1.8.1

Small patch release, which updates network plugins, but also tolerates a new schema file that will be added in kops 1.9.0. This will provide a downgrade option from kops 1.9.0.

Ignore keyset.yaml files; provide a downgrade option from (upcoming) kops 1.9.0
Update flannel, weave, romana, kopeio-networking, calico, canal
Stop passing deprecated require-kubeconfig flag for kubernetes >= 1.9

1.8.0

Significant changes

flannel now has a backend property in the manifest, which can be either udp or vxlan. udp is not recommended, but will be the default value for existing clusters or clusters created via manifests. kops create cluster with --networking flannel will use vxlan, --networking flannel-vxlan or --networking flannel-udp can be specified to explicitly choose a backend mode.
IAM lockdown on new clusters: we define the existing policy as legacy, it defaults to true for existing clusters; new clusters will have legacy: false which will mean that only IAM policies needed by kops / k8s are guaranteed to be set. If you are using IAM credentials for your application workload, please either set legacy: true, or use your own IAM roles (direct credentials or kube2iam)
New AWS instance types: P3, C5, M5, H1. Please note that NVME volumes are not supported on the default jessie image, so masters will not boot on M5 and C5 instance types unless a stretch image is chosen (change jessie to stretch in the image name). Also note that kubernetes will not support mounting persistent volumes on NVME instances until Kubernetes v1.9.
While Aggregated API Servers are supported, there are known issues in kubernetes such as (#55022)[https://github.com/kubernetes/kubernetes/issues/55022\]. Note that this includes metrics-server and kopeio authentication. Please consider waiting for 1.8.5 / 1.9.0 before deploying into production.
Includes fix for kube-dns CVE-2017-14491 (was also included in kops 1.7.1)

Required Actions

Existing Calico users on clusters that were created prior to kops 1.8.0 need to be updated for the new “DefaultDeny” behavior for Kubernetes NetworkPolicies. See the Changes to k8s-policy section in the Calico release notes for help.
Due to ThirdPartyResources becoming fully deprecated in Kubernetes v1.8 (replaced by CustomResourceDefinitions), existing Canal users upgrading their Clusters to Kubernetes v1.8 must follow the below TPR->CRD migration steps:
Run: kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v2.6.2/upgrade/v2.5/manifests/upgrade-job.yaml
Retrieve the pod name from describing the job: kubectl describe job/calico-upgrade-v2.5
Validate the last log line from the pod reports that it completed successfully: kubectl logs calico-upgrade-v2.5-<random-id>
Update the KubernetesVersion within your ClusterSpec to v1.8 (or above), performing an update & rolling-update to all nodes (will involve downtime)
Confirm cluster is back up and all canal pods are running successfully: kops validate cluster (this may take a few minutes for the cluster to fully validate)
Delete the upgrade job as it is no longer required: kubectl delete job calico-upgrade-v2.5 (you can also safely delete the clusterrole, clusterrolebinding and serviceaccount resources that were created by the above manifest file)

Highlighted changes

Support for etcd3 for new clusters, also allow etcd TLS to be enabled for new clusters. etcd peer port is also locked down.
Support for custom metrics. Please exercise caution enabling before kubernetes 1.8.5 due to aggregation known issues.
Add kops create secret dockerconfig
kops replace --force will now replace-or-create, which is useful for CI / automated workflows
--watch-ingress flag on dns-controller can now be configured through cluster.spec.externalDns.watchIngress: true
kubelet security can be enabled with cluster.spec.kubelet.anonymousAuth: true. Will likely be default in kops 1.9
Improved logic around when a rolling-update is needed
Better support and documentation for node resources
Enhanced cluster hooks support
Support for clusters where network access must use an HTTP proxy
We now automatically add a default NodeLabel with the InstanceGroup name
Addons: added external-dns, kube-state-metrics addon. Updates for autoscaler, dashboard, heapster,
Networking: initial support for kube-router & romana. Updates for weave, kopeio-networking, flannel, canal, calico.
Docker: Docker 1.13.1 will be used with kubernetes 1.8 (overrides for 17.03.2 and 17.09 possible).
Debian 9 (stretch) now supported. AMIs updated with 4.4.102 kernel. A stretch based AMI is available, but jessie remains the default. We will likely change the default to stretch in kops 1.9 or kops 1.10.
CoreOS: logrotate support & docker fixes
Don’t store unneeded secrets on the node
ExperimentalCriticalPodAnnotation now enabled by default. Updated critical pod annotations to avoid eviction of system pods
Ensure iptables forwarding is enabled, avoiding breaking CNI plugins if Docker or the OS sets a different default.

