Release notes for kops 1.10 series
Significant changes
Required Actions
Highlighted changes
Full change list since 1.9.0 release
- 1.9.0 - 1.10.0

Release notes for kops 1.10 series

Significant changes

Old LaunchConfigurations are now deleted on AWS. By default the 3 most recent LaunchConfigurations for each InstanceGroup are kept, and older ones are automatically removed. To keep the existing behaviour set the KeepLaunchConfigurations feature flag i.e. export KOPS_FEATURE_FLAGS=KeepLaunchConfigurations

Required Actions

None known at this time

Highlighted changes

(coming soon)

Full change list since 1.9.0 release

1.9.0 - 1.10.0

Update alpha channel with latest k8s releases @justinsb #4965
1.9.0 release notes @justinsb #4964
digitalocean tutorial @andrewsykim #4976
Update roadmap @justinsb #4966
digitalocean: use new droplet sizes providing the same resources at cheaper prices @andrewsykim #5005
Set AWS_REGION into bootstrapscript @justinsb #4982
digitalocean: only delete A DNS records @andrewsykim #5006
AWS: validate region against aws-sdk @justinsb #4983
Treat Amazon Linux 2 as CentOS 7 @sonaltr #5028
Update bazel @mikesplain #5032
Add missing google cloud zones @povilasv #5022
Update generated docs for 1.10 @justinsb #5034
gazelle: use separate gazelle @justinsb #5036
Bump recommended version for kops 1.9.0 @mikesplain #5041
fix IAM role for current versions of the kube-ingress-aws-controller @szuecs #5014
Add docker 17.09.0 version for Debian 9 @Cryptophobia #5042
Fixes environment variable export. @Raffo #5016
fix :”rbac” should be “RBAC” @yulng #4993
upgrade kube-dns to 1.14.10, fixes #4986 @jjo #5026
makefile: fix bazel-push @justinsb #5053
Typo fix aditional->additional @AdamDang #5058
Add Replace and delete for SSH Secret YAML @mikesplain #5050
Typo fix in addons.md @AdamDang #5069
Update readme for 1.9 @mikesplain #4963
Make LogSeveritySys configurable for Canal Networking @KashifSaadat #5068
Typo fix in 1.9-NOTES.md: compatibility->compatibility @AdamDang #5073 (fixed typo in message for verify - @chrisz100)
Typo fix: Kuberenetes->Kubernetes @AdamDang #5079
Typo fix: seet->set @AdamDang #5080
Typo fix in vsphere-development-status.md: secrete->secret @AdamDang #5084
Perform deep merge for template values @gwkunze #4668
Note that kops rolling-update is required after tf apply @fgrehm #5081
Typo fix: wil->will @AdamDang #5091
Add SubnetType tags to run_in_existing_vpc docs @tsupertramp #5094
Typo fix: actually->actually/overide->override/to to->to @AdamDang #5099 (fixed typo in message for verify - @chrisz100)
Typo fix detaults->defaults @AdamDang #5067
Update upgrade_fromkOps1.6_to_1.7_calico_cidr_migration.md @AdamDang #5107
Typo fix: healthly->healthy @AdamDang #5125
Remove custom Statement IDs from IAM Policy Statements @KashifSaadat #4958
Adds new kops logo @iMartyn #5113
Update rules go to support go 1.10.2 and 1.9.6 @mikesplain #5100
Typo fix in returned message: formated->formatted @AdamDang #5112
Fix for validating kubeconfig’s hosts @0mok #5096
Add ability to use ec2 nat instance as egress @relu #5133
Added tls certificate and private key path flags to kubelet config @chrisz100 #5088
kubelet: expose —experimental-allowed-unsafe-sysctls @smcquay #5104
Update docker image versions @justinsb #5057
CoreDNS in kOps as an addon @rajansandeep #4041
Implement network task for AlibabaCloud @LilyFaFa,@xh4n3 #4991
Allow rolling-update to filter on roles @justinsb #5122
Remove stub tests @justinsb #5117
Don’t tag shared instances at all @justinsb #5138
fix:please N/A should be “ Not Applicable” @yulng #4994
Re-enable validation of DNS ServerIP @justinsb #5142
digitalocean: don’t set —cloud-provider=external on control plane starting v1.10 @andrewsykim #4990
[instance_groups.md] typo: receive->receive @AdamDang #5152 (fixed typo in message for verify - @chrisz100)
Update docs regarding shared NAT Instances setup @relu #5151
Update office hours time to account for DST @mikesplain #5148
set default GracePeriodSeconds to -1 when draining nodes @rajatjindal #5143
implement disk task for ALICloud and fix typos @LilyFaFa #5158
