github kubernetes-retired/kube-aws v0.9.9
v0.9.9: Kubernetes 1.8, RBAC enabled by default, API endpoint backed by NLB, Encrypted S3 buckets, ClusterAutoscaler fix, Metrics Server
on GitHub

latest releases: v0.16.4, v0.16.3, v0.14.7...
6 years ago

Changelog since v0.9.8

Please see our roadmap for details on upcoming releases.

The next RC release will address: https://github.com/kubernetes-incubator/kube-aws/milestone/53

Component versions

Kubernetes: v1.8.4
Etcd: v3.2.9
Calico: v2.6.1
Helm/Tiller: v2.7.2

Actions required

The default IamFleetRole has been changed on AWS side

  • If you have one or more Spot-fleet backed node pools, ensure that you have the aws-ec2-spot-fleet-tagging-role role in your AWS account. Please locate it in the IAM role page in the AWS console.
    • In case your AWS account doesn't have one yet, please go ahead to the EC2 console and try to launch a spot fleet from there. You don't need to actually launch one but just trying to launch one will result in AWS to create the new default role for you. See #1022 (comment) for more detailed context.

Features

  • #885: Dedicated worker CA and Etcd trusted CA bundle(Thanks to @redbaron)
  • #889: Enable RBAC by default
  • #945: Add initial support for NLB API endpoints(Thanks to @danielfm)
  • #951: Fixes #946 Support drop-ins in customSystemdUnits(Thanks to @jeremyd)
  • #963: Support deployment to AWS GovCloud(Thanks to @amdonov)
  • #966: Convert kube-proxy to a DaemonSet(Thanks to @danielfm)
  • #971: Kubernetes Dashboard 1.7 with RBAC and authentication.(Thanks to @camilb)
  • #1009: Adding AlwaysPullImages admission controller option(Thanks to @kylegato)
  • #973: Metrics Server addon.(Thanks to @camilb)
  • #1023: Add support for S3 buckets with the default encryption enabled
  • #1027: Support EC2 instance tags per node role
  • #1035: Use templated image for metrics-server.(Thanks to @camilb)

Improvements

  • #882: Do not encrypt certificate files, dont' load fingerprints if no raw file available(Thanks to @redbaron)
  • #904: Fix too permissive IAM policy for CA associated to controller nodes
  • #905: Fix the scheduling and permissions issue of CA
  • #916: Bump default k8s to 1.7.5(Thanks to @c-knowles)
  • #924: Remove experimental.plugins.rbac from cluster.yaml
  • #927: Drop the deprecated key workerCount in cluster.yaml
  • #934: Remove mapPublicIPs and routeTableId in the top-level of cluster.yaml
  • #936: Remove createRecordSet to help newcomers bring up their first clusters
  • #944: Bump default k8s to 1.7.6(Thanks to @Vrtak-CZ)
  • #959: Update kubedns(Thanks to @danielfm)
  • #962: Update various components version.(Thanks to @camilb)
  • #981: Bump the default Kubernetes version to v1.7.8-coreos.1
  • #995: Only take snapshot if current member is a leader(Thanks to @martinssipenko)
  • #1002: Experimental addons can all be uncommented(Thanks to @c-knowles)
  • #1004: Add kube-proxy health check(Thanks to @dvdthms)
  • #1005: Bump cluster-autoscaler version to v1.0.2
  • #1008: Add some additional cleanup to rkt containers(Thanks to @dvdthms)
  • #1017: fixes #990 disable sshd password authentication(Thanks to @jeremyd)
  • #1020: Update RBAC API version to v1 from v1beta1(Thanks to @dragon3)
  • #1021: Make kube-node-label more reliable
  • #1030: Bump various components version.(Thanks to @camilb)
  • #1040: Improve the configuration for Kubernetes Dashboard.(Thanks to @camilb)

Bug fixes

  • #938: Handle worker-ca correctly when TLSBootstarpping is enabled(Thanks to @redbaron)
  • #877: Fix the existing TLS CA support
  • #888: Fix a potential YAML parsing error in cluster.yaml
  • #894: Fix test timeouts in CI
  • #895: Fix the hard-coded duration until an etcd cert generated by kube-aws expires
  • #902: Add spot fleet support for the awsNodeLabels feature
  • #904: Fix too permissive IAM policy for CA associated to controller nodes
  • #905: Fix the scheduling and permissions issue of CA
  • #926: Emit errors when unknown keys are specified under worker.nodePools[]
  • #943: Fixes #942 etcdadm cannot find ca.pem(Thanks to @jeremyd)
  • #951: Fixes #946 Support drop-ins in customSystemdUnits(Thanks to @jeremyd)
  • #964: Add in missing ASG IAM permission for experimental.nodeDrainer.(Thanks to @tyrannasaurusbanks)
  • #969: Remove bashisms from kube autosaver, makes it work with posix SH(Thanks to @redbaron)
  • #975: Rollback to 1.7.7 hyperkube image, as 1.7.8 is actually 1.9.0 alpha(Thanks to @redbaron)
  • #997: Load member .env file that is generated by etcdadm.(Thanks to @martinssipenko)
  • #1014: Fix the render command to not wipe ca.pem
  • #1015: Fix kubelet-to-apiserver connection checks on controller nodes not to fail in certain cases
  • #1017: fixes #990 disable sshd password authentication(Thanks to @jeremyd)
  • #1016: Save custom resource definitions in kube autosaver. Fix health check for kube-resources-autosave-dumper. Fix kubernetes dashboard port.(Thanks to @camilb)
  • #1024: Fix the default FleetIamRole
  • #1033: Add rkt container cleanup to journald-cloudwatch-logs service(Thanks to @dvdthms)
  • #1036: Fix the creation of all metrics-server resources.(Thanks to @camilb)
  • #1043: Various fixes to 0.9.9 rc.3
  • #1067: Correct values for the kubernetes.io/cluster/<Cluster ID> tags
  • #1068: Allow toggling Metrics Server installation

Documentation

Other changes

  • #887: relnote: Add support for release notes of final versions
  • #940: README: fix hyperlink(Thanks to @glarrain)
  • #1012: hack: Add a shortcut to run relnote from make
Check out latest releases or
releases around kubernetes-retired/kube-aws v0.9.9

Don't miss a new kube-aws release

NewReleases is sending notifications on new releases.

Get notifications