AWS:

New instance types: P3, C5, M5, H1. Please note that NVME volumes are not supported on the default jessie image, so masters will not boot on M5 and C5 instance types unless a stretch image is chosen (change jessie to stretch in the image name). Also kubernetes will not support mounting persistent volumes on NVME instances until Kubernetes v1.9.
Support for root provisioned IOPS.
Properly tag public and private subnets for ELB creation in advanced network topologies
Use SSL in ELB API server health check

GCE:

Checks that networks are in auto mode, not legacy mode. You can either switch your network (gcloud compute networks switch-mode) or specify a different network (current using --vpc flag)
Supports rolling updates and the containerized mounter.
Sets bucket permissions, so your state bucket and compute can be in different projects.

Early support for:

DigitalOcean
OpenStack
Templating with kops toolbox template
cloud-controller-manager
encryption-at-rest for the kube-apiserver
Mirroring assets to a private S3 bucket, for airgapped installs
Mirroring configuration so that kops-state store need not be cluster-accessible (for use with kops-server)
Phases, to allow separation of networking, security & compute management
Audit Policy
CA keypair rotation
Additional Subject Alternate Names
building code using bazel

All PRs

to beta.1

Fix typo in the apireference README @jphuynh #3056
Adding remainder of 1.7 relnotes @justinsb #3059
raising logging levels and removing dead code @chrislovecnm #3051
Node Secrets @gambol99 #3058
Striking unnecessary conversion-gen instruction @AlexB138 #3084
Fix small typo @PaulCapestany #3100
AWS: root volume provisioned IOPS support @yoz2326 #3102
Update update_kops.md @DevipriyaSarkar #3108
Fix Wildcard domains returned as ASCII in dns-controller @mikesplain #3110
remove source/destination check requirement for kube-router from docs @murali-reddy #3107
docs/topology - Fix the rolling-update command @msvbhat #3095
Updated Heapster for kubernetes 1.7.0 @Globegitter #3074
Vetting / Formatting / Cleanup @gambol99 #3078
Sync image version @bhack #3128
Add kops create secret dockerconfig feature @blakebarnett #3087
added wider toleration to calico-node daemonset (#2857) @igorcanadi #3097
Update kube-proxy to handle aws returning multiple hostnames @erickt #3067
adding warning about —full @chrislovecnm #2950
Configure docker on CoreOS/ContainerOS @johanneswuerbach #3098
added missing command in documentation @gekart #3116
Add k8s dashbard v1.6.2 @Globegitter #3075
Kube Proxy Feature Gates @gambol99 #3130
Update getting_started/aws.md for SSH Key pair generation instructions @sathiyas #3138
MVP of templating @mad01 #3040
Rename OWNERS assignees: to approvers: @spiffxp #3133
CoreOS: Ensure docker configuration is loaded @johanneswuerbach #3134
Fixing clusterautoscaler rbac @BradErz #3145
Fix for Canal Taints and Tolerations @prachetasp #3142
Etcd TLS Options @gambol99 #3114
kOps Replace Command - create unprovisioned @gambol99 #3089
Add support for cluster using http forward proxy #2481 @DerekV #2777
Fix Typo to improve GoReportCard @asifdxtreme #3156
Update alpha channel with update image & versions @justinsb #3103
Fix dropped error in kops cmd package @alrs #3175
Use SSL in ELB API server health check @johanneswuerbach #3151
Specify initial period in gossip-based cluster name pattern @neocortical #3173
Clarify docs: rename spec/specification into desired configuration @kenden #2542
Kubelet API Certificate @gambol99 #3125
better error messages with docker api @chrislovecnm #3034
Add cluster spec to node user data so component config changes are detected @KashifSaadat #3120
Tighten down S3 IAM policy statements @KashifSaadat #3158
Initial cloud interface for DigitalOcean @andrewsykim #3188
Etcd v3 Support @gambol99 #3176
