Release notes for kOps 1.18 series

Significant changes

The default image has been updated to Ubuntu 20.04 (Focal). Consequently, the SSH user changed to ubuntu and the Linux kernel changed to version 5.4.
To address the issue of IPv4 only clusters being susceptible to MitM attacks via IPv6 rogue router advertisements, the affected components have been upgraded as follows:
- Docker version 19.03.11 - CVE-2020-13401
- CNI plugins 0.8.6 - CVE-2020-10749
- Calico 3.15.1 - CVE-2020-13597
- Weave Net 2.6.5 - CVE-2020-11091
Support for RHEL 8 and CentOS 8 has been added.
Support for Amazon Linux 2 has been improved and will work with the default Docker version.
containerd has been added and can be selected as an alternate container runtime for Kubernetes. Enable by using the --container-runtime containerd flag when creating a cluster or by setting spec.containerRuntime: containerd.
Rolling updates now support surging and parallelism within an instance group. For details see the documentation.
Cilium CNI can now use AWS networking natively through the AWS ENI IPAM mode. kOps can also run a Kubernetes cluster entirely without kube-proxy using Cilium’s BPF NodePort implementation.
Cilium CNI can now use a dedicated etcd cluster managed by etcd-manager for synchronizing agent state instead of CRDs.
The Terraform target now supports Terraform 0.12 syntax (HCL2) by default. See the Required Actions item below.
New clusters in GCE are configured to run the metadata-proxy by default. The proxy runs as a DaemonSet and lands on nodes with the nodeLabel cloud.google.com/metadata-proxy-ready: "true". If you want to enable metadata-proxy on an existing cluster/instance group, add that nodeLabel to your instancegroup specs (kops edit ig ...) and run kops update cluster. When the changes are applied, the proxy will roll out to those targeted nodes.
GCE has a new flag: --gce-service-account. This takes the email of an existing GCP service account and launches the instances with it. This setting applies to the whole cluster (ie: it is not currently designed to support Instance Groups with different service accounts). If you do not specify a service account during cluster creation, the default compute service account will be used which matches the prior behavior.
Google API client libraries updated from v0.beta to v1.
Support for NodeLocalDNS cache.

Breaking changes

Support for Docker versions 1.11, 1.12 and 1.13 has been removed because of the dockerproject.org shut down. Those affected must upgrade to a newer Docker version.
Terraform users on AWS may need to rename some resources in their state file in order to prepare for Terraform 0.12 support. See Required Actions below.
Support for the CoreOS OS distribution has been removed. Users should consider Flatcar as a replacement.
Support for the Debian 8 (Jessie) OS distribution has been removed.
The Docker health-check service has been disabled by default. It shouldn’t be needed anymore, but it can still be enabled by setting spec.docker.healthCheck: true. It is recommended to also check node-problem-detector and draino as replacements. See Required Actions below.
Network and internet access for docker run containers has been disabled by default, to avoid any unwanted interaction between the Docker firewall rules and the firewall rules of netwok plugins. This was the default since the early days of kOps, but a race condition in the Docker startup sequence changed this behaviour in more recent years. To re-enable, set spec.docker.ipTables: true and spec.docker.ipMasq: true.
Lyft CNI plugin default subnet tags changed from from Type: pod to KubernetesCluster: myclustername.mydns.io. Subnets intended for use by the plugin will need to be tagged with this new tag and additional tag filters may need to be added to the cluster spec in order to achieve the desired set of subnets.
Support for basic authentication has been disabled by default for Kubernetes 1.18 and will be removed in Kubernetes 1.19.
Support for static tokens has been disabled by default for Kubernetes 1.18 and later. To re-enable, see the Security Notes for Kubernetes. We intend to remove support entirely in a future kops version, so file an issue with your use case if you need this feature.
Support for Kubernetes versions prior to 1.9 has been removed.
Kubernetes 1.9 users will need to enable the PodPriority feature gate. See Required Actions below.
Support for the “Legacy” etcd provider has been removed for Kubernetes versions 1.18 and higher. Such clusters will need to migrate to the default “Manager” etcd provider. To migrate, see the etcd migration documentation.
A controller is now used to apply labels to nodes. If you are not using AWS, GCE or OpenStack your (non-master) nodes may not have labels applied correctly.
The kops.k8s.io/v1alpha1 API has been removed. Users of kops replace will need to supply v1alpha2 resources.
Please see the notes in the 1.15 release about the apiGroup changing from kOps to kops.k8s.io

Required Actions

Terraform users on AWS may need to rename resources in their terraform state file in order to support Terraform 0.12. Terraform 0.12 no longer supports resource names starting with digits. In kOps, both the default route and additional VPC CIDR associations are affected. See #7957 for more information.
The default route was named aws_route.0-0-0-0--0 and will now be named aws_route.route-0-0-0-0--0.
Additional CIDR blocks associated with a VPC were similarly named the hyphenated CIDR block with two hyphens for the /, for example aws_vpc_ipv4_cidr_block_association.10-1-0-0--16. These will now be prefixed with cidr-, for example aws_vpc_ipv4_cidr_block_association.cidr-10-1-0-0--16.

To prevent downtime, follow these steps with the new version of kOps:

KOPS_FEATURE_FLAGS=-Terraform-0.12 kops update cluster --target terraform ...
# Use Terraform <0.12
terraform plan
# Observe any aws_route or aws_vpc_ipv4_cidr_block_association resources being destroyed and recreated
# Run these commands as necessary. The exact names may differ; use what is outputted by terraform plan
terraform state mv aws_route.0-0-0-0--0 aws_route.route-0-0-0-0--0
terraform state mv aws_vpc_ipv4_cidr_block_association.10-1-0-0--16 aws_vpc_ipv4_cidr_block_association.cidr-10-1-0-0--16
terraform plan
# Ensure these resources are no longer being destroyed and recreated
terraform apply

kOps will now output Terraform 0.12 syntax with the normal workflow:

kops update cluster --target terraform ...
# Use Terraform 0.12. This plan should be a no-op
terraform plan

Users that need the Docker health-check service will need to explicitly enable it: kops edit cluster # Add the following section spec: docker: healthCheck: true
Kubernetes 1.9 users will need to enable the PodPriority feature gate. This is required for newer versions of kOps.

To enable the Pod priority feature, follow these steps: kops edit cluster # Add the following section spec: kubelet: featureGates: PodPriority: "true"

If a custom kOps build was used on a cluster, a kops-controller Deployment may have been created that should get deleted. Run kubectl -n kube-system delete deployment kops-controller after upgrading to kOps 1.16.0-beta.1 or later.

Known Issues

AWS clusters with an ACM certificate attached to the API ELB (the cluster’s spec.api.loadBalancer.sslCertificate is set) will need to reenable basic auth to use the kubeconfig context created by kOps export kubecfg. Set spec.kubeAPIServer.disableBasicAuth: false before running kOps export kubecfg. See #9756 for more information.

