Release notes for kOps 1.23 series
Significant changes
If the Kubernetes version is 1.23 or later and the external AWS Cloud Controller Manager is being used, then Kubernetes Node resources will be named after their AWS instance ID instead of their domain name and managed subnets will be configured to launch instances with Resource Based Names.
Support for ShutdownGracePeriod and ShutdownGracePeriodCriticalPods. By default, kOps will set ShutdownGracePeriod to 30 seconds and ShutdownGracePeriodCriticalPods to 10 seconds if the Kubernetes version is above 1.21.
By enabling the pod identity webhook, you no longer need to modify your Pod specs to assume IAM roles.
Breaking changes
Support for Kubernetes version 1.17 has been removed.
Support for the Lyft CNI has been removed.
The Weave CNI is not supported for Kubernetes 1.23 or later.
Support for CentOS 7 has been removed.
Support for CentOS 8 has been removed (replaced by Rocky Linux 8).
Support for Debian 9 has been removed.
Support for RHEL 7 is has been removed.
Support for Ubuntu 16.04 (Xenial) has been removed.
Cilium now has
disable-cnp-status-updates: true
by default. Set this to false if you rely on the CiliumNetworkPolicy status fields.
Required actions
Deprecations
Support for Kubernetes version 1.18 is deprecated and will be removed in kOps 1.24.
Support for Kubernetes version 1.19 is deprecated and will be removed in kOps 1.25.
All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.
The
node-role.kubernetes.io/master
andkubernetes.io/role
labels are deprecated and might be removed from control plane nodes in future versions of kOps.Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated and will be removed in kOps 1.24.
Due to lack of maintainers, the CloudFormation support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this target.
Other changes of note
The
kops create cluster
command has a new--discovery-store
flag for specifying a public store for the OIDC-compatible discovery documents. If this flag is used in AWS, it will enable IRSA.If
externalDns.provider
isexternal-dns
, thenexternalDns.watchIngress
will now default totrue
.This release introduces a
v1alpha3
API version. This API version is a work in progress and is likely to be replaced in kOps 1.24. It is recommended to keep using thev1alpha2
API version.IPv6 pod subnets is in a working state using public IPv6 addresses for the Pod network. This works with both Cilium and Calico. IPv6 is still behind a feature flag until service controllers and addons implement support for IPv6. See the IPv6 documentation.
The
kops rolling-update cluster
command has a new--drain-timeout
flag for specifying the maximum amount of time to wait when attempting to drain a node. Previously, rolling-updates would attempt to drain a node for an indefinite amount of time. If--drain-timeout
is not specified, a default of 15 minutes is applied.Fix inconsistent output of
kops get clusters -ojson
. This will now always return a list (irrespective of a single or multiple clusters) to keep the format consistent. However, note thatkops get cluster dev.example.com -ojson
will continue to work as previously, and will return a single object.Digital Ocean kops now has vpc support. You can specify a
network-cidr
range while creating the kops cluster. kops resources will be created in the new vpc range. Also supports shared vpc; you can specify the vpc uuid while creating kops cluster.
Full change list since 1.22.0 release
1.23.0-alpha.1 to 1.23.0-alpha.2
- Release 1.22.0-beta.1 @johngmyers #12211
- Revert “Release 1.22.0-beta.1” @johngmyers #12213
- Release 1.23.0-alpha.1 @johngmyers #12210
- [addons/metrics-server] Bump minor version @dntosas #12198
- Release notes for 1.22.0-beta.1 @johngmyers #12216
- Remove code for unsupported features @johngmyers #12218
- Bump cloudbuild images to latest @rifelpet #12222
- Fix new staticcheck errors @burntcarrot #12215
- Move bootstrap RBAC from protokube to core bootstrap addon @johngmyers #12221
- Update staticcheck to latest @rifelpet #12224
- [Documentation update] Note for the metrics configuration for etcd @recollir #12223
- fix parse semver @zetaab #12227
- check does iface has associations @zetaab #12232
- Bump cert-manager to 1.5.3 @olemarkus #12229
- Fix etcd3-migration docs link @RetWolf #12238
- Update metrics-server tag used in e2e scenario @rifelpet #12239
- Bump node termination handler to 1.13.3 @olemarkus #12237
- [addons/node-local-dns] Bump version and make image field configurable @dntosas #12219