Fix Typo in Contributor Code of Conduct @mbssaiakhil #3192
Cluster Hooks Enhancement @gambol99 #3063
Add documentation on handling node resources @itskingori #2992
resolve #3169 @orrchen #3193
Update Code of Conduct @mbssaiakhil #3204
Bump version to 1.7.1-beta.1 @justinsb #3216
Fix quote typo on dev-build @mikesplain #3214
fix typo in boot-sequence.md @lichuqiang #3212
s/addding/adding/ in ssh logs @krzyzacy #3209
Fix typo in link (lables.md -> labels.md) @lsowen #3213
Fix docs to reference kubernetesApiAccess, not apiAccess @justinsb #3113
fix typo in bastion.md @lichuqiang #3217
Correctly set lifecycle on LB resources @KashifSaadat #3226
Rework legacy validation to use field error helpers @justinsb #3148
fix kops_completion.md doc @lichuqiang #3228
Changes on CoreOS related documentation. @tigerlinux #3205
Update Canal to the latest @tmjd #3187
Update to Calico 2.4.1 @tmjd #3162
adding socat with rhel family @chrislovecnm #3231
fix typo in docs/node_resource_handling.md @lichuqiang #3233
Add hooks to bootstrapscript output @KashifSaadat #3195
Don’t force ig image change on cluster upgrade if it is custom. @KashifSaadat #3232
Add iptables to docker-xenial dependencies @justinsb #3092
Add integration tests for shared subnet & VPC @justinsb #3041
starting work on file assets builder @chrislovecnm #3085
Bump alpha channel: 1.7.4 and 1.6.7 @justinsb #3239
Implement DigitalOcean Volume FI Task @andrewsykim #3244
Set lifecycle on ElasticIP and NAT Gateway tasks to avoid spurious changes @KashifSaadat #3242
Delete old tags when cloudLabels / labels / taints are removed @KashifSaadat #3207
Improving etcd volume detection logic, ensuring that root volumes are not mounted @chrislovecnm #3208
Add proxy client support @tsandall #3165
Fix minor typo @Rajadeepan #3241
Create cluster requirements for DigitalOcean @andrewsykim #3248
inventory assets - mapping and uploading kubernetes containers @chrislovecnm #3025
Cluster / InstanceGroup File Assets @gambol99 #3090
Allow the strict IAM policies to be optional @KashifSaadat #3210
Promote alpha to stable channel @justinsb #3238
Fix README.md fragment links @poweld #3260
Fix heading on 1.7 notes @justinsb #3237
Add hints to CF integration test @justinsb #3139
Add documentation to kube-router section of docs/networking @murali-reddy #3262
Update images in CI tests @justinsb #3264
Validate AWS machine type on cluster ig update @KashifSaadat #3257
Docker Default Ulimits @gambol99 #3259
Read the channel from the local filesystem during tests @justinsb #3183
Started release notes for 1.7.1 @tmjd #3261
Inline Component Configuration Fix @gambol99 #3267
Adding support for adding ssh public key from file @mad01 #3245
Fix Broken Link @Rajadeepan #3266
Explicit CreateCluster & UpdateCluster functions @justinsb #3240
remove —cluster-cidr from kube-router’s manifest. @murali-reddy #3263
Replace deprecated aws session.New() with session.NewSession() @alrs #3255
kOps command fixes @alrs #3277
Update go-ini dep to v1.28.2 @justinsb #3283
Add go1.9 target to travis @justinsb #3279
Refactor apiserver templates @georgebuckerfield #3284
kOps Secrets on Nodes @gambol99 #3270
Add Initializers admission controller @justinsb #3289
Limit the IAM EC2 policy for the master nodes @KashifSaadat #3186
Allow user defined endpoint to host action for Canal @KashifSaadat #3272
Fix space in rolling-update cluster help @justinsb #3285
AWS: Always use verbose errors @justinsb #3281
Fixes reading /root/.docker/config.json on debian @blakebarnett #3198
Implementing GCE as an interface - modelling aws cloud provider @chrislovecnm #3292
Add missed error handling on session.NewSession @justinsb #3280
Refactor PKI classes into their own package @justinsb #3288
baremetal: relax validation on subnets & networking @justinsb #3301