Deprecations

Support for Kubernetes versions 1.9 and 1.10 are deprecated and will be removed in kOps 1.19.
Support for Ubuntu 16.04 (Xenial) has been deprecated and will be removed in future versions of kOps.
Support for the Romana networking provider is deprecated and will be removed in kOps 1.19.
Support for legacy IAM permissions is deprecated and will be removed in kOps 1.19.

Full change list since 1.17.0 release

1.17.0-alpha.1 to 1.18.0-alpha.1

Release notes for 1.17.0-alpha.1 @justinsb #8006
Implementing audit dynamic configuration (#7392) @mmerrill3 #7424
Set bazel version @mikesplain #7996
Add verify-gomod and verify-goimports to Travis job @rifelpet #7952
Alicloud: fix typo for listenerPort @bittopaz #8011
Alicloud: only private subnets need SNAT rule @bittopaz #8015
Alicloud: use ID of EIP to compare @bittopaz #8012
Improve rolling update test coverage @johngmyers #7904
Add download link for etcd-manager-ctl, clarify restarting etcd @dzoeteman #7506
Run goimports in make ci @tioxy #8023
Alicloud: fix comparison failure for scalinggroup @bittopaz #8029
Alicloud: support internal api loadbalancer @bittopaz #8014
Alicloud: fix comparison failures for SecurityGroupRule and SSHKey @bittopaz #8028
Alicloud: add Encrypted field in Disk Find func @bittopaz #8026
Add joshbranham to OWNERs as reviewer @joshbranham #8010
Add CapacityOptimized to list of supported spot allocation strategies @gjtempleton #7406
Alicloud: fix comparison failures for VPC and NATGateway @bittopaz #8027
Alicloud: use Balance as MultiAZPolicy @bittopaz #8030
Allow users to set kube controller manager’s concurrent sync flags. @uruddarraju #7600
Pass the cloud object to validator from caller @johngmyers #7925
Rename to kops @justinsb #1
Alicloud: allow use RAM role for OSS client @bittopaz #8025
Fix Handling of LaunchTemplate Versions for MixedInstancePolicy @granular-ryanbonham #8038
Additional leader election options @DerekHeldtWerle #8036
Fix truncation of admission control plugins list @johngmyers #8033
Add more verifications to Travis @johngmyers #8024
Alicloud: fix comparison failures for LaunchConfiguration and LoadBalancerWhiteList @bittopaz #8042
[Issue-7956] - [Digital Ocean] Minor fix to have proper indexing for digital ocean regions @srikiz #8002
EBS Root Volume Termination @tioxy #7865
Canal v3.10 manifest for k8s v1.15+ @KashifSaadat #7917
Fix misleading message in “make ci” when imports formatted incorrectly @johngmyers #8045
Increase validation test coverage @johngmyers #8039
Update integration test to cover CloudFormation output of NAT gateways @rifelpet #8053
Fix CloudFormation template tags for NatGateway @hakman #8051
Alicloud: fix comparison failures for VSwitch and VSwitchSNAT @bittopaz #8044
Alicloud: fix comparison failures for RAMRole and RAMPolicy @bittopaz #8043
Bump cilium version to 1.6.4 @olemarkus #8022
Add verify-generate to Travis and ‘make ci’ @johngmyers #8054
Fix mounting Calico “flexvol-driver-host” in CoreOS @hakman #8062
Complete support for Flatcar @mazzy89 #7545
Cloud controller template function @DavidSie #7992
put kubernetes 1.17.0 to channels @zetaab #8072
remove unused functions and simplify return str @tanjunchen #7792
Validate cluster after updating bastions @johngmyers #8074
Add support for NFT with Calico and Canal @hakman #8076
Docs: Fix some broken development links @gjtempleton #8075
Docs: More List fixes @gjtempleton #8092
Update documentation of go version requirement @johngmyers #8094
add missing rbac rules @zetaab #8095
test validateCluster twice to make sure it does not flap @zetaab #8088
update metrics server image @nothinux #8046
docs(advanced): fix broken links on doc @pshanoop #8102
Add test for flapping cluster validation and improve its logging @johngmyers #8105
some resources upgraded to google provider 3.0 @mccare #8103
fix-pkg-staticcheck and remove the repeat code @tanjunchen #8035
dev: hack/update-expected.sh should generate missing file @justinsb #8111
dev: ignore kops-controller in hack/update-expected.sh @justinsb #8107
Terraform GCE output: setting google provider to at least 3.0.0 @mccare #8108
Add test for protokube builder @justinsb,@rifelpet #8112
channels: bump k8s versions after dec. patch releases @idealhack #8123
Fix doc(advanced) broken links @pshanoop #8125
a little change @zehuaiWANG #8127
fix 404 urls @yuxiaobo96 #8052
pkg/model pkg/diff pkg/client/:simplify code and remove unused code @tanjunchen #8120
Cleans up the create cluster CLI prompts @geojaz #8122
Add kubeconfig flag to validate cluster command @vvbogdanov87 #8110
Add inf1 isntances @mikesplain #8128
util/pkg/ upup/tools/ : simplify code and remove unused code @tanjunchen #8121
Bump COS version in alpha channel for k8s >= 1.16 @justinsb #8116
Openstack: Fix cluster floating ips @mitch000001 #8115
Update Calico to v3.10.2 @hakman #8104
tests: increase timeout in rolling update tests @justinsb,@rifelpet #8139
Automatically install dependencies with local packages @hakman #8020
Add support for Containerd container runtime @hakman,@justinsb #7986
Fix periodic e2e test for Ubuntu 16.04 @hakman #8160
Latest bazel launcher seems to require a newline at end of .bazelversion @justinsb #8161
Spotinst: Upgrade the Spotinst controller to version 1.0.50 @liranp #8080
kops-change-main @zehuaiWANG #8132
nodeup/pkg/model - fix static check @hakman #8155
upup/pkg/fi/ upup/pkg/kutil : simplify code and remove code @tanjunchen #8118
Update kubernetes versions used in integration tests @rifelpet #8173
Run dns-controller and kops-controller as non-root user @johngmyers #8169
Fix verify-staticcheck prow job @rifelpet #8182
protokube/pkg - fix static check @hakman #8165
Refactor: Add Region() method to fi.Cloud @justinsb #8180
Remove make command from verify-staticcheck.sh @rifelpet #8189
GCE: Fix Permission for the Storage Bucket @mccare #8157
pkg/instancegroups - fix static check @johngmyers #8186
pkg/resources/aws:simplify code and remove code @Aresforchina #8188
Update links printed by kOps to use new docs site @rifelpet #8190
dnsprovider/pkg/dnsprovider - fix static check @hakman #8149
fix staticcheck failures in pkg/resources @Aresforchina #8191
Add corresponding unit test to the function in subnet.go. @fenggw-fnst #8195
Update gcr.io images @justinsb #8197
pkg/resources-fix staticcheck @k8s-ci-robot,@Aresforchina #8192
Update Weave Net to version 2.6.0 @bboreham #7898
Guard External cloud controller manager with its feature flag @mitch000001 #7770
Always consider spot instance node readiness in cluster validation @johngmyers #8159
Update support for RHEL 8 @hakman #8164
Fix upup/tools/generators/pkg/codegen staticcheck failures @johngmyers #8203
containerd: Use containerd 1.2.4 with Docker 18.09.3 @hakman #8170
util/pkg/vfs/:staticcheck @tanjunchen #8171
containerd: Add —container-runtime cli flag @hakman #8172
Add deprecation warning for older k8s versions @rifelpet #8176
Add all flag to export cluster command @vvbogdanov87 #8179
Alicloud: refine Alicloud RAM role policy @bittopaz #8194
Fix cmd/kops staticcheck failures @johngmyers #8202