- Set kube-apiserver as default logs container @olemarkus #12246
- Enable protect-kernel-defaults by default and set the correct sysctls in nodeup @olemarkus #12193
- Use node internal IP for metrics-server @olemarkus #12260
- Set ipv6 nameservers on aws @olemarkus #12259
- Set NodeIPFamilies in ipv6 mode @olemarkus #12258
- Disable masquerade means disable masquerade if ipv6 too @olemarkus #12265
- Update controller-runtime to v0.9.7 @hakman #12264
- Try to bootstrap when at least one IP is available @hakman #12270
- Fix core manifest @olemarkus #12268
- update openstack CSI @zetaab #12251
- Fix bootstrap when at least one IP is available @hakman #12273
- Fix kernel parameter for IPv6 forwarding @hakman #12271
- Dump external-dns and dns-controller pod logs @rifelpet #12276
- Add .log suffix to dumped pod logs @rifelpet #12278
- Add support —kernel-memcg-notification Kubelet flag @hakman #12267
- Set explicit fsType to be able to mount volumes @pa1op #12280
- dev: hack/update-expected script should clear KOPS_ARCH @justinsb #12283
- Add helper to convert kubemanifest.Object to unstructured @justinsb #12284
- Add notes and docs on external-dns @olemarkus #12279
- use ipip Always by default in OpenStack @zetaab #12286
- Include kops- prefix in external-dns TXT record @rifelpet #12289
- External dns fixes @olemarkus #12288
- Do not set ClusterCIDR for KubeProxy when using CNI networking and kubeProxy.clusterCIDR is not set @dezmodue #12207
- Update AWS CCM tags @rifelpet #12104
- Enable IMDS IPv6 endpoint @rifelpet #12290
- Note about breaking change for apiserver files @olemarkus #12294
- Use MasterInternalName for gossip cluster SA issuer @rifelpet #12297
- [kubelet] Add validation for cpuCFSQuotaPeriod after k8s>=1.20 @dntosas #12292
- Recognize Ubuntu 21.10 (Impish Indri) @hakman #12300
- Bump snapshot-controller to 4.2.1 @olemarkus #12303
- Update Go to v1.16.8 @hakman #12306
- Bump aws ebs csi driver to 1.2.1 @olemarkus #12310
- Add ability to yaml-encode unstructured @justinsb #12282
- Pre-install nvidia container runtime + drivers on GPU instances @olemarkus #11628
- Update Bazel to v4.2.1 @hakman #12311
- Do not precreate dns record for api lbs @olemarkus #12308
- Default to latest staging image for AWS CCM @hakman #12291
- Make AWS CCM NodeIPFamilies configurable @hakman #12305
- Use sg rule ids and tags where possible @olemarkus #12314
- Allow arbitrary length terraform literals @rifelpet #12316
- Report the power state of cloud instances @yadneshk #12326
- include new required permissions in documentation @yeus #12328
- Use TLS for kubescheduler health check as of k8s 1.23 @olemarkus #12333
- Update ALPHA k8s versions with Sept releases @MoShitrit #12337
- Implement support for AWS ipv6 prefixes @olemarkus #12112
- Add IMDS IPv6 endpoint in terraform @rifelpet #12298
- Deprecate TerraformJSON feature flag @rifelpet #12341
- Skip SCTP e2e tests on cilium + k8s 1.23 @rifelpet #12348
- Use EC2 and Metadata IPv6 endpoints in IPv6 mode for EBS CSI Driver @hakman #12349
- fix: remove inconsistent comment @eddycharly #12351
- fix: etcd backup docs @eddycharly #12352
- Fix EC2 IPv6 endpoint for EBS CSI Driver controller @hakman #12353
- Create a second Terraform provider for managed files @rifelpet #12322
- Recognize pending EC2 instances as needed deletion @justinsb #12357
- Script for iterating development on AWS @justinsb #12356
- Only add IPv6 IAM permissions if using IPv6 @justinsb #12355
- Fix controller defaults for both bootstrap tokens and ipv6 @justinsb #12354
- Update Calico to v3.20.1 @hakman #12360
- Fix version check in cilium SCTP test skipping @rifelpet #12365
- Only configure IMDSv2 on AWS @justinsb #12369
- AWS: Move some subnet functions into AWS model @justinsb #12367
- Fix nil pointer error where containerd is not in use @justinsb #12374
- kubetest2 - add support for dumping k8s resources via SSH @rifelpet #12372
- Better logging in setLifecycleOverride @justinsb #12376
- Fix parsing of kops toolbox dump yaml output @rifelpet #12377
- Move cidrmap to subnet package @justinsb #11578
- GCE: Don’t create utility subnets in private topology @justinsb #12373
- GCE: Fix subnet deletion @justinsb #12370
- GCE: Always have IPv6 rules in “ipv6 mode” @justinsb #12368
- [channels] Bump AWS/GCP/Azure Ubuntu AMIs to latest @dntosas #12334
- GCE: For IPAlias or Custom Routes, we must recognize source by CIDR @justinsb #12371
- kubetest2 - fix parsing output from toolbox dump @rifelpet #12379