Unify create-create overrides and set-cluster fields @justinsb #5123
Typo fix in the returned message: runnning->running @AdamDang #5186
Documentation - networking Amazon VPC backend @recollir #5180
added i3.metal AWS instance type @DavidXArnold #5189
Documentation - cloudProvider required in kubelet spec with Amazon VPC backend @recollir #5181
1.8 release notes correctly note replace --force @wendorf #5182
CA Key File Permissions @gambol99 #5196
Expose streaming connection idle timeout @aleerizw #5155
implement SSHKey task for ALICloud @LilyFaFa #5184
Documentation - updated example for dashboard installation to 1.8.3 @recollir #5198
Update CoreDNS manifest @rajansandeep #5203
Create initial docs for etcd-manager @justinsb #5210
Support (optional) etcd-manager @justinsb #5126
Create override for etcd-manager image @justinsb #5136
Typo fix: attatch->attach @AdamDang #5160
Add a FIXME and don’t log about insecure ports @dims #5178
Add support for C5D instance family on AWS @ripta #5179
Add stdin support for create -f and replace -f @ihoegen #5150
Update AWS AMI for kubernetes >=1.9.0 <1.10.0 @AmazingDreams #5173
Kuberenets 1.11 has deprecated ExternalID this replaces it with Provi… @zachaller #5167
Update alpha channel with latest k8s versions @justinsb #5217
Update alpha channel with latest images @justinsb #5222
Recommend kops 1.9.1 in alpha channel @justinsb #5218
PSP Updates, new apiGroup for k8s v1.10 @KashifSaadat #5225
Create addon for prometheus-operator @gianrubio #5140
Fixing name of cert file #5220
Promote alpha channel to stable @justinsb #5216
Add —enable-admission-plugins API server flag for k8s 1.10 @ripta #5221
Fix typo: “to user” -> “to use” @justinsb #5232
Bump Cilium version to released @nebril #5208
Typo fix: are be->are @AdamDang #5237
Add proper autoloading for kops autocomplete @ihoegen #5230
Fix typo: adddresses -> addresses @justinsb #5235
Replace deprecated flags: address -> insecure-bind-address @justinsb #5234
Add AuthenticationTokenWebhook flag @ihoegen #5231
Setup heptio authenticator @rdrgmnzs #5197
File Permissions Private Key @gambol99 #5241
Correct PSP RoleBinding with namespace for kube-system @KashifSaadat #5244
Fix an error. @mahuihuang #4942
Upgrade to flannel v0.10.0 and explicitly specify amd64 arch @martinhoefling #5095
hacks for tests on windows @sroylance #4723
Admission Controller Fix @gambol99 #5248
Use HomeDir from client-go to get home directory @justinsb #5249
Add public ssh keys for GCE @povilasv #5056
Release windows build in alpha @chrislovecnm #4524
some typo fix @liwjGhostcloud #4937
docker: Set TasksMax to infinity @justinsb #5259
Update aws-sdk-go to v1.13.60 @justinsb #5261
Put verify-apimachinery into ci makefile target @justinsb #5262
Perf fix for makefile @justinsb #5255
Use STABLE_ prefixes for bazel workspace vars @justinsb #5257
bazel: add notes that tasks do not work @justinsb #5263
vendor gazelle @justinsb #4564
Clean up variable naming in integration test @justinsb #5264
Allow integration tests to update expected TF output @justinsb #5265
Validate FileAssets @gambol99 #5272
Validate InstanceGroup Hooks @gambol99 #5271
Update bazel gazelle @mikesplain #5274
Fix go version hack to be more generic. @mikesplain #5267
CoreDNS pull image from gcr.io @rajansandeep #5268
Clarify the usage of the —state flag. @rdrgmnzs #5275
Implement AdditionalCIDR configuration. @rdrgmnzs #5270
Update heptio authenticator to 0.3.0 @rdrgmnzs #5276
Update elasticsearch logging to 5.6.4 @frankh #5137
Fix: Update heptio authenticator to 0.3.0 #5276 @rdrgmnzs #5278
Create a SECURITY_CONTACTS file. #5205 @rdrgmnzs #5279
Verify Spelling @gambol99 #5277
Fix some typos @mirake #5282
Update kops_edit_instancegroup.go and kops_edit_instancegroup.md @noinarisak #5284
Override hostname with ‘aws’ only if hostname override is not specified. @tvi #5285
Enable override bind address for kube-proxy. @tvi #5286
Add support for M5D instance family on AWS @ripta #5287
Support overlay2 in docker @justinsb #5258
Rename to kops @justinsb #1
Destinctive names for ClusterRoleBindings in prometheus-operator addon @moritzheiber #5294