/hack: improve shell script in hack @tanjunchen #8143
dns-controller: allow it to run on CNI networking mode and remove dependency on kube-proxy @rochacon #8131
replace TrimRight with TrimSuffix @tanjunchen #8041
Fix typo in export kubeconfig @vvbogdanov87 #8211
Fix typo in KubeProxy model @rifelpet #8210
Fix link printed in k8s version deprecation message @rifelpet #8209
cilium: don’t try to mount sys/fs/bpf if already mounted @justinsb #7832
Set shared field for volume resource on delete @vvbogdanov87 #8079
clean up buildDiffLines @zehuaiWANG #8144
Fix cloudmock/aws/mockelbv2 staticcheck failures @johngmyers #8218
Fix node-authorizer/pkg/authorizers/aws staticcheck failure @johngmyers #8222
Fix pkg/resources/openstack staticcheck failure @johngmyers #8223
Add code simplifications for staticheck @hakman #8232
util/pkg/slice: Add slice test @q384566678 #8219
pkg/apis/ pkg/commands/ pkg/model/ staticcheck @tanjunchen #8229
dnsprovider staticcheck @tanjunchen #8233
upup/pkg/fi/cloudup/apply_cluster staticcheck @tanjunchen #8231
staticcheck:remove duplicate import packages @yuxiaobo96 #8225
cmd/kops/ staticcheck and remove one mom @tanjunchen #8230
nodeup/pkg/ pkg/ staticcheck: Fix ST1005 @tanjunchen #8234
upup/pkg/fi/cloudup/ staticcheck: Fix ST1005 @tanjunchen #8236
Update copyrights for 2020 @johngmyers #8241
Run Travis verifications in a separate parallel job @johngmyers #8254
Adding ability to configure resources for weave (#8113) @mmerrill3 #8216
containerd: Fix tiny nits @hakman #8217
Custom sysctl Parameters @ripta #7730
Update mock kops version in integration tests @rifelpet #8258
Fix protokube osx build @mikesplain #8263
Fix aws-china.md to download SHA-256 checksums for kops assets @johngmyers #8243
Fix broken link @johngmyers #8266
Exclude one Travis osx job @johngmyers #8262
Support tainting all nodes needing update during rolling update @johngmyers #8021
Fix RollingUpdate behaviour when using LaunchTemplates for both kops & terraform spec updates @KashifSaadat #8261
Refactor rolling update tests @johngmyers #8268
Simplify code for rolling updates of nodes @johngmyers #8239
Move nodeup to /opt/kops/bin @hakman #8212
For dev, don’t preload docker images on nodes @justinsb #8196
fixed yum proxy configuration @zadowsmash #7772
Use non-experimental version of encryption provider config flag in 1.13+ @zacblazic #7900
Remove DrainAndValidateRollingUpdate feature flag @johngmyers #7909
staticcheck:modify the import package alias @yuxiaobo96 #8253
Remove forcing disabled cgos Darwin @joshbranham #7914
Make /opt/kops writeable on COS @justinsb #8269
Remove duplicated words @longkb #8277
nodeup: Add some dependencies for Service @justinsb #8270
Set CLUSTER_NAME env var on amazon-vpc-cni pods @rifelpet #8274
containerd: Set a default version even with Kubernetes 1.17 @hakman #8283
small documentation typo fixes @stratusjerry #8285
Enable host logging for kops-controller @rifelpet #8204
Fix unit name for memory request for weave @hakman #8303
Add wget and nfs-utils deps needed for e2e tests @hakman #8286
Some Calico doc updates @tmjd #8302
Remove “pigz” containerd dependency for RHEL/CentOS 7 @hakman #8307
Replace kubernetes mount code with utils @justinsb #8056
Stabilize sequence of “export xx=xxx” statements @bittopaz #8247
upup/pkg/fi-fix staticcheck @Aresforchina #8193
Build dns-controller using bazel @justinsb #8315
Don’t output empty sections in the manifests @justinsb #8317
Remove support for Kubernetes 1.8 and earlier @johngmyers #8208
Improve CIDR validation @johngmyers #8284
Remove kops-controller deployment @rifelpet #8273
Remove traces of kops-server @rifelpet #7824
Add release notes for deleting the kops-controller deployment @rifelpet #8321
Don’t share /etc/hosts when using etcd-manager @justinsb #8322
Use /opt/cni/bin on all distros (including COS) @justinsb #7833
Add unit test for func RenderInstanceGroupSubnets in instancegroup.go @fenggw-fnst #8245
upup/pkg/fi/cloudup/awstasks/ staticcheck @tanjunchen #8235
Allow CoreDNS to be specified by create cluster overrides @rifelpet #8334
Allow removed of additionalUserData on bastion @nvanheuverzwijn #8331
docs(docs/operations) Adding more steps to etcd-manager restore operation to work properly @phspagiari #8337
Configuration to specify no SSH key @austinmoore- #7096
Remove code for unsupported Kubernetes versions @johngmyers #8327
Securing http link to https link @truongnh1992 #8345
fix author nickName @LinshanYu #8205
Fix crossbuild-nodeup-in-docker @johngmyers #8343
Update CentOS 7 AMI @rifelpet #8350
update gophercloud dependency @zetaab #8346
Fix DNS loop on Ubuntu 18.04 (Bionic) @hakman #8353
Add support for weave.npcExtraArgs @ReillyProcentive #8265
Make /opt/cni/bin writeable on COS @justinsb #8354
Add shellcheck verification @rifelpet #8328
Update Terraform resource names to be 0.12 compatible. @rifelpet #7957
Update dependencies to kubernetes 1.16 @justinsb #8055
Add unit test for pkg/edit/edit.go @tiendc #8349
Test package versions as well as hashes @justinsb #8360
Publish update AMIs into the alpha channel @justinsb #8361
Allow local filesystem state stores (to aid CI pull-request workflows) @ari-becker #6465
Add release notes for terraform resource renaming @rifelpet #8364
Add a warning when using file:// state store @rifelpet #8368
Update default instance types for AWS @hakman #8282
update docs: updating kops @nothinux #8358
Update lyft CNI to v0.5.3 @maruina #8367
Fix issues with older versions of k8s for basic clusters @hakman #8248
Backport the k8s 1.9 required action release note @johngmyers #8378
Change the deleted user to ghost @LinshanYu #8380
Add Cilium.EnablePolicy back into templates @olemarkus #8379
Use IAMPrefix() for hostedzone @lazzarello #8366
Fix scheduler policy configmap args @vvbogdanov87 #8386
Bump k8s versions in alpha and stable channels @olemarkus #8392
Enabling JSON output for Terraform instead of writing the HCL syntax … @mccare #8145
containerd: Add support for tar.gz package @hakman #8199
CoreDNS default image bump to 1.6.6 to resolve CVE @gjtempleton #8333
Bump etcd-manager to 3.0.20200116 (#8310) @mmerrill3 #8399
Remove addons only applicable to unsupported versions of Kubernetes @johngmyers #8318
Don’t load nonexistent calico-client cert when CNI is Cilium @johngmyers #8338
Edit author name @LinshanYu #8374
kOps releases - prefix git tags with v @rifelpet #8373
Support additional kube-scheduler config parameters via config file @rralcala #8407
Option to increase concurrency of rolling update within instancegroup @johngmyers #8271
Fix template clusterName behavior @lcrisci #7319
Update support for Amazon Linux 2 @hakman #8425
Announce impending removal of v1alpha1 API @johngmyers,@justinsb #8064
Alicloud: etcd-manager support @bittopaz #8016
Fixes regression in e2e tests @rralcala #8430
Release notes for 1.17.0-alpha.2 @justinsb #8438
Add missing priorityClassName for critical pods @johngmyers #8200
Release notes for 1.16.0-beta.1 @justinsb #8441
Release notes for 1.15.1 @justinsb #8442
Fix typo in comment @longkb #8444