- Update Go to v1.17.1 @hakman #12375
- GCE: When using calico, need to open up ipip protocol @justinsb #12384
- Remove unneeded network related sysctls @hakman #12385
- Add specific taints to dns-controller. @olemarkus #12389
- Add sleep to upgrade-ab scenario @olemarkus #12391
- Make channels target phony @olemarkus #12392
- feat: add support for wildcard in roles generated for IRSA @eddycharly #12342
- Support zone autocompletion @justinsb,@hakman #12366
- Decrease connection timeout when dumping logs from instances @rifelpet #12397
- Fix list of supported cloud providers in CLI docs @rifelpet #12396
- Fix link to addons documentation @johngmyers #12402
- Upgrade terraform to 1.0.7 @rifelpet,@hakman #12403
- Add support to configure Cilium CNI chaining @choutone #12407
- Run verify-cloudformation in host network @rifelpet #12410
- Upgrade cnf-lint to 0.54.2 @hakman #12411
- Add option to create an internal load balancer for the bastion @dezmodue #12321
- Remove critical-pod scheduler annotation. @rifelpet #12398
- Revert “Remove unneeded network related sysctls” @olemarkus #12415
- Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 @ReillyBrogan #12394
- Allow adding more subnets to an NLB @olemarkus #12412
- release-process.md: Update references to artifact promotion @justaugustus #12386
- Update google.golang.org/api to 0.57.0 @justinsb #12421
- protokube: don’t try to connect to apiserver if not control-plane @justinsb #12424
- Refactor bootstrap verifier/authenticator into its own package @justinsb #12422
- Add kubetest2-kops template for testing dedicated APIServer nodes @rifelpet #12428
- Have toolbox dump include contents of /etc/hosts @rifelpet #12427
- Allow aws-iam-authenticator to be scheduled onto dedicated apiserver nodes @rifelpet #12426
- Mount cgroupv2 for cilium at a custom location @olemarkus #12431
- Update Amazon Linux 2 documentation to mention the 5.10 kernel @rifelpet #12430
- Add ability to provide custom CoreDNS tolerations and affinity @hierynomus #12234
- Document cloud-init behaviour @dezmodue #12438
- Skip certain e2e tests in GCE @rifelpet #12434
- Fix AWS IAM Authenticator support for k8s 1.22 @rifelpet #12425
- feat: add support for custom audience in aws oidc provider @eddycharly #12419
- Fix typo in name of new ‘UseServiceAccountExternalPermissions’ variable. @ev-hines #12440
- Truncate cluster name in NTH EventBridgeRules @rifelpet #12439
- Use separate cloud.config file for in-tree vs out-of-tree components @rifelpet #12435
- Add fixed version to all addons @olemarkus #12416
- Add support for YAML/JSON output to ‘kops get instances’ @hierynomus #12442
- Update stable k8s versions @MoShitrit #12454
- Bump aws-cni version to 1.9.1 @MoShitrit #12455
- Skip load balancer test in IPv6 clusters @rifelpet #12452
- Update containerd to v1.4.10 @hakman #12459
- Remove unnecessary sysctl “net.ipv6.conf.all.accept_ra=2” @hakman #12461
- Bump Cluster Autoscaler images @olemarkus #12463
- Create v1alpha3 apiVersion @johngmyers #12406
- v1alpha3 API fixup @johngmyers #12466
- Release notes for 1.22.0-beta.2 @johngmyers #12468
- Fail if an apimachinery conversion is missing @johngmyers #12469
- kube-controller-manager also doesn’t mount /srv/kubernetes @johngmyers #12473
- Cleanup ClusterSpec code @johngmyers #12472
- Remove Docker overlayfs upgrade code @johngmyers #12471
- Spotinst: Update
spotinst/ocean-controller
to v1.0.78 @liranp #12476 - Update containerd to v1.4.11 @hakman #12479
- Update Docker to v20.10.9 @hakman #12481
- Update k8s dependencies to v1.22.2 @hakman #12483
- Add Cilium agent pod annotations support to improve personalization @sterchelen #12414
- [DigitalOcean] Incorporate existing vpc support for kops @srikiz #12485
- Add kubescheduler.config.k8s.io/v1beta2 for k8s 1.22+ @hakman #12486
- Update controller-runtime to v0.10.2 @hakman #12490
- Update Calico to v3.20.2 @hakman #12491
- Replace klog flags with go-runner in k8s 1.23 @rifelpet #12494
- Support GCE TPM verification @justinsb #12420
- Remove unused fields cluster APIs @johngmyers #12475
- Update Bazel rules_go to v0.29.0 @hakman #12496
- Update etcd-manager to 3.0.20211007 @hakman #12497
- Remove some unused fields from v1alpha3 componentconfig @johngmyers #12500
- Add Cilium + RHEL8 release note @rifelpet #12504
- Update Go to v1.17.2 @hakman #12502
- Convert go.mod files to Go 1.17 @hakman #12505
- Release notes for 1.20.3 @hakman #12512
- Release notes for 1.21.2 @hakman #12513
- Bump channels @hakman #12516