Update getting_started/aws.md pointing links to the k8s slack directly @krishna-mk #3306
Kubelet Readonly Port @gambol99 #3303
Additional Kubelet Options @gambol99 #3302
Misc go vet fixes @justinsb #3307
Adds DNSControllerSpec and WatchIngress flag @geojaz #2504
Fixes #3317 allowing to spawn flannel on all nodes in the cluster @BradErz #3318
Fix broken link in getting_started/aws.md @BlueMonday #3324
refactor resource tracker to be usable across packages @andrewsykim #3331
Fix RenderGCE issue on Address @justinsb #3338
Extract UserData from CloudFormation output during testing @justinsb #3299
Create Keyset API type @justinsb #3286
Check actual EbsOptimized status during cluster update @Pharb #3314
Makefile clean @alrs #3332
nodePortAccess, experimental spec override flag @justinsb #3336
Toolbox template @gambol99 #3287
docs: fix broken vSphere doc link @PI-Victor #3361
Prevent Docker build environments from creating root-owned artifacts @alrs #3354
Add CreateSecurityGroup permission @justinsb #3362
Flannel: change default backend type @justinsb #3190
Warn if SSH fingerprint is obviously bad @justinsb #3300
Other regions require LocationConstraint @reenl #3337
Skeleton bare-metal provider @justinsb #3291
switch monitoring-standalone to v1.7.0 @fvasco #3372
Added ability to set —service-node-port-range @robinpercy #3333
small docs improvement @RichardBronosky #3377
add autoscaling:DescribeLaunchConfigurations permission @rushtehrani #3346
Add a doc to describe how to use kops in AWS China @qqshfox #3360
Allow cluster autoscaler addon to read statefulsets @johanhubens #3364
Support for deleting tokens & keypairs @justinsb #3359
Makefile improvements @alrs #3369
Add romana to built-in CNI options @cgilmour #3290
Correct typo in Hooks Spec examples @KashifSaadat #3381
Honor ServiceNodePortRange when opening NodePort access @justinsb #3379
More Makefile improvements @alrs #3380
Revision to IAM Policies created by kOps @chrislovecnm #3343
Add file assets to node user data scripts, fingerprint fileAssets and hooks content. @KashifSaadat #3323
Makefile remove redundant logic @alrs #3390
Makefile: build kops in dev-mode by default @justinsb #3402
GCS: Don’t reuse same error message @justinsb #3396
Create minimal mock GCECloud, first test @justinsb #3391
GCE: Fix logic around change detection @justinsb #3401
baremetal: more wiring up @justinsb #3407
cluster-autoscaler should use dnsPolicy Default @andrewsykim #3395
Update provisioned iops doc example @afalko #3417
GCE: Prevent instancetemplate spurious mismatches @justinsb #3404
Makefile: use hack/.packages instead of go list @justinsb #3400
Allow specifying a SSH key name for AWS @johnzeringue #3215
Allow cluster-autoscaler to list/watch StatefulSets @carlossg #3202
SecretStore and CAStore implementations backed by API @justinsb #3409
GCE: move file assets to writeable location @justinsb #3399
GCE: Don’t open NodePort range to all by default @justinsb #3403
Support additional config options for Canal Networking @KashifSaadat #3421
Changed the s3 bucket creation command. @timothyjosefik #3422
Remove unused GCE/AWS options @justinsb #3405
Makefile kops-install default @alrs #3426
Dump invalid HCL if we hit it @justinsb #3393
DNS Controller Limitation @gambol99 #3330
Add apimachinery changes to enable cloud controller manager @wlan0 #3408
Support for using hostPort when using calico @felipejfc #3206
improve documentation for secrets @smelchior #2925
GCE: Don’t remove (shared) DNS Zone @justinsb #3398
Support encryption-at-rest for the kube-apiserver @georgebuckerfield #3368
Add function to get etcd status @justinsb #3147
Makefile: use go install @justinsb #3430
Makefile: add missing deps to gobindata @justinsb #3431
Fix a few typos and clean up hooks section @orangejulius #3429
Makefile: was not exiting on test failures @justinsb #3434
