones with increased limits @hakman #11240
- Give kOps CLI knowledge about ASG warm pools @olemarkus #11227
- Fix golint issue caused by typo @fenggw-fnst #11239
- Remove unused constants @johngmyers #11241
- Bump k8s versions with April 2021 releases in Alpha channel @MoShitrit #11245
- Update kOps recommended versions and images @hakman #11247
- Kubetest2 - Cleanup leaked resources from previous clusters @rifelpet #11250
- Run tests in all regions with increased limits @hakman #11249
- Don’t set NeedUpdate on first addon install @olemarkus #11257
- Make it possible to detect field changes when mixedInstancePolicy is removed @h3poteto #11255
- Update rolling update documentation @johngmyers #11263
- Pre-pull cilium and kube-proxy in warming mode @olemarkus #11258
- [cilium] Add support for choosing resources @dntosas #11248
- Add install section to kubelet unit @olemarkus #11264
- Update terraform and cloudformation lint versions @rifelpet #11266
- Fix cilium template scoping typo @javipolo #11270
- Add Azure image to alpha/stable channel @kenji-cloudnatix #11271
- Exclude nodes from load balancers upon cordoning @johngmyers #11273
- Make it possible to enable/configure warm pool @olemarkus #11235
- If one tries to use eip with a public ip that doesn’t exist, fail @olemarkus #11276
- Spotinst: Update spotinst/ocean-controller to v1.0.74 @liranp #11286
- Add NTH Queue Processor Mode @haugenj #10995
- Apiserver fixes @olemarkus #11293
- Spotinst: Prevent nil pointer dereference @liranp #11289
- fix: create.go doesnt add —name flag to the prompt: kops update cluster @ebarped #11296
- Make warm pool no ASG found error retryable @olemarkus #11285
- Document the newly required SQS permissions for NTH @rifelpet #11300
- fix permissions required for NTH Queue Processor @haugenj #11303
- bump NTH to 1.13.0 @haugenj #11301
- Add GCE Router task @kenji-cloudnatix #11184
- Add ability to set a default Issuer in certManager addon @javipolo #11281
- Make nodeup able to complete the warming life cycle hook @olemarkus #11259
- update deps @zetaab #11306
- Filter servers using cluster name in tags @zetaab #11305
- Add warm pool docs and release notes @olemarkus #11307
- Use the full operator instead of the generic one @olemarkus #11312
- Improve warm pool documentation @johngmyers #11313
- Disallow negative warmpool sizes @johngmyers #11317
- Promote channel alpha to stable @hakman #11318
- [metrics-server] Bump manifest to latest stable @dntosas #11319
- Allow disabling warm pool by setting WarmPool.MaxSize to 0 @johngmyers #11316
- Fix typo @johngmyers #11321
- [csi/aws] Bump templates + add support for warm pools @dntosas #11304
- Add a lifecycle test for GCE @kenji-cloudnatix #11291
- Add cluster-level warmPool settings @johngmyers #11322
- Fix arguments to csi-provisioner after bump to v2.2.0 @codablock #11326
- kubetest2: Infer the provider and zones from the kops cluster @justinsb,@rifelpet #10847
- Add support for configuring Cilium enable-host-reachable-services. @bjhaid #11333
- Fix lifecycle hook naming @olemarkus #11335
- Recognize Ubuntu 21.04 @hakman #11327
- Add
enable-host-reachable-services
to 1.8 and generic cilium. @bjhaid #11337 - Don’t try to delete warm pool when creating the cluster @olemarkus #11331
- Update Calico to v3.18.2 @hakman #11339
- Fix SQS resource flapping @olemarkus #11336
- Update controller-runtime to v0.9.0-beta.0 @hakman #11342
- Set SAN for addon CAs @olemarkus #11328
- Update kubetest2 dependency and fix install method for upgrade scenario @rifelpet #11338
- Bump cilium to 1.9.6 @olemarkus #11344
- Fix upgrade scenario kubetest2 install @rifelpet #11350
- Fix kubetest2 panic inheriting env vars @rifelpet #11351
- Mount /run inside etcd-manager pods for systemd mounts @hakman #11352
- Update deps @zetaab #11357
- Ignore detached nodes when doing validate cluster @rajatjindal #11349
- Move firewall, iam, network and sshkey to awsmodel @hakman #11358
- [addons/nth] Add capability to define resources @dntosas #11360