- Update release process docs @hakman #12514
- Remove more unused fields from v1alpha3 API @johngmyers #12517
- Update coredns to v1.8.5 @hakman #12518
- Fix addon-resource-tracking e2e scenario @rifelpet #12520
- Spotinst: Support for RI commitments @liranp #12522
- tests: create-cluster integration tests should validate additional objects @justinsb #12285
- Update Bazel rules_docker to v0.20.0 @hakman #12523
- Enable ingress hostname feature for OpenStack @zetaab #12525
- Upgrade EBS CSI Driver to v1.4.0 @rifelpet,@olemarkus #12529
- Release notes for 1.22.0 @johngmyers #12533
- Spotinst: Permission to create
bigdata.spot.io/bigdataenvironments
@liranp #12521 - Add missing “a” to 1.22 release notes @yurrriq #12536
- Bump cert-manager dependency @olemarkus #12537
- Don’t hard-code the SQS Queue ARN partition @rifelpet #12540
- Minor updates to releases document @johngmyers #12546
- Add rolling updates doc to menus @johngmyers #12550
- [cilium] Add support for bpf-lb-sock-hostns-only field @dntosas #12524
- kops-controller: register coordination scheme @justinsb #12553
- Add capacity-optimized-prioritized as a valid spot allocation strategy @ripta #12560
- Disable CNP status updates by default @olemarkus #12564
- Update google/go-containerregistry to v0.6.0 @hakman #12566
- Re-add ec2:DescribeLaunchTemplateVersions to CA IAM policy @rifelpet #12568
- Upgrade tests - cleanup previous cluster with newer kops version @rifelpet #12570
- Upgrade AWS VPC CNI to 1.9.3 w/ k8s 1.22 support @rifelpet #12573
- Update channels @hakman #12548
- Make it possible to set CAS max-node-provision-time @olemarkus #12437
- Update release documentation @johngmyers #12578
- Release notes for 1.22.1 @johngmyers #12579
- Prune addons via labels @justinsb #12156
- Support BYO IPv6 @johngmyers #12582
- Mention KOPS_ARCH in contributor documentation @johngmyers #12586
- Allow AWS LBC to attach certificates @olemarkus #12309
- gossip: Seed /etc/hosts in nodeup @justinsb #12554
- GCE: use chrony on Ubuntu + GCE @justinsb #12587
- Upgrade Canal to v3.20 with k8s 1.22 support @rifelpet #12584
- GCE: Allow network to be marked as shared @justinsb #12590
- Add calico-kube-controllers for Canal @hakman #12593
- Support BYO IPv6 @johngmyers #12592
- gce: allow router to refer to network object @justinsb #12591
- Update Canal based on Calico @hakman #12594
- Spotinst: Get instance types from
mixedInstancesPolicy
field @liranp #12549 - Rename BAZEL_BIN to BAZEL in Makefile @hakman #12599
- gce: open kops-controller port from nodes @justinsb #12556
- Handle keypair items without certificates @johngmyers #12601
- Respect any MaxPods value the user sets explicitly @hakman #12603
- Add permissions needed for KCM to provision NLBs @olemarkus #12611
- dns-controller: Treat IPv6 node addresses as both internal and external @johngmyers #12608
- GCE: improve network & subnet terraform support @justinsb #12382
- GCE: support egress specification @justinsb #12600
- Fix GCE router terraform reference @rifelpet #12618
- Use the SQS Queue’s ARN reference @rifelpet,@hakman #12571
- Remove vestigial Cilium ContainerRuntimeLabels code @johngmyers #12615
- Improve default CIDR assignments for IPv6 @johngmyers #12617
- Make dns-controller delete placeholder addresses for IPv6 cluster @johngmyers #12605
- Use .bazel-bin to help gopls & VSCode @justinsb #12498
- GCE: Delete routes with long cluster names @justinsb #12619
- Use instance metadata to find local IPv6 prefix @hakman #12622
- Create placeholder DNS records of correct type for IPv6 clusters @johngmyers #12616
- kubetest2: remove duplicate admin-access flag @justinsb #12625
- kubetest2: force printing of the plan on cluster creation @justinsb #12624
- Use server-side apply for addons. Identify as kops @olemarkus #12583
- Use InternalIP as preferred kubelet address only in ivp6 mode @olemarkus #12626
- Clarify the deployment responsible for API DNS in error message @rifelpet #12277
- Dump more resource types from kubectl into cluster-info directory @rifelpet #12631
- Configure aws-iam-authenticator using identityMappings defined in cluster.yaml @hierynomus #12538
- Never masquerade IPv6 with Cilium @johngmyers #12623
- Add more IPv6 integration tests @hakman #12634
- Log
kops toolbox dump
output to artifacts dir rather than stdout @rifelpet #12639 - Integration test cleanup @rifelpet #12637
- Allow kops-controller to describe network interfaces @hakman #12641
- Fix hardcoded ARN partitions @rifelpet #12638
- Check for hardcoded partitions in integration tests @rifelpet #12635