Revert “digitalocean: don’t set —cloud-provider=external on control plane starting v1.10” @andrewsykim #5297
Fix typo @xianlubird #4985
Fix issue where we assumed that private zone were in order @justinsb #5139
Add support for external IAM Instance Profiles @chrislovecnm,@rifelpet #4171
Feature/s3 bucket encryption - Implements PR #4235 @gekart,@chrisz100 #5194
Customize KubeDNS @gambol99 #4724
Add hooks example for cachefiled @bhack #5072
implement LoadBalancer task for ALICloud @LilyFaFa #5207
Admission Controller Validation @gambol99 #5250
Amazon VPC CNI: Upgrade to v1.0 and Allow Custom Images @ripta #5119
ListKeypairs: don’t print ‘keyset.yaml’ as the key id @justinsb #5254
Fix alitasks loadbalancer typo causing test failures @KashifSaadat #5301
fix broken link to example policy file in the cluster_spec docs @kaspernissen #5146
Export outputs to aid with VPC peering in Terraform @chrissnell,@justinsb #5030
implement router interface task for OpenStack platform @zengchen1024 #4977
Update expected TF output for latest master @justinsb #5303
implement keypair task for OpenStack platform @zetaab,@justinsb #5110
Fixup bazel @justinsb #5304
Fix gofmt @justinsb #5305
Add feature with s3 state store from configfile @jsenon,@justinsb #4737
Node Bootstrap Tokens @gambol99 #5253
Add prometheus scrape to kube-dns @mikesplain #5308
Fix typo: HONE -> HOME @justinsb #5306
Node Bootstrap Fix Ups @gambol99 #5309
Fix Admission Controller Validation @gambol99 #5313
Added comment for 404 on healthcheck for non-standard vpc-cidr @aberfeldy #5312
Correct deployment yaml of CoreDNS @rajansandeep #5315
implement Ram task for ALICloud @LilyFaFa #5316
Avoid changing IAM policy for users @justinsb #5307
File Path Fixes @gambol99 #5311
Communicate before long waits @eherot #5322
kops set cluster: honor —name flag @justinsb #5325
Don’t always print state store path @justinsb #5323
protokube: only specify etcd flags when managing etcd @justinsb #5334
Use less viper discovery @justinsb #5324
GCE: Set network tier, to avoid spurious changes @justinsb #5330
Set log-verbosity for etcd-manager @justinsb #5333
More configuration options for cilium @nebril #5320
gossip: create zone in protokube @justinsb #5332
implement SecurityGroup task for ALICloud @LilyFaFa #5328
Add missing nodes/stats resource to the system:metrics-server Cluster… @azman0101 #5331
Don’t autoload SSH key on GCE @justinsb #5256
add SSHKey model for AliCloud @LilyFaFa #5340
implement scalingGroup tasks for AliCloud @LilyFaFa #5341
Typo fix @jonyhy96 #5344
Code Clean @gambol99 #5350
add firewallModel for ALIcloud @LilyFaFa #5343
Aggregator Routing Option @gambol99 #5349
Removing Duplication @gambol99 #5351
Git Ignore - Merge Conflict Files @gambol99 #5354
etcd-manager: GCE support @justinsb #5335
AWS: Delete old LaunchConfigurations @justinsb #5245
GCE: Handle storage flag on COS more carefully @justinsb #5362
Revert COS in stable/alpha channel @justinsb #5359
Fix containerRegistry for Kubernetes < 1.10 @kampka #5353
add RAM model for ALIcloud @LilyFaFa #5356
Add etcd TLS support for Cilium @nebril #5240
Nodeup clean @gambol99 #5352
add ScalingGroup model for AliCloud @LilyFaFa #5364
Typo fix in documentation.md @AdamDang #5348
Mark 1.10.0-alpha.1 @justinsb #5367
Add 1.10-alpha.1 to stable & alpha channels @justinsb #5369
Go versions: don’t block on 1.8 @justinsb #5366
Docker Userspace Remapping Options @gambol99 #5357
Fix minor typo in DO tutorial @andrewlouis93 #5377
Installation of AWS CLI tools @the-lost-explorer #5379
Switch bucket encryption policy warning to debug @mikesplain #5376
Update rolling update ig roles flag to be case insensitive @KashifSaadat #5386
add Volume model for aliCloud @LilyFaFa #5374
fix broken compute resource reservation docs for storage in cluster_spec @kimxogus #5401
Add Cilium documentation to networking.md @nebril #5388
delete cluster resources for ALicloud @LilyFaFa #5395
Add dockerDisableSharedPID to kubelet config @ripta #5403
Add IAM ec2:ModifyVolume permission to allow EBS volume resize @KashifSaadat #5416
Remap initContainers as well as containers in PodSpec @coreypobrien #5427
