Release notes for kOps 1.26 series
Significant changes
The default networking provider for new clusters is now Cilium.
Control-plane instance groups in new clusters are now created with names starting with “control-plane-“. The names of groups for existing clusters are unchanged.
The channels CLI that kOps use to manage addons is now bundled with the kOps binary. These commands are useful for addon diagnostics and troubleshooting. For example, to list installed addons, run
kops toolbox addons get addons
.Since kOps 1.24, by default during rolling updates, kOps will time out after spending 15 minutes on an InstanceGroup (instead of hanging indefinitely on eviction errors), proceeding to the next InstanceGroup after timing out. As of kOps 1.26, rolling updates will not proceed if a cluster validation error is encountered while updating an InstanceGroup.
AWS
Clusters can be created without DNS or Gossip, by using the
--dns=none
flag.Bastions are now fronted by a Network Load Balancer.
Instance group images can now be dynamically fetched through an AWS SSM Parameter.
The AWS Load Balancer, when enabled, will run on worker nodes if IRSA is enabled as of Kubernetes version 1.24.
As of Kubernetes version 1.26 and with IRSA enabled, control plane nodes will now run with a max hop limit of 1 for the metadata service. This will prevent Pods without host networking from accessing the instance metadata service.
IPv6 is now beta. New IPv6 clusters now default to using private topology.
CapacityRebalance can be enabled/disabled on ASGs through a new
capacityRebalance
field in InstanceGroup specs.New clusters can more easily be configured to use Cilium in ENI mode by setting
--networking=cilium-eni
.Node Termination Handler now defaults to Queue-Processor mode. It also now enables Scheduled Event Draining by default.
Node Termination Handler, when in Queue-Processor mode, no longer drains on rebalance recommendations unless configured to do so.
When an S3 bucket for Service Account Issuer Discovery (IRSA) is public, kOps no longer sets object-level ACLs on the files placed therein.
GCP
Clusters can be created without DNS or Gossip, by using the
--dns=none
flag (experimental).The default instance type is now
e2-medium
for control-plane and worker nodes, ande2-micro
for bastions.
Hetzner
- Clusters can be created without DNS or Gossip, by using the
--dns=none
flag.
OpenStack
- When creating new clusters kOps now sets the cluster name flag for the external OpenStack cloud controller (OCCM) and the Cinder CSI plugin.
Other changes of note
containerd config is now written to
/etc/containerd/config.toml
.Cilium can be configured to add unreachable route for pod IP on deletion.
Breaking changes
Other breaking changes
Support for Kubernetes version 1.20 has been removed.
Support for CloudFormation has been removed.
The experimental support for using Vault as a state store has been removed.
Support for automated reboots with Flatcar has been removed. Use FLUO instead, to gracefully reboot nodes.
The “external” networking option is not supported for Kubernetes 1.26 or later. For “bring your own” CNIs, use the “cni” networking option instead.
If the cluster autoscaler is configured to use the priority expander, kOps will automatically create its ConfigMap. If you still want to manage the ConfigMap manually, set
spec.clusterAutoscaler.createPriorityExpanderConfig: false
. See the documentation for more details.
Deprecations
The “kops get [CLUSTER]“ command is deprecated. It is replaced by “kops get all [CLUSTER]“.
Support for Kubernetes version 1.21 is deprecated and will be removed in kOps 1.27.
Support for Kubernetes version 1.22 is deprecated and will be removed in kOps 1.28.
Support for Ubuntu 18.04 is deprecated and will be removed in kOps 1.28.
Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.
All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.
Help Wanted
- kOps needs maintainers for Canal, Flannel, and Kube-Router to keep versions up to date and move the integration from experimental to stable. If no volunteers step up by the time kOps 1.27 is released, support will be phased out.