- Split oidc_provider @olemarkus #11359
- Expose hubble agent when hubble is enabled @olemarkus #11314
- Configure aws oidc provider @olemarkus #11361
- Use VFS as service account issuer if configured @olemarkus #11362
- Allow cert-manager to be provisioned externally @codablock #11354
- Mark control-plane node for update when etcd volume size changes @hakman #11365
- Mark control-plane node for update when etcd manager config changes @hakman #11369
- user-configurable IAM roles for ServiceAccounts @olemarkus #11016
- add permission to create sa tokens @zetaab #11373
- Add more support for cilium 1.10 @olemarkus #11374
- Update Calico to v3.19.0 @hakman #11372
- Refactor terraform writing @johngmyers #11371
- Remove unused k8s version parsing @rifelpet #11375
- Fix upgrade of service-account key @johngmyers #11376
- Don’t try to mount hubble TLS on the agent if we don’t use hubble @olemarkus #11378
- Kubetest2 - Update k8s upgrade test + add kops upgrade test @rifelpet #11382
- Kubetest2 - Fix GNU mktemp syntax @rifelpet #11384
- Kubetest2 - fix wget flag in kops download @rifelpet #11385
- kubetest2 - remove unnecessary flags from upgrade scripts @rifelpet #11386
- Don’t use PublicJWKS in TestAWSLBController @johngmyers #11391
- Don’t add IRSA env vars if feature flag is not enabled @olemarkus #11392
- Recognize the ServiceAccountIssuerDiscovery featue gate @johngmyers #11395
- Quote
grep
patterns in docs/rotate-secrets.md @keithlayne #10656 - Documentation and release note for IRSA @johngmyers #11398
- Remove the PublicJWKS feature flag @johngmyers #11396
- Don’t publish OIDC discovery if DiscoveryStore not set @johngmyers #11397
- Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller @olemarkus #11393
- Add another update cluster dryrun to upgrade tests @rifelpet #11401
- Update default volumes types in Cluster Documentation @allir #11405
1.21.0-beta.1 to 1.21.0-beta.2
- Use etcd-manager built from etcdadm repo @justinsb,@hakman #11098
- Release 1.21.0-beta.1 @johngmyers #11408
- [addons/awscsidriver] Bump to GA release @dntosas #11418
- Verify all versions are set correctly @johngmyers #11413
- Update verify-terraform to use 0.15.3 @rifelpet #11433
- Create new clusters without forcing a container runtime @hakman #11428
- Sort —extra-tags of ebs-csi-driver @codablock #11444
- Allow AWS instance types with multiple architectures @hakman #11463
- Add support for CAS 1.21.0 @olemarkus #11462
- 1.21 branch: Announce k8s removals two kOps versions in advance @johngmyers #11490
- Update cert-manager @olemarkus #11493
- Set priorityClassName on critical addons @olemarkus #11495
- fix(coredns/rbac): add permission to list and watch endpointslices @nettoclaudio #11459
- upup: gcetasks: fix diffs in instance template and router @nicktrav #11460
- upup: gcetasks: force send AutoCreateSubnetworks field when set to false @nicktrav #11457
- Spotinst: Update spotinst/ocean-controller to v1.0.75 @liranp #11512
- bump aws lb controller to 2.2.0 @olemarkus #11502
- Set default fstype for ebs volumes to ext4 @olemarkus #11525
- [addons/networking.cilium.io] enable prometheus scraping @ulfox #11514
- Update containerd to v1.4.6 @hakman #11535
- Release images bundle instead of separate images @hakman #11522
- Bump CoreDNS manifests to latest stable version 1.8.3 @dntosas #11500
- Update CAS manifest @olemarkus #11491
- Make events etcd cluster optional @codablock #11330
- Bump default cilium to 1.9.7 @olemarkus #11554
- Add snapshot-controller @olemarkus #10730
- Add snapshot-controller @olemarkus #11561
- Allow using insecure TLS for metrics-server with Kubernetes 1.19+ @hakman #11559
- Cleanup orphaned IAM service account roles in direct render @johngmyers #11497
- Fix deletion of IAM roles and policies @johngmyers #11558
1.21.0-beta.2 to 1.21.0-beta.3
- Release 1.21.0-beta.2 @johngmyers #11567
- Allow Spotinst to use comma separated instance types @hakman #11560
- Only allow deletion of snapshots owned by the cluster @olemarkus #11571