Rename hept.io authenticator to aws authenticator @rdrgmnzs #5421
Use /bin/bash in kubelet manifest ExecStartPre @coreypobrien #5428
Fix the issue described in #5412 where the authenticator is no longer… @rdrgmnzs #5424
Allow setting MTU for calico networking. @shrinandj #5380
Add prometheus scrape port to CoreDNS service @rajansandeep #5392
Added metrics port and health check to kube-router @aleerizw #5426
Initial Ubuntu Bionic Support @mikesplain #5394
Fail cluster validation for rolling-update if a failure occurs @dzoeteman #5445
Update Audit file example @jsenon #5432
Add data-root and exec-root attributes to the docker config spec @ripta #5431
Add minRequestTimeout flag in kube-APIServer @Sturgelose #5438
Fixes issue when setting docker version @mikesplain #5417
support edit cluster and rolling-update cluster for AliCloud @LilyFaFa #5419
docs for different VPC in the Security Group of kube-ingress-aws-controller @kanolato #5418
Don’t mount volume for auditLog when STDOUT is configured as path @kampka #5448
Adding a disclaimer for instanceGroups in docs @Cryptophobia #3445
add cluster-autoscaler.sh @sdarwin #5433
Add weave network encryption secret @kampka #5441
skipper selector changed @kanolato #5430
Generate locals for terraform target @kampka #5443
Correct all the word “cluster” to be in lowercase @AdamDang #5153
Stop rolling update if bastions or masters failed to update @dzoeteman #5446
Generate random weave password it none is supplied @kampka #5457
Node Authorization Service @gambol99 #5317
[WIP] Initial implementation of ACM certificate for API server ELB @Raffo #5414
More autofix of expected test output @justinsb #5466
Add configurable conntrack settings @mikesplain #5456
Add pull-through proxy cache for asset docker images @kampka #5390
Don’t repeatedly download nodeup @justinsb #5462
Adds ability to set template context values on command line @gwkunze #5108
Allow users to set the kubelets root dir. @rdrgmnzs #5467
Update docs for config file @justinsb #5469
Correct the maxSize in the cluster template example @dcherman #5455
Add the ability to specify external loadbalancers for instancegroups @gwkunze #4677
Fix tests that crossed during PR merges @justinsb #5470
change gossip dns conn limit by ENV @yancl #5077
Introduce a global backoff to rate limit failed image downloads @justinsb #5464
Add mikesplain to approvers @justinsb #5480
have travis fail when verify-apimachinery.sh fails and fix incompatible apimachinery @chrisz100 #5477
Use portable shebang for hack scripts @kampka #5478
Add autoscaling group ids to terraform module output @kampka #5472
Allow kubelet to bind the hosts primary IP @rdrgmnzs #5460
ContainerRegistry remapping should be atomic @kampka #5479
[GPU] Updated kOps GPU Setup Hook @dcwangmit01 #4971
Only use SSL for ELB if certificate configured @justinsb #5485
Simplify logic around master rolling-update @justinsb #5488
Update Issue templates and add PR template @mikesplain #5487
Force-load br_netfilter in nodeup @justinsb #5490
Remove gossip connection limit entirely @justinsb #5486
Fix GCE instance lookup during validation @justinsb #5491
Only manage internal DNS zone if configuration has been specified @mellowplace #5375
Add portmap CNI plugin for k8s >= 1.9 @justinsb #5494
Add new instance types r5, r5d, z1d @rekcah78 #5529
Remove GetAsgForInstance IAM permission @justinsb #5566
Check errors when parsing JSON on IAM policies @justinsb #5533
Add authentication-token-webhook-cache-ttl flag to kubelet config @ihoegen #5508
Add AWS IAM permission to check for volume resize @KashifSaadat #5597
Enable weave network encryption for k8s 1.6 @Andrey9kin #5595
Add ssh user to kops toolbox dump @justinsb #5511
Add amazon.com image owner alias and Amazon Linux 2 documentation @Pharb #5577
Bump Weave Net to v2.4.0 @brb #5552
Create ExperimentalClusterDNS feature flag @justinsb #5610
Validate that require-kubeconfig is not passed after 1.10 @justinsb #5621
Don’t assume that we only have one subnet per AZ @justinsb #5601
DigitalOcean: don’t try to set SSE @justinsb #5625
weave: bump version for 2.3.0 @justinsb #5618