1.18.0-alpha.1 to 1.18.0-alpha.2

Add an EnvVar type to the API @rifelpet #8455
Update coredns to 1.6.7 @maruina #8452
Update godoc.org references to use pkg.go.dev @rifelpet #8460
docs: trivial fix some typos @truongnh1992 #8450
Tag EBS volumes when using launch templates with AWS API target @johngmyers #8462
[DigitalOcean] Add load balancer support for master HA @srikiz #8237
Cilium - Add missing Identity Allocation Mode to Operator Template @daviddyball #8445
Stop logging to /var/log/kops-controller.log @justinsb #8467
Fix typos in cluster_spec.md @hase1128 #8474
Fix Github download url for nodeup @adri,@justinsb #8468

v1.18.0-alpha.2 to v1.18.0-alpha.3

Release notes for 1.18.0-alpha.2 @justinsb #8480
Update cilium to 1.6.6 @olemarkus #8484
Release notes for 1.17.0-alpha.3 @justinsb #8485
Make it possible to enable Prometheus metrics for Cilium @olemarkus #8433
GCS: Don’t try to set ACLs if bucket-policy only is set @justinsb #8493
Revert “Merge pull request #8452 from maruina/coredns-1.6.7” @gjtempleton #8503
GCS: Fix bug where around retry on GCS @justinsb #8495
Fix Netlify deps for tests @hakman #8506
GCS: Log ACLs if we’re writing them @justinsb #8496
Move cloudbuild.yaml to repo root @rifelpet #8505
Add support for containerd v1.3.3 @hakman #8504
Use BindMount task for /home/kubernetes/bin @justinsb #8461
Release notes for 1.15.2 @justinsb #8513
Image Pushing - Remove .git dependency from get_workspace_status.sh @rifelpet #8514
[vendoring] Update google libs to latest @geojaz #8516
cloudbuild: Try uploading our binaries to the staging bucket also @justinsb #8518
Return more errors at once during API validation @johngmyers #8449
Release notes for 1.16.0-beta.2 @justinsb #8519
Bump alphas to stable @olemarkus #8489
Use larger machine type for cloudbuild jobs @rifelpet #8520
Mark dns-controller and kops-controller as non-root @johngmyers #8497
Alicloud: support modification of LaunchConfiguration @bittopaz #8246
Fix Machine types vcpus @mikesplain #8522
Update AWS IAM Authenticator to 0.5.0 @rifelpet #8423
Release notes for 1.17.0-alpha.4 @justinsb #8524
Add unit test for pkg/jsonutils/streamwriter.go @tiendc #8475
channels: bump k8s versions after feb. patch releases @idealhack #8532
Add events RBAC permissions to kops-controller @rifelpet #8535
Update amazon-vpc-cni-k8s to v1.6.0 @hakman #8538
Cilium nodeport @olemarkus #8220
Update IAM permissions for amazon-vpc-cni-k8s 1.6.0 @rifelpet #8548
Only create git tags with the v prefix @rifelpet #8547
Switch AWS IAM Authenticator to use non-scratch image @rifelpet #8555
Add Kubernetes deprecation/removal release notes @johngmyers #8443
go-bindata: don’t store file metadata @justinsb #8565
Replace unmaintained go-bindata @justinsb #8561
gzip: use —no-name to avoid saving timestamp @justinsb #8566
Update makefile to reduce dependency on GOPATH @rifelpet #8570
Fix field names in api validation @johngmyers #8569
Update golang to 1.13.8 @justinsb #8574
Hack directory cleanup @rifelpet #8572
Cilium eni @olemarkus #8316
EnsureFileOwner: cleanup logic @justinsb #8576
Use UTC when calculating copyright year @johngmyers #8575
makefile: use more hash helpers when building images @justinsb #8568
Add External Policies (AWS managed policy attachments) @mattouille #7837
Fix inappropriate use of field.Invalid() @johngmyers #8578
Use cluster name as default subnet tag for Lyft CNI @hakman #8571
Staging build: don’t use _GIT_TAG @justinsb #8585
prow-postsubmit: Upload to a consistently named directory @justinsb #8586
Spotinst: Add OWNERS file to Spotinst specific packages @liranp #8533
Bump Cilium to 1.7 for k8s 1.12+ @olemarkus #8589
add s3 region @zetaab #8592
Add unit test for pkg/nodelabels/builder.go @tiendc #8539
Fix typo in the cilium default version @olemarkus #8591
Add unit test for pkg/apis/kops/util/labels.go @tiendc #8595
Fail cluster validation if a master missing kube-controller-manager @johngmyers #8600
Update tags support for LaunchTemplates @hakman #8466
Fix a bug in UT apis/kops/util/labels_test.go @tiendc #8604
[Digital Ocean] Update documentation for multi-master HA setup @srikiz #8601
Add release notes and docs for containerd @hakman #8603
Update coredns to 1.6.7 @maruina #8602
Use supported kubernetes versions in tests @johngmyers #8610
kubelet: map rotate-certificates options @justinsb #8581
Resolve TODO in /pkg/model/component/context.go @sshukun #8579
Fix typo in comment for struct LyftVPCNetworkingSpec @fenggw-fnst #8590
Cilium fix bpffs check @olemarkus #8599
Spotinst: Add support for blacklisting or whitelisting instance types in Ocean @liranp #8549
Don’t try to configure a bastion DNS name in gossip mode @justinsb #8573
use v0.29 in prometheus operator @coryschwartz #8563
Update Calico CNI Networking Documentation Links @jpugliesi #8473
Spotinst: Support for Tags (Cloud Labels) in Ocean Launch Spec @liranp #8616
Refuse to read channels with addons with unparseable versions @johngmyers #8408
Adding Unit Test for pkg/dns/gossip.go #8631
Validate at most one networking option chosen @johngmyers #8617
Add support for custom env vars in amazon-vpc-cni @rifelpet #8276
Promote alphas to stable @olemarkus #8632
Release notes for 1.16.0 @justinsb #8637
Update Calico and Canal to v3.12.0 @hakman #8618
Release notes for 1.17.0 beta.1 @justinsb #8641
Update release process @justinsb #8453
Fix node-authorizer/pkg/server staticcheck failure @hakman #8649
Bump Calico and Canal version tags for older k8s @hakman #8646
Add the aws iam authenticator known issue to the 1.17 release notes @rifelpet #8651
Install packages updates during bootstrap @hakman #8635
Treat nil of LaunchTemplateSpecification.Version as $Default [0] @qqshfox #8567
Cleanup release documentation @rifelpet #8654
Fix condition for innstall packages updates during bootstrap @hakman #8657
Delete launch templates when using EnableLaunchTemplates @hakman #8639
Update release notes for the default instance type change @hakman #8658
