Features
- Kubernetes 1.5.3 (#324, thanks to @gianrubio)
- Calico 2.0.2 (#282, thanks to @heschlie)
- Bypass 16KB userdata limit (#268, thanks to @redbaron)
- Easier to configure, easier to version-control, more tightly integrated node pools
(#315, thanks to @redbaron @sasso @c-knowles for reviewing) - Flexible and customizable network topology (#284) based on all the awesome works:
- #227 "Use existing subnets when creating/updating cluster" (which is followed by #278) for @sasso
- #169 "Create etcd and workers in private subnets, controllers in public subnet" for @neoandroid
kube-aws calculatorfor estimating cfn stack costs (#314, thanks to @gianrubio)- Add support for ALBs Target Groups (#353, thanks to @gbtechhub)
- Add DOCKER_OPTS environment variable to limit docker log files (#323, thanks to @jollinshead)
- Encryption support for etcd data volume (#307, thanks to @checkr)
- Add experimental support for pod security policies (#339, @soellman)
- Experimental webhook token authentication support (#321, thanks to @olesku)
- Experimental kube2iam support (#297, thanks to @Fsero)
- Experimental ClusterAutoscalerSupport option to setup IAM ASG permissions (#294, thanks to @pwillie)
- The worker nodes require extra privileges for the cluster-autoscaler
to run successfully within the cluster. Can be optionally
enabled via boolean in cluster.yaml.
- The worker nodes require extra privileges for the cluster-autoscaler
Improvements
- Minimal RBAC policies (#316, thanks to @gianrubio)
- credentials: Add /O=systems:master for kube-admin (#345, thanks to @ankon)
- Explicitly create EBS volumes for Etcd nodes (#317, thanks to @redbaron)
- Having EBS volumes which survive node termination makes them more manageable
- Wait for signals by default (#304, thanks to @gianrubio)
- Enable feature waitSignal as default
- Setup initial value for RollingUpdateMinInstancesInService as 1
- Reuquire s3-flag on validate command
- Remove checks for dedicated spot instances (#280, thanks to @iameli)
- More robust etcd search and replace step (#292, thanks to @redbaron)
- Do not require keyName if sshAuthorizedKeys are set (#242, thanks to @redbaron)
- Remove obsolete Calico files (#274, thanks to @redbaron)
Fixes
- Fix missing Name and ControllerHost in
statusandupcommands (#356, thanks to @Thermi, @ankon for reporting) - Fix the inconsistent S3 object prefix issue (#357, thanks to @c-knowles for reporting)
- Fix customSettings unavailability for node pools (#358, thanks to @ankon for reporting)
- Fix various typos (#329, thanks to @ankon)
- Fix a typo in a image reference (#328, thanks to @ankon)
- Remove a reference to waitsignal being experimental (#327, thanks to @ankon)
- Update readme (#337, thanks to @philips)
- Fix typo in comment (#350, thanks to @ankon)
- Fix typo in provisioner.go (#354, thanks to @msanterre)
- Fix error message when failed to init cluster (#313, thanks to @cheungpat)
- kubelet SecurityGroupIngress (#310, thanks to @soellman)
- Add a SecurityGroupIngress for controllers to access the kubelet
port (10250) on other controllers. This is needed for when there
are multiple masters.
- Add a SecurityGroupIngress for controllers to access the kubelet
- Fix the bug which was causing a private subnet to have no route to an existing nat gateway (#301)
- Fix lint (#250, thanks to @jmcarp and @icereval)
- Fix connection drop after 60 sec when executing commands inside containers (#275, thanks to @camilb)
Full change log
v0.9.3...v0.9.4