- Enable Router Advertisements for Debian 11 @hakman #12642
- Use prefixes for IPv6 with Calico @hakman #12643
- doc: Number subsections that are procedural steps @johngmyers #12645
- Revert “Make dns-controller delete placeholder addresses for IPv6 cluster” @johngmyers #12646
- dns-controller: use aliases for internal host-network pods @johngmyers #12640
- Prohibit masquerading in IPv6 clusters @johngmyers #12647
- Validate CNI can support IPv6 @johngmyers #12650
- Remove unused Cilium fields from v1alpha3 API @johngmyers #12610
- Remove obsolete documents @johngmyers #12648
- Enable Router Advertisements for Debian 11 on ens* interfaces @hakman #12652
- IPv6 requires external CCM @johngmyers #12651
1.23.0-alpha.2 to 1.23.0-beta.1
- Release 1.23.0-alpha.2 @johngmyers #12654
- Release notes for 1.23.0-alpha.2 @johngmyers #12655
- Switch release process to official GitHub client @johngmyers #12656
- Add initial IPv6 documentation @johngmyers #12649
- Start IPv6 CIDR numbering from 0 @hakman #12658
- Migrate kube-proxy manifest to use go-runner for logging @rifelpet #12664
- Fix error handling in kubetest2 dumplogs @rifelpet #12667
- Revert “Migrate kube-proxy manifest to use go-runner for logging” @rifelpet #12668
- Fix cluster name used in IAM policies @rifelpet #12672
- Remove tag conditions on certain AWS IAM actions @rifelpet #12674
- Add arch specific dev-upload-nodeup targets @johngmyers #12675
- Fix that states AWS IAM Instance Profile blocks IAM Role @angeloskaltsikis #12677
- Fix ELB IAM conditions (part 2) @rifelpet #12680
- Use chrony for synchronizing time in Ubuntu @hakman #12681
- Migrate to AWS CCM in k8s 1.24 @johngmyers #12676
- Increase upup http response header timeout @AlexLast #12694
- Include the amazonvpc logs in toolbox dump @johngmyers #12690
- Add docs on how to assign arrays with toolbox template @rifelpet #12688
- Ignore white space when validating IAM policy size limits @rifelpet #12700
- Update k8s versions with latest releases. Also bump AWS Ubuntu AMI version @MoShitrit #12702
- Spotinst: Update
spotinst/ocean-controller
to v1.0.79 @liranp #12706 - gce: don’t over-warn on ManagedInstanceGroups filtering @justinsb #12710
- [calico] Add support for allow_ip_forwarding field @zhengtianbao #12682
- set calico-node readiness/liveness timeout to 10s @estahn #12713
- Add missing status fields to IAMIdentityMapping v1 CRD @rifelpet #12716
- Recognize Ubuntu 22.04 (Jammy Jellyfish) @hakman #12725
- Populate api-server role label on node @justinsb #12711
- refactor: move from io/ioutil to io and os packages @Juneezee #12722
- Revert leader migration @johngmyers #12726
- Fix render template cilium AgentPrometheusPort into a UNICODE char error @zhengtianbao #12721
- Don’t fail validation if Nvidia and containerRuntime defaults @johngmyers #12729
- Watch Ingress by default when using the external-dns provider @johngmyers #12692
- Fix out of bounds error when instance detach fails @johngmyers #12698
- Fix use of deprecated method @johngmyers #12730
- Update containerd to v1.6.0-beta.2 @hakman #12720
- Support setting empty maps and structs @johngmyers #12728
- Upgrade external-dns to 0.10.1 for Kubernetes >= 1.19 @johngmyers #12724
- kops-controller should log port it is listening on @justinsb #12739
- Show additional (“addon”) objects in kops get @justinsb #12544
- Add create cluster flag for enabling IRSA @johngmyers #12741
- Do not return error when there is no error checking for cgroupfs @olemarkus #12744
- Makefile: run codegen using go modules @justinsb #12748
- Upgrade aws-sdk-go to v1.42.5 @johngmyers #12751
- Upgrade amazonvpc to v0.10.1 @johngmyers #12752
- Update Go to v1.17.3 @hakman #12753
- Add ingress hostname suffix configurable to kOps @zetaab #12699
- update gophercloud deps @zetaab #12757
- Shorten filenames in the asset store @johngmyers #12765
- Add hashes for latest containerd and Docker versions @hakman #12767
- Support IPv6 private topology @johngmyers #12759
- Update containerd to v1.4.12 @hakman #12772
- Allow NodeLocalDNS when defaulting to CoreDNS @johngmyers #12774
- Migrate kube-proxy manifest to use go-runner for logging @rifelpet #12712
- e2e tests: recognize a full KOPS_BASE_URL as a KOPS_VERSION @justinsb #12778
- Stable-sort subnets by Name @justinsb #12780
- Bump etcd manager to 20211117 @justinsb #12763
- Bump node local dns cache @olemarkus #12783
- Bump nvidia device plugin to 0.10.0 @olemarkus #12784
- Bump cert-manager addon and godep to 1.6.1 @olemarkus #12777
