Release notes for kOps 1.28 series

Significant changes

AWS

  • Node Termination Handler is now enabled by default.

GCP

  • metadata-proxy is no longer deployed on GCP clusters for Kubernetes 1.29+.

Breaking changes

AWS

  • The kops get assets --copy command no longer sets object-level public-read ACLs in the destination fileRepository.

OpenStack

  • If storing the state in an S3 bucket, it is now required to either deactivate gossip support (--dns=none) or - for example - provide the credentials via cloud-init. Due to changes in PR#15646 the S3_* variables will not get passed on to the boot script of the nodes anymore. As a result the kops-configuration.service will throw an EnvAccessKeyNotFound: failed to find credentials in the environment. error and they will not join the cluster. Deactivating the gossip support will make the nodes contact the API servers for the bootstrap information.

Other breaking changes

  • Support for Kubernetes version 1.22 has been removed.

  • Support for Ubuntu 18.04 is has been removed.

  • Support for Canal and Flannel have been removed for Kubernetes 1.28 and later.

  • RHEL-based distros will no longer have wget, curl, python2, and git packages installed. Install them with hooks if needed.

  • The default IPv4 service cluster range is now 100.64.0.0/13. As this was previously calculated from nonMasqueradeCIDR if serviceClusterIPRange was not explicitly set, it may be necessary to set it to this value (the first 1/8 of the nonMasqueradeCIDR).

Known Issues

Deprecations

  • Support for Kubernetes version 1.23 is deprecated and will be removed in kOps 1.29.

  • Support for Kubernetes version 1.24 is deprecated and will be removed in kOps 1.30.

  • Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.

  • All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.