Remove not-yet-released blurb now that 1.16.0 has been released @johngmyers #8659
Add “owned” tag for volumes and instances created with launch templates @hakman #8660
support apiserver —kubelet-certificate-authority flag @tanjunchen #8661
Fix punctuation @johngmyers #8663
Fix SecurityGroup check when there are no Network Interfaces associated with a LaunchTemplate @KashifSaadat #8666
Revert AWS IAM Authenticator upgrade to 0.5.0 on master @rifelpet #8670
Update compatibility matrix @johngmyers #8672
Option to surge during rolling update @johngmyers #8313
retry nvidia-device-plugin.sh when failed @qqshfox #7989
Changed “you cache” to “your cache” @medined #8669
[Digital Ocean] Fix minor document issue @srikiz #8676
Default maxSurge to 1 on AWS @johngmyers #8674
Update roadmap @johngmyers #8675
amazon-vpc-routed-eni env variable config @mikesplain #8682
[Docs] Add service account token volumes @jmymy #8680
Update rolling update documentation @johngmyers #8673
Add more API validation for Cilium @johngmyers #8667
Update Weave Net to version 2.6.1 @hakman #8691
Update etcd-manager to 3.0.20200307 @justinsb #8692
[Docs] add link for Service Account Token Volumes @jmymy #8688
Add UT for util/pkg/vfs/fs.go @tiendc #8686
remove // TODO path.Join here? @tanjunchen #8701
Refactor/simplify rolling update @johngmyers #8709
Add UT for util/pkg/proxy/proxy.go @tiendc #8640
Adding Unit Test for util/pkg/exec/exec.go #8712
remove // TODO move this into networking.go :( @tanjunchen #8711
Bump Cilium to 1.7.1 for k8s 1.12+ @errordeveloper #8713
Use BPF_FS_MAGIC from go sys lib instead of hardcode @odinuge #8650
Fix uploading of file assets @johngmyers #8694
Add labels to OWNERS files @rifelpet #8717
Support the kops.k8s.io/needs-update annotation on nodes @johngmyers #8272
When nodeport is enabled, use strict kube-proxy-replacement to ensure… @olemarkus #8655
Upgrade AWS SDK @rifelpet #8721
fix OWNERS labels format @rifelpet #8725
Adding docs for calico MTU @vgunapati,@rifelpet #8724
Add support for Ubuntu 20.04 (Focal) @hakman #8727
Use PriorityClassName instead of namespace in cluster validation @johngmyers #8446
Fix kuberouter for k8s 1.16+ @UnderMyBed #8697
Update cilium docs with note about eni and bpf nodeport @olemarkus #8551
Update alpha channel with the march updates @olemarkus #8733
Document all the fields in the Cilium spec @olemarkus #8559
Update kube-router to v0.4.0 @hakman #8735
Add UT for util/pkg/vfs/memfs.go @tiendc #8730
Remove unused integration test files, make complex cluster spec consistent @rifelpet #8739
Set kube-proxy-replacement to partial @olemarkus #8741
Create New Default StorageClass: kops-ssd-1-17 @joshbranham #8582
Fix template for kube-router v0.4.0 @hakman #8742
Node metadata-concealment in GCE @geojaz #8634
Add cloud ntp addresses @simonmacklin #8312
Update support for docker tgz package @hakman #8525
Add option to use etcd managed by cilium-etcd-operator as kvstore @olemarkus #8629
Tweak the featureflag.GoogleCloudBucketACL.Enabled @geojaz #8747
Move “docker-healthcheck” to DockerBuilder @hakman #8221
Update Docker to 19.03.8 for 1.18 @hakman #8748
Fix template for kube-router v0.4.0 #2 @hakman #8751
etcd admin doc @sdarwin #8729
Allow users to overwrite etcd settings. @rdrgmnzs #8402
Update apiVersion to resolve ‘no matches for kind “Deployment” in ver… @medined #8732
Fix command descriptions to match new cluster validation behavior @johngmyers #8755
Deprecate the route53-mapper addon @rifelpet #8753
Use containerd 1.2.13 with Docker 19.03.8 @hakman #8756
Expose etcd metrics. @michalschott #8162
Add LaunchTemplate integration tests @hakman #8758
Add root volume tags for CF and TF targets @hakman #8693
Gce tests lifecycle @geojaz #8760
Update lyft CNI to 0.6.0 @maruina #8757
Update Weave Net to version 2.6.2 @hakman #8764
Fix NTP failures after #8312 @hakman #8763
add support for OpenStack Octavia AllowedCIDRs @zetaab #8762
Spotinst: Upgrade the Spotinst controller to version 1.0.57 @liranp #8770
Add missing priorityClassName to addons @johngmyers #8752
Allow configuration of enable-remote-node-identity @olemarkus #8731
Wait for validation to succeed N consecutive times @hakman #8515
Set default log level to “info” for containerd @hakman #8782
Upgrade to bazel 2.2.0 @rifelpet #8790
Add cilium option tofqdns-dns-reject-response-code @fentas #8779
Update bazel rules @rifelpet #8749
Make cilium operator health check go against localhost IP @olemarkus #8789
Canal v3.13.1 @KashifSaadat #8795
Fix weaveworks/mesh vendoring @rifelpet #8797
Update default users for kubeconfig with supported distros @hakman #8798
Update default user for CoreOS, Flatcar for kubecfg @KashifSaadat #8800
Add UT for upup/pkg/fi/files.go @tiendc #8776
Deprecate support for Kubernetes 1.10 @johngmyers #8799
Fix terraform json field tags @rifelpet #8813
Remove v1alpha1 API @johngmyers #8431
Disable anonymous auth in integration test clusters @rifelpet #8816
Refactor integration tests @rifelpet #8737
Fix dns-controller flapping on spot instances @johngmyers #8821
Adding support for the Middle East (Bahrain) region (me-south-1) @liranp #8820
Don’t set terraform user_data if it is empty @rifelpet #8744
Add terraform testing @rifelpet #8734
Add support for Spot block in launch template @thejasbabu #8802
Cleanup InstanceGroup MixedInstancePolicy docs @gjtempleton #8832
Enable stamping on bazel image builds @rifelpet #8835
Remove unused ECU and Burstable fields from AWSMachineTypeInfo @rifelpet #8844
Use CNI 0.8.5 for Kubernetes 1.18+ @hakman #8848
Update GCB jobs to use bazel 2.2.0 @rifelpet #8849
Adds a gce-service-account flag so you BYO service-account @geojaz #8761
Balk at using Kubernetes versions too new to be supported @johngmyers #8700
Remove basic authentication support for k8s 1.19+ @hakman #8783
Make kubelet topology-manager-policy configurable @olemarkus #8833
Switch to the k/k implementation of drain.Helper @johngmyers #8852
Update build instructions for dns controller @justinsb #8853