- Fix AWS authentication separator to support multiple objects @justinsb #12790
- Fix volume ratio comparisons @olemarkus #12791
- Remove warning about IPv6 being experimental @hakman #12787
- Update containerd to v1.6.0-beta.3 @hakman #12795
- Release notes for 1.22.2 @johngmyers #12801
- Release notes for 1.21.4 @johngmyers #12802
- gossip: support resolution of k8s.local names from pods (via services) @justinsb #12792
- Use dualstack endpoint for s3 @olemarkus #12743
- Update channels @hakman #12806
- Rename fields to fit acronym conventions @johngmyers #12811
- GCE: Fix race around route deletion @justinsb #12737
- Webhook Update cluster_spec.md @krishna2603 #12813
- Bump cilium to 1.10.5 @olemarkus #12814
- Update Flannel CNI to v0.15.1 @shamil #12818
- Check that there are extra fields and not fields explicitly false @olemarkus #12804
- Add NodeProblemDetector clusterRoleBinding @zhengtianbao #12819
- Add missing namespaces for addon templates @GMartinez-Sisti #12820
- Bump EBS CSI driver to 1.5.0 @olemarkus #12782
- Add nodeProblemDetector daemonset serviceAccountName @zhengtianbao #12822
- Upgrade aws-sdk-go to v1.42.11 @johngmyers #12823
- Add support for —dns flag in Docker config @jwolski2 #12789
- Update Calico to v3.21.1 @hakman #12708
- Update Canal to v3.21.1 @hakman #12709
- Add release note warning about the v1alpha3 API @johngmyers #12831
- Migrate to AWS CCM in k8s 1.24 @johngmyers #12830
- Rename fields to fit acronym conventions @johngmyers #12816
- Change DisableSubnetTags to tagSubnets @johngmyers #12832
- Promote alpha channel to stable @hakman #12807
- Add support for etcd v3.5.1 @hakman #12826
- Skip SCTP test on cilium clusters in k8s 1.24 as well @rifelpet #12838
- Fix enabling of AWS CCM @johngmyers #12837
- Fix upgrade tests with dest kOps version < 1.22 @johngmyers #12839
- Pin the aws-lb-controller scenario to k8s 1.21 @johngmyers #12840
- Change title of iam_roles.md to be specific to instance IAM roles @johngmyers #12845
- Route NAT64 to NAT Gateway in IPv6 private topology @johngmyers #12842
- Enable DNS64 in CoreDNS if IPv6 enabled @johngmyers #12766
- Invert sense of negative-option settings in v1alpha3 @johngmyers #12835
- Use AWS metadata to retrieve local-hostname in nodeup @bwagner5 #12844
- Fix e2e scenario tests @johngmyers #12847
- Open nodeport to IPv6 in e2e tests @johngmyers #12848
- Route NAT64 to NAT Gateway in IPv6 public topology @johngmyers #12843
- Use NAT64 instead of dual-stack for AWS EBS CSI driver @hakman #12850
- Reissue client keypairs on issuer change @johngmyers #12846
- Remove more non-configurable settings from v1alpha3 @johngmyers #12849
- Update IPv6 documentation @johngmyers #12852
- Revert “Open nodeport to IPv6 in e2e tests” @johngmyers #12854
- Support NodeLocalDNS on IPv6 clusters @johngmyers #12851
- Fix upgrade tests to kops version < 1.22 @johngmyers #12856
- Make requests and limits be *resource.Quantity @johngmyers #12857
- Stop skipping snapshot fields tests in EBS CSI e2e @rifelpet #12531
- Remove redundant evaluation of hostnameOverride @olemarkus #12858
- images: use k8s-staging-test-infra/gcb-docker-gcloud @spiffxp #12859
- images: fix invalid k8s-staging-test-infra/gcb-docker-gcloud tag @spiffxp #12861
- GCE: fix for metadata-proxy on cilium @justinsb #12866
- [Digital Ocean] Fix load balancer retry logic while retrieving ip @srikiz #12758
- Spotinst: Update spotinst/ocean-controller to v1.0.80 @liranp #12868
- Add GCP PD CSI driver addon @rifelpet #12812
- Fix area/provider/gcp GitHub label assignment @rifelpet #12871
- Add gofumpt scripts @hakman #12867
- Remove unused StorageBucketIam GCE task @rifelpet #12869
- Don’t assign CIDRs to shared subnets @johngmyers #12863
- Add labels to GCE instance templates @rifelpet #12870
- Rename imageName to image in v1alpha3 @johngmyers #12872
- Use v1 certificate for snapshot-validation-service @olemarkus #12874
- tests gce: fix project arg on gsutil rm @justinsb #12875
- Remove support for CentOS 8 @johngmyers #12877
- If RBN, use IPv6 address instead of IPv4 @olemarkus #12878
- Support GSFS Terraform Managed Files @rifelpet #12121
- Rename bastionPublicName in v1alpha3 API @johngmyers #12876
- Remove support for old distros @hakman #12882
- Update k8s dependencies to v1.23.0-rc.0 @hakman #12883
- Add terraform integration test for dedicated apiserver nodes @rifelpet #12884
- Update k8s dependencies to v1.23.0-rc.1 @hakman #12888
- Allow setting cilium 1.11 @olemarkus #12887