Create GCE networks in auto mode, not legacy mode @justinsb #3435
baremetal: fill out more of the baremetal mappings @justinsb #3406
AWS mock provider should use the AWS cloudprovider id @justinsb #3436
getting rid of uneeded logging in ux @chrislovecnm #3437
promoting drain and validate by setting feature flag to true @chrislovecnm #3329
bump channels dashboard to 1.6.3 @so0k #3444
GCE: Avoid nil dereference on new GCE networks @justinsb #3447
Enable ExperimentalCriticalPodAnnotation feature gate @andreychernih #3345
Fix version comparison: mask out pre & build fields @justinsb #3449
Add external-dns as addon. @haad #3383
ETCD container mount /etc/hosts file @catherinetcai #3423
Fix integration test @justinsb #3451
Add permissions for cluster autoscaler addon to scale down @johanhubens #3419
Manifest files @gambol99 #3229
Doc updates to clarify and fix typos in rolling-update cmd. @jlaswell #3458
GCE: Ignore Lifecycle in forwarding rule @justinsb #3456
baremetal: error if NetworkCIDR set @justinsb #3495
Set critical pod annotations @julianvmodesto #3481
Refactoring to use cloud method for getting cloud groups @chrislovecnm #3446
Support GCE MIGs of size 0 @justinsb #3480
using same disk sizes for gce @chrislovecnm #3478
Debian 9 (stretch) support @justinsb #3491
Minor cleanups to #3446 @justinsb #3493
Add docs that debian 9 images should work @justinsb #3497
Add Zones field to InstanceGroup @justinsb #3439
GCE: fix makefile push-gce-run @justinsb #3484
Reduce log severity of not-unexpected nodeup log message @justinsb #3485
Clean up comment on MaxTaskDuration @justinsb #3487
golint: rename two receievers for awsCloudImplementation @justinsb #3492
makefile: add 3 PHONY targets @justinsb #3483
Use IsKubernetesGTE helper instead of reparsing semver @justinsb #3486
Add critical pod annotations to our system pods @justinsb #3494
Mirror keystore & secretstore @justinsb #3411
Makefile basic debugging in Travis @alrs #3506
Update dependencies to match kubernetes 1.8 @justinsb #3508
Update kube-dns to 1.14.5 for CVE-2017-14491 @mikesplain #3511
Fix silly typo @mikesplain #3513
docs: clean up installation instructions @justinsb #3517
Tweak signature in #3478 @justinsb #3496
rolling-update - initial GCE support @justinsb #3507
Support wget for download, not just curl @justinsb #3490
Initial bazel support @justinsb #3510
bazel: tweaks to get build & test working @justinsb #3523
bumping k8s versions in test files @chrislovecnm #3477
Map docker 1.13.1 & 17.03.1, default 1.8 to 1.13.1 @justinsb #3462
bazel: fix overlapping file paths in update cluster test @justinsb #3525
GCE: strip prefixes from Zone & MIG Name @justinsb #3531
GCE: use recreateInstance when rolling a MIG @justinsb #3533
Update Google COS image @justinsb #3460
Added documentation on best practices for creating clusters with HA m… @jatan28 #3540
Minor spelling fix @thomaschaaf #3542
nodeup: warn if no docker version matched @justinsb #3532
Fix CVE for kube-dns pre k8s 1.6 @mikesplain #3538
First tutorial page: getting started with GCE @justinsb #3528
setting variable in func instead inside of func call @chrislovecnm #3548
updating paths in Makefile for docker oddness @chrislovecnm #3556
Newer versions of docker do not follow Semantic Versioning @brdude #3559
updating kops version so that we do not get warnings, fixing cf tests @chrislovecnm #3547
Fixing stdout on tests - cleaning house @chrislovecnm #3474
Add unit test for model helper functions @justinsb #3448
GCE: Fix subnets vs zones formatting of instance groups @justinsb #3524
GCE: install containerized mounter on COS @justinsb #3482
GCS paths; retry on error @justinsb #3461
CVE-2017-14491 Documentation Hot Fixes and kops fixes @chrislovecnm #3563
Enable logrotate for Kubernetes configs on CoreOS @julianvmodesto #3488