Switch to using ec2.DescribeInstanceTypes for building the MachineTypes list @rifelpet #8847
Remove support for Docker 1.11, 1.12 and 1.13 @hakman #8855
Cleanup after #8855 @hakman #8846
fixes auth problem in case of openstack kops-controller @zetaab #8862
Update metrics-server deployment apiVersion to apps/v1 @elisiano #8842
Update Calico and Canal to v3.13.2 @hakman #8865
GCE: Delete cluster will also delete the DNS entries created by kubernetes @mccare,@justinsb #8250
Add Terraform 0.12 support @rifelpet #8825
Don’t compress bindata & allow kOps to be imported as a package. @rdrgmnzs,@justinsb #8584
Validate cluster N times in rolling-update @zetaab #8868
Update go.mod for k8s 1.17 @justinsb #8873
pkg: add some unit tests @q384566678 #8872
add verify-bindata.sh & separate bindata check and update make commands. @rdrgmnzs #8876
Update controller-tools and generate v1 CRDs @rifelpet #8875
Don’t delete bindata on “make clean” @rifelpet #8877
Fix Terraform 0.12 support for GCE @rifelpet #8878
Makefile: simplify running go-bindata @justinsb #8880
update gophercloud dependencies @zetaab #8884
Update to golang 1.13.9 to match 1.18.1 @justinsb #8882
Use kubescheduler.config.k8s.io/v1alpha2 for Kubernetes 1.18+ @hakman #8883
Fix addon/ing/nginx v1.6.0 deployment apiVersion and selector @mousavian #8857
Update go to 1.13.9 (continued) @justinsb #8886
Replace deprecated x/net/context with context @justinsb #8885
Add go 1.14 to travis testing @justinsb #8893
Update 1.18 release notes now that Terraform 0.12 is supported @rifelpet #8892
Add Docker version and new distros to release notes @hakman #8894
NodeLocal DNSCache @mazzy89,@olemarkus #8780
Remove duplicated docs @olemarkus #8895
Adds docsite hidden note on index.md @mikesplain #8900
Clean up the kubectl docs @olemarkus #8901
Update to kubernetes 1.18.1 dependencies @justinsb #8879
Add CloudLabels tags to additional AWS resources @rifelpet #8903
Add unit test for func IsGTE @Hellcatlk #8905
Clean up the spec docs @olemarkus #8902
Etcd docs cleanup @olemarkus #8907
Exclude GO 1.14 for OSX @hakman #8918
Update security_groups.md @zhming0 #8912
Use etcd-manager for the cilium etcd cluster @olemarkus #8750
Bastion additionnal s gs @nvanheuverzwijn #8921
Change NodeLocalDNS Enabled to *bool @justinsb #8930
Rolling-update validation harmonization @justinsb #8931
Upgrade CUDA from 9.1 to 10.0 @fifar #8482
Import package aliases modified @tomesm #8933
Remove irrelevant TODO comment from userdata @rifelpet #8936
Update the testing page @olemarkus #8934
Spotinst: Support for Headroom, Taints and Subnets in Ocean Launch Spec and User Data fixes @liranp #8294
Partially implement MountSensitive @justinsb #8939
Use latest patch version for GO in tests @hakman #8940
Add support for containerd v1.3.4 @hakman #8941
Add unit test for func rewriteAPIGroup @hs0210 #8947
Load the correct certificate before deleting @olemarkus #8945
Add unit test for func JoinSuffixes @hs0210 #8955
Update rotating secrets docs @olemarkus #8948
Fix net.bridge setting for Flannel on CentOS 7 @bittopaz #8381
Turn on flannel sysctl fixes on rhel7 as well @justinsb #8958
Add unit test case for pkg/systemd/escaping_test.go @Hellcatlk #8906
Add release notes for 1.16.1 @justinsb #8966
Modify the wrong name for unit test case @Hellcatlk #8970
Bumps the gcp client libraries to v0.22.0. @geojaz #8969
Migrates GCE sdk from v0.beta to v1 @geojaz #8972
Update Calico and Canal to latest patch versions @hakman #8961
Update alpha and stable channels with April updates @MoShitrit #8974
Make addons directory link absolute to avoid 404 @dj80hd #8986
Make CPU Requests for Calico configurable instead of hard-coded @MoShitrit #8987
Ignore already-deleted nodes during rolling update @johngmyers #8994
Add initial github actions workflow @irons #8990
feat(openstack): propagate cloud labels to machines @mitch000001 #8999
Profiling and protect kernel defaults flags @michalschott #8967
Allow single to multi-master cluster @olemarkus #8980
Bump cilium to 1.7.2 @olemarkus #8982
GCE: needs to use v1 network resources, not beta @geojaz #9004
Default to Debian 9 (Stretch) for Kubernetes 1.8, 1.9 and 1.10 @hakman #8977
Fix missing changes in Weave manifest @hakman #8965
Spotinst: Support for Grace Period in Ocean Cluster @liranp #9018
Upgrade amazon vpc cni to 1.6.1 @rifelpet #9020
Add af-south-1 and eu-south-1 regions (AWS) @MoShitrit #9021
Update to etcd-manager 3.0.20200429 @justinsb #9016
Use KOPS_RSA_PRIVATE_KEY_SIZE for more keys @johngmyers #8988
Don’t force bazel to use python2 @olemarkus #8998
GCE DNS Cleanup: Print record name @justinsb #8869
Bump cilium to 1.7.3 @olemarkus #9026
Update docs on supported distros and images @hakman #9029
Rename tests to make it easier to search for failing tests @rifelpet #9033
Use raw tarfile for AmazonLinux2 + Containerd 1.2.10 @justinsb #9032
Correct expression typos on docs/aws.md @gpontesss,@rifelpet #7733
Update the cross-account example with working policy @olemarkus #9019
Allow changing AZ of masters @olemarkus #9017
Update k8s.gcr.io/pause image to version 3.2 @hakman #9039
Update docs on supported distros and release notes @hakman #9034
Updating stable channel to use latest k8s versions @MoShitrit #9038
Support S3 Virtual Hosted Style @johanneswuerbach #8787
Feature spotinst controller v1.0.58 @acaire #9022
Ubuntu focal: Use generic docker & container packages @justinsb #9044
Move GCEServiceAccount into CloudConfig @johngmyers #9055
Don’t restrict GitHub Actions to master @johngmyers #9054
Update service_account_token_volumes.md @rvirdiz #9050
Don’t install static utils for Flatcar @hakman #8978
Validate more static pods on masters @johngmyers #9049
util/pkg/vfs/fs.go: Add Unit Test for WriteTo @littleroad #8997
Add more ca-central-1 AZs, add ap-northeast-3 AZs @johngmyers #9064
Update docs on supported distros and release notes @hakman #9059
Release notes for 1.15.3 @justinsb #9070
Release notes for 1.16.2 @justinsb #9071

