Changelog since v0.9.7

Please see our roadmap for details on upcoming releases.

Component versions

Kubernetes: v1.7.4
Etcd: v3.2.5
Calico: v2.4.1
Helm/Tiller: v2.6.0

Actions required

• #820: Simplify configuration for OIDC Authenticator.

  • The key dex and its children in cluster.yaml has been basically renamed to oidc and the correspondents in apiserver flags. See #820 for more information

• #832: Update Calico to v2.4.1

  • To maintain existing behavior when upgrading your existing cluster, follow these steps:
    • In Namespaces that previously did not have the “DefaultDeny” annotation, you should delete any existing NetworkPolicy objects.
    • In Namespaces that previously did have the “DefaultDeny” annotation, you can create the equivalent semantics by creating a NetworkPolicy that selects all pods but does not allow any traffic.
    • See kubernetes/kubernetes#39164 (comment) for more details

Features

• #731: Add cluster kube-aws version to outputs(Thanks to @Vrtak-CZ)
• #742: Install Tiller by default
• #752: Deny direct command execution on privileged containers(Thanks to @ytsarev)
• #760: Support cross-stack references of VPC, IGW
• #761: More flexible IAM configuration for etcd nodes
• #778: Better encryption error message(Thanks to @redbaron)
• #789: Ability to propagate custom options to kubelet(Thanks to @ytsarev)
• #791: Plugin System
• #792: Make PODs to resolve DNS names via locally running dnsmasq(Thanks to @dvdthms)
• #809: Automatically configure kube2iam.(Thanks to @camilb)
• #820: Simplify configuration for OIDC Authenticator.(Thanks to @camilb)
• #834: Move documentation to new site(Thanks to @c-knowles)
  • Our documentation site is now at https://kubernetes-incubator.github.io/kube-aws/
• #851: Add support for Node Authorizer + Node Restriction admission controller(Thanks to @danielfm)

Improvements

• #740: Update the default etcd version to 3.2.1
• #743: Update CA to 0.6.0
• #746: Update Kubernetes to v1.7.0
• #755: Rename experimental.nodeLabels to controller.nodeLabels
• #756: Explicitly disallow tainting controller nodes
• #757: Remove deprecated keys in cluster.yaml
• #774: Update Kubernetes to v1.7.1
• #780: Stop using unnecessary autoscaling notification target/role
• #787: Rescheduler logs now piped to docker(Thanks to @c-knowles)
• #788: Additional permissions for heapster nanny(Thanks to @c-knowles)
• #794: Refactor node drainer implementation(Thanks to @danielfm)
• #817: Bump default k8s to 1.7.2(Thanks to @c-knowles)
• #818: Put kube2iam update strategy in the correct place(Thanks to @c-knowles)
• #821: Add Spot Fleet support for the automatic ALB target group attachment
• #828: Bump tiller to 2.5.1(Thanks to @c-knowles)
• #830: Bump default k8s to 1.7.3(Thanks to @c-knowles)
• #832: Update Calico to v2.4.1(Thanks to @tmjd)
• #835: cfn-signal depends on install-kube-system(Thanks to @dvdthms)
• #844: update default version of kubernetes dashboard to 1.6.3(Thanks to @Vrtak-CZ)
• #845: update default version of ETCd to 3.2.5(Thanks to @Vrtak-CZ)
• #852: Update tiller to v2.6.0(Thanks to @danielfm)
• #853: Update kubernetes to v1.7.4(Thanks to @danielfm)
• #867: Do not overwrite the tokens.csv file when re-rendering credentials(Thanks to @danielfm)
• #879: Configure tolerations for kube2iam DaemonSet. Update ETCD version to 3.2.6.(Thanks to @camilb)
• #884: Do not allow enabling Node authorizer without RBAC(Thanks to @danielfm)
• #886: core: add kube2iam image repo and tag(Thanks to @jpb)

Bug fixes

• #713: Fix kube-resources-autosave when kube2iam is enabled(Thanks to @camilb)
• #749: Fix kubelet bootstrap for Kubernetes 1.7(Thanks to @danielfm)
• #763: Fix node labeling to allow scheduling cluster-autoscaler to workers
• #773: Fix --ami-id
• #797: Issue #796 - cluster.yaml missing dnsMasqMetricsImage.repo key(Thanks to @wallentx)
• #814: Fix for typo introduced in #792(Thanks to @redbaron)
• #824: Fix managed role name validation(Thanks to @adyromantika)
• #827: Fixed typo in the error message(Thanks to @sathiyas)
• #840: Fix Typo to improve GoReport Card(Thanks to @asifdxtreme)
• #849: Fix failing worker and controller nodes when Calico is enabled
• #870: Fix the spot fleet support not to use incorrect bid prices by default
• #871: Fix node pool release channel

Documentation

• #733: Bugfix: CloudWatchLogging always disabled for Worker nodes(Thanks to @jollinshead)
• #748: Provide real-time feedback from Journald logs when updating/creating …(Thanks to @jollinshead)
• #781: Fix (Journald logging) localStreaming typo.(Thanks to @jollinshead)
• #801: CloudFormation events stream to stdout during kube-aws up/update(Thanks to @jollinshead)
• #826: Updating instructions for MFA token(Thanks to @sathiyas)
• #829: Add AWS_PROFILE to FAQ(Thanks to @Vrtak-CZ)
• #850: Feature/add new docs(Thanks to @c-knowles)
• #860: doc: Fix the link from the getting-started/addons page to the next
• #861: "Edit This Page" links on the doc is linking to wrong places
• #863: Tidy contributor/developer guide(Thanks to @c-knowles)
• #864: "Edit This Page" links on the doc are now linked to corresponding edit pages on GitHub
• #865: Fix an invalid link in the doc

Refactorings

• #777: Use consistent names for validation functions(Thanks to @danielfm)
• #856: Move book.json to project root(Thanks to @c-knowles)

Other changes

• #739: Update OWNERS
• #741: Update golang to v1.8.3
• #751: Initial plugins proposal(Thanks to @c-knowles)
• #770: Containerized test run(Thanks to @ytsarev)
• #807: Update ROADMAP
• #836: Remove redundant step(Thanks to @asifdxtreme)
• #838: Fix Typo in Events Code of Conduct(Thanks to @mbssaiakhil)
• #858: Script the publishing process of the kube-aws documentation
• #859: Automate publishing of the dedicated kube-aws documentation site
• #862: Script release notes gathering
• #869: e2e: Add support for NodeAuthorizer
• #872: relnote: Also consider changes under docs/ to be documentation updates
• #873: Improve the release note gathering script
• #876: e2e: Add support for toggling RBAC