Etcd V3 & TLS Support @gambol99 #3514
Use system:kube-router User for clusterrole binding @murali-reddy #3522
thinning out issue template @chrislovecnm #3479
Makefile: fix order of directory creation @justinsb #3569
Add missing hack/make-gendocs.sh script @justinsb #3567
Move old 1.7.1 release notes to 1.8.0 to expedite hotfix release @mikesplain #3572
1.7.1 Release notes for master @mikesplain #3573
Added PolicyConfigMap and PolicyConfigMapNamespace to KubeSchedulerConfig @whs #3546
Document Enabling custom metrics API using kops @RahulMahale #3570
Replace logrotate crontab with systemd timer @julianvmodesto #3568
Update gce storage url @enxebre #3582
mounting kubectl from the host instead to installing in protokube @chrislovecnm #3550
update kubernetes-dashboard image version to v1.7.0 @zouyee #3459
Docs tweak - specify flag, not kube-up env var @justinsb #3583
Release docs update git push command @justinsb #3584
Create logrotate service where not installed by default @justinsb #3590
Mock kops version in tests @justinsb #3594
Update homebrew release docs. @mikesplain #3596
Fix old custom build instructions @justinsb #3585
bazel versions of test, build, push-aws-run & push-gce-run @justinsb #3591
Fix .PHONY @mikesplain #3598
GCE: Limit length of InstanceTemplate names @justinsb #3593
Sort terraform literals in ELB task @justinsb #3588
Promote alpha channel to stable, update alpha channel with latest @justinsb #3586
updating cve advisory for kops-1.7.1 release @chrislovecnm #3580
kops get ... should exit with non-zero if the resource don’t exist @erickt #3610
Update Weave Net to version 2.0.5 @bboreham #3614
Add permissions to cluster autoscaler to get statefulsets @carlossg #3624
Modified OS detection logic when updating http proxy settings. @KashifSaadat #3587
Reduce log level in protokube @justinsb #3622
updating bazel test to output failed tests @chrislovecnm #3627
Simplify protokube mounter using nsenter executor @justinsb #3621
Docker dependencies for docker 1.12.6 on RHEL @justinsb #3628
GCE: Install correct storage class @justinsb #3629
adding missing lifecycle to route table task @chrislovecnm #3616
Phase integration tests @chrislovecnm #3619
kopeio-vxlan: mark critical, remove cpu limit @justinsb #3632
Weave Net: add critical-pod annotation and toleration for rescheduler @bboreham #3638
Add missing “-nanny” in image name. @willaustin #3640
Add Calico v2.5 support for Kubernetes v1.8+ @KashifSaadat #3623
link to cve Advisory release doc fixed @alifa20 #3648
fixing bazel missed BUILD stuff @chrislovecnm #3641
Avoid spurious mirror tasks in plan @justinsb #3656
Fix misssing bazel dependency @justinsb #3657
Add kops toolbox template docs @kenden #3655
simplified AWS tutorial instruction to export AWS env variables @choang #3662
fixing bazel testing for upup @chrislovecnm #3660
Add HorizontalPodAutoscalerSyncPeriod for kubeControllerManager @mikesplain #3673
Added example output from a 1.4.12 cluster @r4j4h #3674
Add Cloud Controller Manager addon @wlan0 #3630
Add etcd settings to nodeup and protokube @mschurenko #3675
Add myself as a reviewer @andrewsykim #3667
update kubernetes-dashboard image version to v1.7.1 @tallaxes #3652
Bump channels version of dashboard to 1.7.1 @so0k #3681
[AWS] Properly tag public and private subnets for ELB creation @geojaz #3682
kOps Toolbox Template Missing Variables @gambol99 #3680
Delete firewall rules on GCE @justinsb #3684
Fix typo in SessionAffinity terraform field @justinsb #3685
Grant kubelets system:node role in 1.8 @justinsb #3683
bazel: Add missing dep on k8s.io/kubernetes/pkg/cloudprovider/providers/aws @justinsb #3687
Rename flag from network-plugin-dir -> cni-bin-dir @justinsb #3688
Bump kopeio networking to 20171015 @justinsb #3637
Add IAM Permissions so nodes can access AWS ECR @KashifSaadat #3690