v1.18.0-alpha.3 to v1.18.0-beta.1

Add etcd-manager certificate expiration advisory @rifelpet #9030
Treat NatGatewaysNotFound error as already-deleted @johngmyers #9052
Allow cluster maintenance when channel is unavailable @johngmyers #9053
Release notes for 1.18.0-alpha.3 @justinsb #9075
Release notes for 1.17.0-beta.2 @justinsb #9073
Disable TX checksum offload for Flannel VXLAN @hakman #9074
Added support for configuring disable-attach-detach-reconcile-sync in… @andersosthus #9068
Add advisory notice to readme and docs homepage @rifelpet #9083
Revert “feat(openstack): propagate cloud labels to machines” @zetaab #9087
kube-apiserver: healthcheck via sidecar container @justinsb #9069
Include secondary protocol flag always @jacksontj #9008
Fix port conflict on etcd-cilium vs dns-controller memberlist @justinsb #9097
kube-apiserver-healthcheck: actually enable on 1.17 @justinsb #9098
Update instance_groups.md @ranshn #9072
Fix containerd image side-loading @hakman #9101
Dont use terraform’s file() for singleline strings in GCE metadata @rifelpet #9084
Add documentation on gossip @olemarkus #9111
upgrade to use cinder v3 api @zetaab #9113
Fix zsh completion @olemarkus #9108
Add unit test for util/pkg/hashing/hash.go @Hellcatlk #9114
Spotinst: Allow users to disable the controller add-on @liranp #9091
Fail cluster validation if too few nodes for ig’s target size @johngmyers #9126
Adding most recent version of kube-state-metrics - 1.9.5 @MoShitrit #9125
PKI code cleanup @johngmyers #9106
Return cluster validation failure if ASG missing @johngmyers #9118
Add EC2 Instance LifeCycle label @atmosx #9121
add some unit tests @q384566678 #8960
Remove code for unsupported Kubernetes version @johngmyers #9134
http download: set a timeout to avoid hangs @justinsb #9136
Move CNI docs to their own files @olemarkus #9107
Added Launch Template support for instance interruption behavior @tomesm,@rifelpet #9024
DNS: Don’t try to apply empty changesets @justinsb #8464
Remove redundant menu item in the docs site @rifelpet #9144
Remove Classic networking from docs @johngmyers #9142
doc: Typo in docs/state.md @nvanheuverzwijn #9147
Spotinst: Documentation @liranp #9139
Map kube-apiserver service-account-jwks-uri flag @justinsb,@rifelpet #9133
Don’t put bastions in the utility subnets @johngmyers #9124
Create golden image test for nodeup kube-apiserver @justinsb #8950
Add unit test for func matchesElbTags @hs0210 #8989
Remove support for reading legacy-format keypairs @johngmyers #9131
Update alpha channels with May updates @MoShitrit #9155
Add support for Kubenet with containerd @hakman #9104
[Digital Ocean] Handle logic for kops edit/update cluster @srikiz #9116
Move OS deprecations to deprecations section of relnotes @johngmyers #9093
Add unit test case for pkg/k8sversion/version_test.go @Hellcatlk #9112
Update OWNERS file @johngmyers #9105
Minor doc fix. address is not valid to use, will cuase etcd faili… @granular-ryanbonham #9160
GCE: don’t rely on hostname being correct @justinsb,@rifelpet #9135
Reduce test flakiness @johngmyers #9164
Add unit test case for pkg/apis/kops/util/versions_test.go @Hellcatlk #9156
Spotinst: New hybrid integration mode @liranp #7252
Fix nodetask.File dependency on owner @johngmyers #9169
Networking cleanup @olemarkus #9157
Update DigitalOcean cloud-controller-manager to v0.1.24 @timoreimann #9179
Update etcd-manager to 3.0.20200527 @justinsb #9184
Use debian as default image for DO images @srikiz #9181
Remove all versions of a file form the S3 bucket @hakman #9171
Remove unused VFSScan @johngmyers #9174
Remove loader support for nodeup tasks not used in models @johngmyers #9170
Document etcd-manager backups retention settings @hakman #9187
Add gjtempleton as reviewer @johngmyers #9183
Fix nits for removal of S3 file versions @hakman #9188
Remove support for CoreOS and Jessie @johngmyers #9065
Update Bazel rules for Docker to v0.14.2 @hakman #9196
Remove support for the legacy etcd provider as of k8s 1.18 @johngmyers #8826
Add deprecation notice for legacy etcd provider to 1.17 relnotes @johngmyers #9201
Add comment in OWNERS linking to test-infra OWNERS files @rifelpet #9202
Fix repo packages not being installed @hakman #9203
Allow listing versions for objects in the S3 bucket @hakman #9205
Try validating multiple times before updating instancegroup @johngmyers #9165
Use kubescheduler.config.k8s.io/v1beta1 for Kubernetes 1.19 @hakman #9204
Update adding_a_feature.md with more modern example @johngmyers #9208
Add example for delete secret @q384566678 #9198
Upgrade docker/containerd/containeros hashes to SHA256 @johngmyers #9215
Release notes for 1.16.3 @justinsb #9219
Remove extraneous markdown files in pkg/apis @rifelpet #9220
Release notes for 1.17.0 @justinsb #9222
Remove unused file @johngmyers #9218
Update set-version script to bump tag in Makefile @justinsb #9224
Start release notes for kops 1.19 @justinsb #9223
Use AWS SDK to fetch metadata @justinsb #9227
S3 DeleteAllVersions: use pagination @justinsb #9228
Bump compatibility matrix for kops 1.17 @johngmyers #9225
Validation: MixedInstancePolicy need not override instance types @justinsb #9231
GCE: fix typo @justinsb #9232
Add packages hashes verification for containerd and Docker @hakman #9234
Remove vsphere cloud provider @olemarkus #9177
Update etcd-manager to 3.0.20200531 @hakman #9237
Don’t build site when docs are unchanged @hakman #9235
Updating stable channel with May updates @MoShitrit #9212
Upgrde amazon vpc cni to 1.6.2 @MoShitrit #9214
Disable static tokens by default as of Kubernetes 1.18 @johngmyers #8850

