Migrating from previous releases
// Special thanks to @davidmccormick who has contributed this migration note!
It is possible to safely migrate an existing kube-aws kubernetes cluster to the v0.11.0 release with the following limitations and warnings: -
- You can only migrate an existing cluster successfully from a v0.10.1 release cluster with Kubernetes.Networking.SelfHosting enabled.
- Upgrade all the stacks at once - do not attempt to do a partial upgrade.
- There will be a kubernetes apiserver outage during the upgrade after the new Networking stack has been created and before the first new Controller has become available (approximately 15-20 minutes). In-cluster applications that do not depend on the kubernetes api will be unaffected but apps and services that make calls to the kubernetes apis must be able to tollerate an outage and recover again.
- This release moves 'etcd' servers into their own separate cloudformation stack, which results in new 'etcd' servers being created in parrallel to the existing/legacy 'etcd' servers.
- During the upgrade, the existing kubernetes state is exported from the existing/legacy 'etcd' servers by the leader of the new etcd cluster, and imported into the new cluster.
- The existing 'etcd' servers are deleted as part of the clean up after the controlplane update succeeds.
- Once you have successfully upgraded to the v0.11.0 release with separate Etcd stack the next update will roll the 'etcd' servers removing the migration tools/units.
Features
- #900: feat: Encrypting Secret Data at Rest(Thanks to @jpb)
- #1233: feat: Fine-grained stack update
- #1260: Add some limited certificate credential validation(Thanks to @davidmccormick)
- #1266: Allow configure Controller Manager compute resources(Thanks to @jorge07)
- #1271: Added
show certificatescommand(Thanks to @pete911) - #1286: Use API server lease reconciler for k8s 1.9+(Thanks to @c-knowles)
- #1289: Normalize audit log attribute names in cluster.yaml + add support for missing attributes(Thanks to @danielfm)
- #1292: Enable TLS for communication between control plane components and the local apiserver(Thanks to @danielfm)
- #1293: Add in ExpandPersistentVolumes as part of feature-gates on controller(Thanks to @kiich)
- #1296: Add support for AWS profile containing source_profile, role_arn, mfa_serial
- #1299: tlsutil cleanup plus added tests(Thanks to @pete911)
- #1305: append comma when necessary to the EtcdNodes range(Thanks to @kiich)
- #1306: Use EtcdStackName for eni provider(Thanks to @kiich)
- #1308: Handle cluster CIDR changes(Thanks to @davidmccormick)
- #1309: Enable Network-Self-Hosting by default(Thanks to @davidmccormick)
- #1310: Move templates into their related packages(Thanks to @davidmccormick)
- #1314: Feature/volume mounts for controllers and etcds(Thanks to @kiich)
- #1318: Default controller manager limits(Thanks to @jorge07)
- #1319: Added the ability to disable the dashboard(Thanks to @jasonrichardsmith)
- #1320: 1316/kiam kube2iam with kube net selfhosting(Thanks to @davidmccormick)
- #1322: Raid0 support(Thanks to @siddharthab)
- #1323: Make sure that canal and flannel land on all tainted nodes(Thanks to @davidmccormick)
- #1326: added label to kube-system namespace(Thanks to @jasonrichardsmith)
- #1329: Allow tweaking of Kubernetes dashboard resources(Thanks to @kiich)
- #1330: Consistent logging with options to silence, verbosify and color messages(Thanks to @pete911)
- #1333: Tweak CloudFormation stack descriptions(Thanks to @c-knowles)
- #1341: Disable configure of cloud route when allocate-node-cidrs is enabled(Thanks to @c-knowles)
- #1343: Tag etcd volumes with names(Thanks to @c-knowles)
- #1345: Add support for CoreDNS as DNS provider(Thanks to @etiennetremel)
- #1346: Automatically enable EBS optimization(Thanks to @kiich)
- #1354: Consolidate kiam configuration(Thanks to @kevtaylor)
- #1356: Promote compute reservation options [Small] (Thanks to @tyrannasaurusbanks)
- #1357: Bring etcd's up in parallel on new cluster / Fail-fast to update 0.10.x clusters with newer kube-aws(Thanks to @davidmccormick)