Add a v1.7.0 storage addon resource. @mikesplain #3677
Initial aggregation work @justinsb #3679
kops-server: ig short-name @justinsb #3686
bazel updates to generate go-bindata @chrislovecnm #3689
Renaming IAM Phase to Security @chrislovecnm #3639
Fixing phases for security groups and elbs @chrislovecnm #3704
etcd using asset builder @chrislovecnm #3661
adding kubernetes core rate limiter handlers @chrislovecnm #3472
UsePolicyConfigMap for kube-scheduler @whs #3581
Allow disabling kube-proxy @brdude #3699
Implement DigitalOcean Droplet FI Task @andrewsykim #3707
update to imports that apimachinery is doing now automatically @chrislovecnm #3710
Updates from running gazelle @justinsb #3713
GCE: Set up permissions for cross-project configurations @justinsb #3712
Updates for p3 machine type @dvavili #3715
API docs updates @chrislovecnm #3520
Use compute API to fetch default service account directly @justinsb #3718
Audit Policy File @gambol99 #3692
Refactor toolbox dump & dump structured instances @justinsb #3719
Apply goimports formatting to upup/pkg/fi/cloudup/gcetasks/ @justinsb #3725
Fix comment on Lifecycle constant @justinsb #3724
Fix error message in StorageBucketIam task @justinsb #3723
Move DeleteResources into pkg/resources/utils @justinsb #3720
Refactor gce resources into pkg/resources/gce @justinsb #3721
Add initial docs for how to rotate a CA keypair @justinsb #3727
GCS: Use ACLs for GCE permissions @justinsb #3726
kOps Template YAML Formatting @gambol99 #3706
Tolerate errors from Find for tasks with WarnIfInsufficientAccess @justinsb #3728
GCE Dump: Include instance IPs @justinsb #3722
Route53 based example @tigerlinux #3367
Update IAM roles documentation based on recent changes. @KashifSaadat #3732
GCE: log the service account & scopes in use @justinsb #3742
Add comment on purpose of kops keypair @justinsb #3741
Fix log messages from storage acl tasks @justinsb #3737
Generate gazelle @justinsb #3738
Clarify comment on ReadTree @justinsb #3740
fix typo in comment: mananging @justinsb #3739
GCE: Use CloudPlatformScope when requesting a token @justinsb #3736
Audit Policy Docs @gambol99 #3747
update gophercloud to the newest version @zengchen1024 #3744
Fix shared subnet/vpc tags @justinsb #3184
GCE: log when loading from GOOGLE_APPLICATION_CREDENTIALS @justinsb #3748
updating files for goimports - and fixed a unit test @chrislovecnm #3752
Adding back to the approvers @geojaz #3756
Template Fixes @gambol99 #3731
Add node-to-master IPIP to kuberouter @iterion #3730
Enable IAM Container Registry permissions by default when creating a cluster (#3760). @KashifSaadat #3761
[Add-on] Add kube-state-metrics add-on @tuannvm #3653
Add makefile target to check markdown links @aledbf #3758
Add service account for elasticsearch and fluentd @thoslin #3743
Implement vfs with openstack swift @zengchen1024 #3708
Spelling fixes @justinsb #3700
goimports cleanup && basel files @chrislovecnm #3764
Create YAML or JSON Clusterspec without creating the cluster @chrislovecnm #2954
deprecated API values that are no longer used with kube-dns @chrislovecnm #3771
Rationalize timeouts for rolling-update @justinsb #3658
windows kops.exe binary support @chrislovecnm #3770
updating to bazel 0.0.7 and adding verify scripts @chrislovecnm #3769
adding -y @chrislovecnm #3767
updating api documentation @chrislovecnm #3774
removing windows from shipbot @chrislovecnm #3775
Fix Sirupsen/logrus submodule path error @liranp #3779
Add additional Describe permissions required for Romana CNI @cgilmour #3778
gazelle updates with new bazel version @chrislovecnm #3776
fixing panic with iam unit tests @chrislovecnm #3782
Updates for latest bazel / vendor @justinsb #3781
Allows additional Subject Alternate Names @pdh #2063
Add —master-public-name argument to kops create_cluster @mdavidsen,@justinsb #3385