1.18.0-beta.1 to 1.18.0-beta.2

[Digital Ocean] Update RBAC for DO CCM @srikiz #9249
Use Docker 19.03.11 for Kubernetes 1.18+ @hakman #9258
Use CNI 0.8.6 for Kubernetes 1.15+ @hakman #9256
Update Calico and Canal for CVE-2020-13597 @hakman #9268
Update Weave for CVE-2020-13597 @hakman #9285
Don’t export basic auth credentials if basic auth is disabled @johngmyers #9284
Use Docker 19.03.11 for Kubernetes 1.17+ @hakman #9317
Fix mismatch in SecurityGroups handling with launch templates @johngmyers #9288
Remove all traces of utils.tar.gz @hakman #9197
Update Weave Net to 2.6.5 @hakman #9330
Bug: Explicitly set default StorageClass to support upgrades @joshbranham #9337
Bump cilium to 1.7.5 @olemarkus #9367
Move host-network services off of port 8080 @johngmyers #9355
Run “go mod vendor” in verify-gomod @rifelpet #9389
Remove go 1.14 CI jobs for k8s 1.18 @hakman #9398
Add support for c5a aws ec2 instance types @coolstang #9386
Fix: dns-controller: 3999 port address already in use @vgunapati #9404
Fix cilium etcd migration @olemarkus #9451
Create separate field for disabling rolling updates @johngmyers #9348
Fix where etcd-cluster-spec is written when etcd’s BackupStore is defined -v2 @rdrgmnzs #9474
Update Calico to v3.15.0 for k8s 1.16+ @hakman #9444
Update KubeDNS to v1.15.13 @hakman #9462
Update the service manifest for Docker @hakman #9465
When building to staging, split out the marker files by branch @justinsb #9272
Fix verify-terraform in release-1.18 branch @rifelpet #9504
Use kubelet docker-specific flags only for Docker @hakman #9495
Default ClusterDNS appropriately when NodeLocalDNS is enabled @johngmyers #9491
Update kube-router to v1.0.0 @hakman,@johngmyers #9512
Add missing lifecycle to etcd keypair tasks @johngmyers #9553

1.18.0-beta.2 to 1.18.0

Use stable names for GH workflow jobs @hakman #9552
Use fixed UID for etcd user and restrict to legacy provider @johngmyers #9581
Promote Ciprian & John to approvers @hakman #9590
Prefer nodes with “master” role for Calico Typha pods @hakman #9609
Docs helptext @olemarkus #9333
Add Ubuntu 20.04 support for Docker 18.06.3 @hakman #9616
Calico: Upgrade the “k8s-ec2-srcdst” controller to version v0.3.0 @seh,@hakman #9647
Update Calico to v3.15.1 for k8s 1.16+ @hakman #9656
Prefer nodes with “master” role for Canal Typha pods @hakman #9663

1.18.0 to 1.18.1

Improve locking in memfs @johngmyers #9597
Update aws-sdk-go to 1.30.29 @johngmyers,@hakman #9675
When channel is unavailable, don’t try to validate things from it @olemarkus #9559
Remove embedded structs from spotinst terraform types @rifelpet #9682
Upgrade k8s-dns-dnsmasq-nanny to match KubeDNS @johngmyers #9687
Update k8s dependencies to v1.18.6 @hakman #9710
Add flag to disable the checksum workaround for Flannel VXLAN @hakman #9614
Update Calico to v3.15.2 for k8s 1.16+ @hakman #9816
Support for using hostPort when using kube-router @andsens,@hakman #9689
Backport #9803: Update validation for Calico to assume etcd3 as default @hakman #9823
Always use OpenStack Swift reauthentication @justinsb #9836
Add kubelet cgroup driver property @bmelbourne,@hakman #9879
Add flag for root volume encryption @hakman #9793
Update Calico to v3.15.3 @hakman #9895

1.18.1 to 1.18.2

Add missing spot support to launch template direct render @johngmyers #9897
NodeLocalDNS config population: small tweaks @justinsb,@commixon,@hakman #9376
Detect AWS region for S3 inside containers @hakman #9857
Get launch template versions after filtering templates @johngmyers #9909
Only apply external policies when these are defined @kesor,@hakman #9867
kops/cmd: add sshAccess to be recognized for the kops set cluster command @cpanato #10034
Allow upgrades when IG image is Ubuntu 20.04 @hakman #10035
Add support for KubeAPIServer —request-timeout flag @dntosas #10038
Add WireGuard support for Calico CNI @h3poteto #10037
Don’t require PriorityClassName to pass missing-static-pod checks @johngmyers #10049
Remove force_tcp flag for nodelocalcache dot zone @astrikos #9917
Simplify node local dns @olemarkus #10059

1.18.2 to 1.18.3

Mount the whole /etc/ssl/certs directory for k8s-ec2-srcdst @kitos9112,@hakman #10169
Prevent unintended resource updates to LB attatchments @rdrgmnzs,@rifelpet #9794
Fix version of storage-aws addon manifest @johngmyers #10247
[weave] Add support for default version override @dntosas,@hakman #10273
Tolerate missing detached EC2 instances @hwoarang #10319
Remove dependency on TravisCI @hakman #10366
Cilium bump 1.18 @olemarkus,@codablock #10405
Allow Calico to run on systems with loose reverse path forwarding @hakman #10442
Backport TargetGroup related fixes @hakman #10462
Update CNI plugins to v0.8.7 @hakman #10481
Manual cherry pick of #10361: Prefix etcd cluster names with letters @hakman #10535
Don’t allow ebs volume TF resource names to begin with digit @rifelpet #10424
Update machine types @hakman #10587
Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage @justinsb,@hakman #10602
etcd-manager: Update to 3.0.20210122 @justinsb,@hakman #10638
Allow attaching same external load balancer to multiple instance groups @hakman #10666