- gce: Add network & subnet to toolbox dump @justinsb #12889
- GCE: Support kops-controller, including in gossip mode @justinsb #12742
- Use instance ID as node name when AWS CCM supports it @johngmyers #12862
- Update Go to v1.17.4 @hakman #12896
- enable connection-draining for aws classic lb @heybronson #12881
- Simplify Flatcar containerd exec command @pothos #12900
- pkg/apis/kops: Allow configuring dockerd —max-* upload and download concurrency and retry options. @anthonyrisinger #12320
- Upgrade node-cache to 1.21.3 @johngmyers #12904
- Fix external-dns service name @johngmyers #12893
- Fix error applying AWS CCM leader migration @hakman #12907
- Update k8s dependencies to v1.23.0 @hakman #12908
- Cleanup GCE loadbalancers created by k8s @zetaab #12894
- Set DNS PDB to a maxUnavailable percentage @heybronson #12915
- Update aws-load-balancer-controller to v2.3.1 @hakman #12920
- e2e: fix test flakes where we specify a non-schedulable zone @justinsb #12891
- Ignore InvalidAction errors when tagging IAM Instance Profiles @rifelpet #12629
1.23.0-beta.1 to 1.23.0-beta.2
- Drop support for Weave as of k8s 1.23 @johngmyers #12941
- Make service topology for cilium configurable @olemarkus #12918
- Update Go to v1.17.5 @hakman #12954
- Update controller-runtime to v0.11.0 @hakman #12967
- Update containerd to v1.6.0-beta.4 @hakman #12968
- Ignore images hosted in private ECR repositories as containerd cannot pull these @olemarkus #13000
- Prevent creation of unsupported etcd clusters @olemarkus #13011
- Update k8s dependencies to v1.23.1 @hakman #13022
- Remove TerraformJSON feature flag @rifelpet #13029
- Add managed-by label to static kube-proxy pods @olemarkus #13039
- Kube components log to stdout @olemarkus #13038
- external CCM for GCE @jiahuif #13017
- Fix OpenStack SecurityGroupRule/LB When CIDR is IPv6 @iGene #13032
- update deps @zetaab #13048
- Migrate to GCE CCM in k8s 1.24 @johngmyers #13045
- Bump Cluster Autoscaler and update manifest @olemarkus #13050
- Remove the v1alpha3 API version @johngmyers #13054
- force update dependencies @zetaab #13056
- Add action for automatically tagging releases @johngmyers #12805
- Bump external-snapshotted to v5.0.0 @olemarkus #13067
- Support price and priority cluster-autoscaler expanders @danports #13081
- Update containerd to v1.6.0-beta.5 @hakman #13084
- Don’t try to add node name to instances without node object @olemarkus #13106
- Do not create an IAM role for dns-controller on gossip clusters @olemarkus #13110
- fix ipv4+ipv6 sec groups/listeners in OpenStack @zetaab #13093
- Create helper function for ec2 create/tag-on-create IAM permissions @olemarkus #13104
- Add DescribeRegions to nodeup privs @olemarkus #13114
- Update to aws-sdk-go to v1.42.37 @jinhong- #13132
- expose external ccm metrics for OpenStack @zetaab #13131
- OpenStack - Add loadbalancer pool monitor to API LB @zetaab #13096
- Bump CCM images @olemarkus #13143
- Don’t set unsupported configs by default @olemarkus #13111
- Update pause image to v3.6 @hakman #13125
- Bump etcd-manager to v3.0.20220128 @olemarkus #13158
- JWKS / IRSA: Expose public ACLs to terraform @justinsb #13166
- add node-drain-timeout flag to rolling-update @heybronson #13103
- Use etcd-manager pre-release until final release has been cut @olemarkus #13183
- Update Calico and Canal to v3.21.2 @hakman #12951
- Fix etcd-manager for ipv6 @olemarkus #13191
- Update containerd to v1.6.0-rc.2 @hakman #13198
- Remove tag condition on listeners @olemarkus #13123
- use 1.23.1 ccm for openstack @zetaab #13136
- Remove snapshot controller dependency on ebs csi driver @olemarkus #13213
- Fix CSI migration feature gates @olemarkus #13203
- Update containerd to v1.6.0-rc.3 @hakman #13224
- Always enable Leader Election for cloud-controller-manager @jiahuif #13187
- always enable Leader Election for openstack CCM @jiahuif #13220
- [Issue-12293] Fix json output to keep it consistent for single or multiple objects @srikiz #13188
- Fix irsa for k8s < 1.20 @olemarkus #13212
- Add support for graceful node shutdown @olemarkus #12994
- Install runc from opencontainers/runc @hakman #13240
- Do not enable graceful shutdown if k8s version < 1.21 @olemarkus #13242
- Install contained from the release package @hakman #13248
- Bump AWS CNI to 1.10.2 @MoShitrit,@hakman #13228
- Update containerd to v1.6.0 @hakman #13262
- Update LBC to 2.4.0 @olemarkus #13267
- Disable some flags in kube-apiserver when logging-format is not text @h3poteto #13264
- Enable RBN with AWS CCM 1.22.0-alpha.1 @johngmyers #13268