beta.1 to beta.2

Add PRs to 1.8 release notes @justinsb #3785
Update Canal to use Calico v2.6.2. @KashifSaadat #3786
Toolbox Templating Docs @gambol99 #3800
DNS Controller Watch Command line @gambol99 #3798
Update tolerations in Canal spec so the pods can run on all nodes. @KashifSaadat #3802
Bugfix kops update always detecting changes when using ExecContainerAction. @KashifSaadat #3790
Allow passing in extra user-data to cloud-init @brdude #3633
Consolidate two separate CNI sections @ahrkrak #3811
Update docs for 1.7.1 @mikesplain #3810
updating bazel build version @chrislovecnm #3814
Debian Stretch versions for Docker to support K8s 1.8 @mikn #3807
Add Node IAM permissions to access kube-router key in S3. @KashifSaadat #3795
Add a default NodeLabel with the InstanceGroup name @georgebuckerfield #3783
Bump alpha and stable to latest @pierreozoux #3797
Add support for C5 instance family @shamil #3794
san api update @chrislovecnm #3815
FeatureGates support in all the components @diegows #3805
kube-router: remove beta annotation versions (deprectated in 1.8) of init container @murali-reddy #3620
Fixed the broken link for aws doc. @shashanktomar #3831
Bump alpha channel for 1.8 @justinsb #3825
Fix resources for etcd-events @justinsb #3843
Fix CNI CPU allocations @justinsb #3844
Update bazel build files @justinsb #3842
Fix CoreOS logrotate service failure. @KashifSaadat #3846
Update calico template @itajaja #3803
Fix error message when not specify —cloud or —zones @justinsb #3841
Add HPA up/downscale delay @discordianfish #3847
Updating API documentation @chrislovecnm #3827
Add edit flag so create instancegroup command is usable on scripts @jchanam #3787
add openstack cloud provider @zengchen1024 #3820
Fix gazelle @justinsb #3850
Tweak kops create ig flag to edit, not editor @justinsb #3849
Apply gossip dns changes to 1.8 calico version also @marshallbrekka,@justinsb #3851
Update Additional user-data per #3853 @dgem #3854
updating api docs @chrislovecnm #3856
Verify that no extra records remain after a reconnection @justinsb #3858
Use upsert when applying DNS records @justinsb #3859
Fix Autoscaling flag on Controller Manager Config @david92rl #3872
Include encryptionConfig setting within userdata for masters. @KashifSaadat #3874
Add Example for instance group tagging @sergeohl #3879
README and issue template updates @chrislovecnm #3818
kOps Template Config Value @gambol99 #3863
Fix spelling @jonstacks #3864
Improving UX for placeholder IP Address @chrislovecnm #3709
Bump all flannel versions to latest release - v0.9.1 @tomdee #3880
Add support for docker 17.09.0 version @dvavili #3881
upscale-delay flag in two more places @justinsb #3890
Changing the prefix of the ResourceTag condition @ftoresan #3889
Support replacing kops secrets via force flag @KashifSaadat #3899
Implement volume task for Openstack platform @zengchen1024 #3893
fix: paths in cluster_template.md @Moshe-Immerman #3897
Respect the shared tag when deleting route tables @georgebuckerfield #3887
generate gazelle for cinder volume tasks @zengchen1024 #3904
Owners files @gambol99 #3906
Version and validation updates for romana networking. @cgilmour #3892
Add homebrew devel and HEAD notes to docs. @mikesplain #3826
Updated 1.8 release notes to cover Canal manual upgrade steps. @KashifSaadat #3908
Updating Calico manifests to Calico release 2.6.2 @chrislovecnm #3869
Set SleepDelay function in AWS @justinsb #3913
bazel: fix tests/ directory @justinsb #3922
Avoid generating a CA keypair on-demand @justinsb #3925
Added .service to hooks unit files @aleerizw #3920
DNS Controller Optional @gambol99 #3822
Use EnsureTask so we don’t have to track directories as closely @justinsb #3926
Block etcd peer port from nodes @justinsb #3923
Don’t add .service extension if already there @aleerizw,@justinsb #3929
Promote 1.5.8 and 1.6.11 to stable channel @justinsb #3931
Put the 1.8 image into the alpha channel @justinsb #3930
Bump alpha channel k8s versions @justinsb #3932
Update kopeio auth @justinsb #3928
Map horizontal-pod-autoscaler-use-rest-clients flag @itskingori #3939
Bump all our base docker images @justinsb #3940

beta.2 to 1.8.0

Add Dashboard v1.8.0 deployment @maciaszczykm #3936
Rename dashboard manifest so it has extension @justinsb #3946
Fix flannel version @mikesplain #3953
Fix flannel error on starting @mikesplain #3956
Fix brew docs typo @mikesplain #3949
kops not kOps @chrislovecnm #3960
openapi doc updates @chrislovecnm #3948
Add kubernetes-dashboard addon version constraint @so0k #3959
Initial support for nvme @justinsb #3969
Fix typo in kops get cluster —full hint @justinsb #3968
Ensure iptables forwarding is enabled @justinsb #3977
Put latest AMIs into alpha channel @justinsb #3979
Fix segfault when updating non-existent object @justinsb #3980
Guard against nil pointers in tryResourceAsString @justinsb #3982
Allow GCE network to be reconfigured @justinsb #3988
Fix kubernetes version selectors on alpha channel @justinsb #3984
Provide better message if GCE network is in legacy mode @justinsb #3989
Add support for M5 and H1 instance families @ripta #3990
Bump image in alpha channel: ENA in jessie @justinsb #3992