- Only update kubeconfig user when we have user info @justinsb #11584
- Update Calico to v3.19.1 @hakman #11594
- Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet @johngmyers #11590
- Add init image field for Amazon VPC CNI @ryan-dyer #11602
- Fix duplicate CopyFile tasks @johngmyers #11619
- Update Go to v1.16.4 @hakman #11626
- Set lifecycle on WarmPool task @johngmyers #11618
- Consolidate CSI livenessprobe images for multi-arch support @rifelpet #11652
- Fix jwks object path in S3 for IRSA @h3poteto #11649
- Set canonical location for downloads to artifacts.k8s.io @hakman #11486
- Drop trailing slash from oidc issuer @olemarkus #11682
- Update Go to v1.16.5 @hakman #11686
- Add support for Docker v20.10.7 @hakman #11674
1.21.0-beta.3 to 1.21.0
- Release 1.21.0-beta.3 @johngmyers #11690
- Fix set-version leaving backup files with “-e” suffix @johngmyers #11692
- Fix the CSI EBS DS CRB. @olemarkus #11704
- Add proxy envs to calico to make possible usage of AWS source @DOboznyi #11710
- Generate AWSEBSCSIDriver model only when using AWS @hakman #11718
- Use quay images for cilium @olemarkus #11728
- fix enable default SC when EBS driver is not installed @olemarkus #11773
- Compare OpenStack security groups deterministically
- Make forwardToKubeDNS work in the NodeLocal DNSCache template @ederst #11757
- Bump the cas addon version. @olemarkus #11781
- Don’t try to build etcd-manager secrets for cilium twice @olemarkus #11792
- Also set haveUserInfo=true in case —user was provided in @codablock #11812
- Handle containerExec hooks when using containerd @hakman #11855
- bump the version of gophercloud @cardoe #11830
- support large/slow downloads #11886: Set download timeout to 3 minutes @aojea,@hakman #11891
- Include GCP Project in terraform HCL2 output @rifelpet #11902
- Avoid spurious changes for ASG InstanceProtection and LT @hakman #11882
1.21.0 to 1.21.1
- Release 1.21.0 @justinsb #11908
- Add log rotation for etcd-cilium.log @hakman #11943
- check if the instance is under an asg @olivierpilotte #11958
- Cilium etcd fixes @olemarkus #11961
- Use regional STS endpoint @johngmyers #12043
- Update containerd to v1.4.8 @hakman #12059
- Update core-dns to v1.8.4 @hakman #12062
- Update Docker to v20.10.8 @hakman #12096
- Make metrics-server insecure if insecure is true @olemarkus #12114
- Update Calico to v3.19.2 @hakman #12125
- Fix cases when the VPC doesn’t exist yet for vpccidrblocks in 1.21 @mikesplain #12126
- Fix disabling unattended upgrades @olemarkus #12123
- Support Debian 11 Bullseye @ReillyBrogan #12108
- Bump cilium to 1.9.9 @olemarkus #12146
- Reconcile if managedFile is public or not @olemarkus #12148
- leverage proxy env variables @aojea #12150
- Update Go to v1.16.7 @hakman #12153
- Debian 11: Release AMIs use same AWS Owner ID as Buster @ReillyBrogan #12161
- Log s3 acl in additional cases @olemarkus #12167
- Hardcode Flatcar containerd exec command @hakman #12177
- Backport moving updatePolicy to nodeup config @ReillyBrogan #12175
- Add option in Cluster Autoscaler AddOn for AWS EC2 Static instance list @amitpd #12187
1.21.1 to 1.21.2
- Release 1.21.1 @justinsb #12191
- Update Calico to v3.19.3 for kOps 1.21 @hakman #12362
- Truncate cluster name in NTH EventBridgeRules @rifelpet #12439
- Don’t ignore channel value in toolbox template @hakman #12464
- Update containerd and Docker for kOps 1.21 @hakman #12508
1.21.2 to 1.21.4
- Increase upup http response header timeout @AlexLast #12694
- set calico-node readiness/liveness timeout to 10s @estahn #12713
- Fix out of bounds error when instance detach fails @johngmyers #12698
- Fix that states AWS IAM Instance Profile blocks IAM Role @angeloskaltsikis #12677
- Shorten filenames in the asset store @johngmyers #12765
- Add hashes for latest containerd and Docker versions @hakman #12767
- Update containerd to v1.4.12 @hakman #12772
- Fix volume ratio comparisons @olemarkus #12791
- Bump etcd manager to 20211117 @justinsb #12763
- Upgrade Go to 1.16.10 @hakman #12798