- #1358: Display cluster details when logging into CoreOS(Thanks to @davidmccormick)
- #1361: Implement 'apply' command and deprecate 'up' and 'update'(Thanks to @davidmccormick)
- #1380: 0.11.x migration from existing clusters without losing state(Thanks to @davidmccormick)
- #1384: Add apiserver aggregator with certs when metrics server is enabled(Thanks to @davidmccormick)
- #1385: Better identification of nodes(Thanks to @davidmccormick)
- #1387: Remove dependency on alpine:latest docker image(Thanks to @davidmccormick)
- #1389: Added in KIAM session timeout modifier(Thanks to @Matei207)
- #1390: 0.11.x Extend CustomFiles to be able to render go templates(Thanks to @davidmccormick)
- #1397: Self hosted calico v3.1.3(Thanks to @c-knowles)
- #1399: 0.11.x Add kubernetes manifests from customfiles(Thanks to @davidmccormick)
- #1408: Tweaks to network config(Thanks to @c-knowles)
- #1409: Add kube-aws:version to stacktags(Thanks to @davidmccormick)
- #1422: Add ability to configure flags for cluster-autoscaler-de.yaml [Small](Thanks to @tyrannasaurusbanks)
- #1427: feat(etcd): Configurable quota-backend-bytes and --auto-compaction-retention(Thanks to @wwyiwzhang)
- #1441: Add resources for kiam-server & kiam-agent daemonsets(Thanks to @tyrannasaurusbanks)
- #1447: Explicitly set default dnsmasq min-port [Tiny](Thanks to @tyrannasaurusbanks)
Improvements
- #1274: Allow cfn-signal.service to cleanly start under certain circumstances(Thanks to @davidmccormick)
- #1276: Disable alpha batch APIs by default(Thanks to @c-knowles)
- #1277: kiam support improvements(Thanks to @c-knowles)
- #1283: Add validation for region inside KMS ARN(Thanks to @c-knowles)
- #1285: Improvement/named iam roles cleanup(Thanks to @c-knowles)
- #1338: Update dashboard RBAC to match 1.8.3 requirements(Thanks to @c-knowles)
- #1352: cobra cmd errors use logger error instead of default std err(Thanks to @pete911)
- #1363: Bump go to 1.10.x for travis builds
- #1367: Remove node dependency on ETCD Stack when Networking.SelfHosting is Enabled.(Thanks to @davidmccormick)
- #1374: Correct semantic version checks(Thanks to @kevtaylor)
- #1376: Bump kubernetes version to 1.10.4(Thanks to @kevtaylor)
- #1377: Remove kube-system namespace out of kiam if statement(Thanks to @jasonrichardsmith)
- #1394: Bump Kubernetes to v1.10.5
- #1404: Differentiate the node drainer containers(Thanks to @c-knowles)
- #1410: Update reserved storage flag name(Thanks to @c-knowles)
- #1413: Improve customFile templating(Thanks to @davidmccormick)
- #1421: cluster.yaml: removed whitespace in waitSignal configuration(Thanks to @Phylu)
- #1437: Add updateStrategy RollingUpdate for kiam agent(Thanks to @cw-sakamoto)
Bug fixes
- #1290: Fix failing etcd volume attach when upgrading etcd instances(Thanks to @Confushion)
- #1334: Fix flannel traffic among controllers(Thanks to @cheungpat)
- #1335: Fix install-kube-system(Thanks to @c-knowles)
- #1360: Fix duplicate controller role permissions for CloudWatch logging(Thanks to @A-Hilaly)
- #1365: Fix for rpc-statd.service needed to mount NFS file shares(Thanks to @paalkr)
- #1388: Fix colour causing extra newlines(Thanks to @davidmccormick)
- #1418: Fix dep ensure empty package issue(Thanks to @davidmccormick)
- #1426: Fix kube-proxy startup race condition when metric server is enabled.(Thanks to @omar-nahhas)
- #1446: Fix mfdir setting to prevent controller install failure w/ KIAM disabled(Thanks to @kylegato)
- #1448: fix: Attach kube-aws controller policy to pre-existing IAM role(Thanks to @Matei207)
Documentation
- #1339: Instructions for updating the AMI(Thanks to @c-knowles)
- #1383: getting started: fix typo in bucket creation(Thanks to @kylegalbraith)
- #1284: Cluster autoscaler docs/tests(Thanks to @c-knowles)
Refactorings
Other changes
- #1368: Add branch to build version when not a tagged release(Thanks to @davidmccormick)
- #1420: Remove invalid aws tag symbols from branch names(Thanks to @davidmccormick)