Notable changes since v0.9.5

Full changelog can be seen at v0.9.5...v0.9.6

Actions required

• Due to the changes in how API endpoint load balancers and etcd clusters are provisioned, you may need to recreate your kube-aws clusters from scratch as always. Please see #455 for more information
• The support for Kubernetes 1.5.x is dropped. To whom still like to stick with 1.5.x, we have an open issue dedicated for bringing the support. You can also keep using kube-aws v0.9.5

Breaking changes

• #565 EFS PersistentVolume introduces Recycle policy which is a breaking change. Be aware that if all the persistent volume claims are removed, the EFS will recycle and remove all data

Known issues

• etcdDataVolumeEphemeral is broken. Please don't turn it until it is fixed and keep using EBS based data volumes instead. #446

Features

• Etcd3 & Automatic Disaster Recovery
  • #417: Automatic recovery from permanent failures of etcd3 nodes
  • #511: etcd unit should unconditionally depend on cfn-etcd-environment (Thanks to @redbaron)
  • #517: Fix a race between systemd services: cfn-etc-environment and etcdadm-reconfigure
  • #531: Fix the dead-lock while bootstrapping etcd cluster (Thanks to @redbaron for reporting)
• Kubernetes 1.6.2
  • #492: Bump to Kubernetes v1.6.1
  • #504: Fix RBAC in Kubernetes 1.6. Fix etcdadm when terminated instances still exist (Thanks to @camilb)
  • #508: Bump rescheduler to 0.3.0 which uses k8s 1.6 (Thanks to @c-knowles)
  • #558: Fix to calico configuration file etcd endpoints (Thanks to @kevtaylor)
  • #564: bump kube-1.6.2 (Thanks to @redbaron)
  • #575: Quote security group refs for etcd, controller, and apiendpoints (Thanks to @soellman)
  • #576: Set --storage-backend to etcd2 if not using etcd3 (Thanks to @cheungpat)
  • #581: Update kubelet flags (Thanks to @c-knowles for reporting)
  • #582: Update kube-dns to 1.14.1 (Thanks to @c-knowles for reporting)
  • #590: Fix etcd snapshots locations in S3 (Thanks to @cmcconnell1 for providing the important info to
  • #594: Fix syntax error (Thanks to @danielfm)
  • #606: Fix certs path when TLS bootstrapping is enabled (Thanks to @danielfm)
    locate the issue)
• #449, #489: Kubelet TLS bootstrapping (Thanks to @danielfm)
• #441, #486: Introduce the rescheduler (Thanks to @c-knowles)
• #468: Support for multiple k8s API endpoints
  • #514: Fix API endpoint from HA controllers (Thanks to @c-knowles)
  • #521: Fix incorrect validations on apiEndpoints
  • #526: Fix up API endpoints config (Thanks to @c-knowles)
  • #529: Follow-up for the multi API endpoints support
• Kubernetes Resources Autosaving & Restore
  • #507: 'Cluster-dump' feature to export Kubernetes Resources to S3 (Thanks to @jollinshead)
  • #535: 'Restore' feature to restore Kubernetes Resources from S3 backup (Thanks to @jollinshead)
  • #538: Bugfix: Add missing '/' when constructing the Autosave S3 put path (Thanks to @jollinshead)
  • #570: Kubernetes-Autosave save as Kubernetes/List. (Thanks to @jollinshead and @c-knowles)
  • #609: Additional notes for autosave regarding s3 error (Thanks to @jollinshead)
• #568: Dex integration (Thanks to @camilb)
• #589: Bump to calico 2.1.4 (Thanks to @redbaron)
• #577: Add controller node labels if specified (Thanks to @cheungpat)
• #551: Allow customizing network ranges from which SSH accesses to nodes are allowed
• #552: Allow customizing network ranges from which Kubernetes API accesses are allowed
• #471: Shared Persistent Volume (Thanks to @kevtaylor)
  • #565: Add reclaim policy (Thanks to @kevtaylor)
• #510: New options: customFiles and customSystemdUnits (Thanks to @jeremyd)
• New settings: nodeMonitorGracePeriod, disableSecurityGroupIngress for controller-manager, nodeStatusUpdateFrequency for worker kubelet (#473, thanks to @jeremyd)

Fixes

• #476: Setup net.netfilter.nf_conntrack_max and fix error "nf_conntrack: table full, dropping packet" (Thanks to @gianrubio)
• #503: Perform docker post-start check (Thanks to @redbaron)
• #555: Don't mount /var/lib/rkt into kubelet (Thanks to @redbaron)
• #561: Fix unwanted AWS resource creation/Add extra validation on internetGatewayID + vpcID
• #563: Make cfn-signal more robust against image fetch failures (Thanks to @redbaron)
• #579: Fix no space left on device when audit loggin enabled for apiserver (Thanks to @ankon and @whereisaaron for reporting)
• elasticFileSystemId
  • F#530: Fix elasticFileSystemId to be propagated to node pools (Thanks to @drywheat for reporting)
  • #610: Fix elasticFileSystemId only on node pools (Thanks to @Vrtak-CZ for reporting)
• #613: Fix typo in command listing (Thanks to @simonwydooghe)

Improvements

• #472: Update kube-system using kubectl (Thanks to @jollinshead)
• #481: Deprecate verbose legacy keys in favor of corresponding nested keys
• #515: Make AMI fetching even more reliable
• #519: Wait until kube-system becomes ready
• #516: Retry userdata download (Thanks to @redbaron)
• #518: Make the validation error message when KMS failed more friendly
• #528: Minor fixup for etcd unit files (Thanks to @redbaron)
• #554: Deprecate externalDNSName/createRecordSet/hostedZoneId
• #556: Export worker stack names and worker IAM role ARNs (Thanks to @jpb)
• #603: controller.loadBalancer is deprecated use apiEndpoints[].loadBalancer (Thanks to @Vrtak-CZ)
• #604: Change API endpoint ELB health check to SSL:443 (Thanks to @cheungpat)

Documentation updates

• #533: Add documentation for administrating etcd cluster
• #557: Fix hyperlink to restore script in Readme.md (Thanks to @jollinshead and @c-knowles)