- Improve HA for various addons @olemarkus #13027
- Allow PrefixList for sshAccess and kubernetesApiAccess @hierynomus #13113
- Validate taints in IG spec @olemarkus #13266
- Add missing permissions to aws lbc for irsa @olemarkus #13280
- Do not create a cert-manager namespace @olemarkus #13284
- [DigitalOcean] Implement new VPC if network-cidr flag is specified @srikiz #13060
- Release 1.23.0-beta.2 @justinsb #13302
1.23.0-beta.2 to 1.23.0
- Update to etcd-manager v3.0.20220203 @justinsb #13196
- use own function to define CSI image version @zetaab #13311
- Add support for ed25519 keys in AWS @aclevername #13304
- Backport of #13176: Add support to install EKS Pod Identity Webhook @h3poteto,@olemarkus #13315
- Bump AWS SDK to v1.43.11 @olemarkus #13322
- Update containerd to v1.6.1 @hakman #13325
- Use proper image and add health check @olemarkus #13328
- Append policy config map arguments only if UsePolicyConfigmap is true @vivekjainx86 #13308
1.23.0 to 1.23.1
- Add missing permissions to aws lbc for IP targeting @olemarkus #13369
- Add protocol explicitly to services @olemarkus #13383
- If kubetest2 fails cluster validation, we run down before exiting @olemarkus #13373
- Allow duplicate taint keys @olemarkus #13366
- Fix long role names @olemarkus #13364
- update k8s dependencies @heybronson #13397
- Update golangci-lint to v1.45.0 @hakman #13403
- Correctly detect GovCloud regions @mixja #13410
- Do not return a ‘-1’ exit if no keys found and json/yaml output @hierynomus #13378
- Tag on create for remaining CCM privileges @olemarkus #12911
- Update containerd to v1.6.2 @hakman #13455
- Add back hash for containerd v1.6.1 @hakman #13462
- Enable etcd corruption check as mitigatio of 3.5 corruption issue @olemarkus #13454
- Pick the right OS server group when creating cloud groups @ederst #13461
- Only delete node object on GCE @olemarkus #13289
- Bump AWS CNI to version 1.10.3 @MoShitrit #13488
- Update Calico and Canal to v3.21.5 @hakman #13497
- Update to etcd-manager 3.0.20220417 @justinsb #13499
- Revert “Enable etcd corruption check” @hakman #13495
- etcd 3 5 3 @justinsb #13501
- Bump CCM 1.22 and 1.23 images to stable versions @olemarkus #13506
- Update aws-sdk-go to v1.43.41 @hakman #13515
- Revert to using 1.23.0-alpha.0 for AWS CCM @hakman #13514
- add cluster autoscaler pod annotations @heybronson #13511
1.23.1 to 1.23.2
- Use expected pointer type in type assertion when iterating over GS ACLs @tesspib #13534
- Allow cluster autoscaler to read EC2 instance types to build catalog dynamically @seh #13532
- Update Go to v1.17.9 @hakman #13551
- Add back support for Ubuntu 18.04 @hakman #13557
- Update Canal’s Flannel to v0.15.1 @tesspib #13562
- Include sysctls in toolbox dump @rifelpet #13570
- Add support for Rocky Linux 8 @hakman #13559
- Fix OIDC Provider cleanup @rifelpet #13571
- Update containerd to v1.6.3 @hakman #13578
- Re-add net.bridge settings for flannel @rifelpet #13564
- Revert containerd v1.6.3 upgrade @rifelpet #13582
- Fix unexpected type for object metadata when using gossip DNS @hakman #13592
- Update containerd to v1.6.4 @hakman #13596
- Update etcd-manager to v3.0.20220503 @hakman #13598
- Add hashes for containerd and Docker in order to fix CVE-2022-23648 @drequena #13606
- Avoid “/etc/resolv.conf” file loopback for Flatcar Container Linux distribution @seh #13617
1.23.2 to 1.23.3
- Increase timeout for pushing binaries to staging @hakman #13633
- Update runc to v1.1.2 @hakman #13638
- Add a nameservers parameter for cert-manager. @jim-barber-he #13567
- Remove unused DNS logic from Protokube @hakman #13689
- Fix Protokube gossip flag @hakman #13692
- Add support for setting mode field on file assets @yurrriq #13715
- Update containerd and Docker versions @hakman #13741
- Fix API group name for ingresses in DNS Controller @julienperignon #13750
- Update runc to v1.1.3 @hakman #13763
- Update AWS CCM images for k8s 1.20-1.22 @hakman #13748
- Avoid spurious changes with ed25519 keys @hakman #13774
- Update etcd-manager to v3.0.20220617 @hakman #13824
- Mount /etc/hosts from host for CoreDNS @hakman #13922
- Update etcd-manager to v3.0.20220717 @hakman #13990
- Update Go to v1.17.12 for kOps 1.23 @hakman #13997
- Switch to latest MacOS version for CI @hakman #14015
- Revert to using instance private DNS name to lookup hostname @hakman #14024
- Check keyset existence before attempting to distrust @yurrriq #14041
- Fix SIGSEGV when deleting a Hetzner instance @hakman #14046