Release notes for Cluster API Provider AWS (CAPA) v0.6.5

Documentation

Changelog since v0.6.4

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• The behaviour when selecting which subnets to use with machine pools (AWSMachinePool & AWSManagedMachinePool) when subnet ids haven't been included has changed. There is now a defined order of precedence that will determine which subnets to use:
  1. Subnets defined explicitly in the spec of AWSMachinePool/AWSManagedMachinePool
  2. If AvailabilityZones is specified on AWSMachinePool/AWSManagedMachinePool then the subnets associated with those AZs will be used
  3. If failureDomains are specified in the MachinePool then subnets that are in those failureDomains (a.k.a. Availability Zones) will be used
  4. All the private subnets from the control plane are used (#2302, @richardcase)
• EKS: New AWSManagedMachinePool resources with non-empty remoteAccess now require remoteAccess.public: true in order to allow public access to SSH on port 22 (#2243, @michaelbeaumont)

Changes by Kind

API Change

• Add the following cluster-scoped resources for multi-tenancy support:
  • AWSClusterStaticIdentity - Static credentials using a Access Key ID and Secret Key
  • AWSClusterControllerIdentity - A singleton resource that states a cluster can use inherited credentials
  • AWSClusterRoleIdentity - An IAM role definition (#2253)
• Add ability to toggle the new AWS Capacity Rebalance feature by setting a new .spec.capacityRebalance field in AWSMachinePool objects. (#2288, @trutx)

Feature

• Add Multi-tenancy support (multi-tenancy proposal) (#2253)
• For migration of current cluster resources to the new multi-tenancy model, there is a new experimental controller
  AutoControllerIdentityCreator that will create and apply AWSClusterControllerIdentity to all existing resources. This will be enabled by default until v1alpha4.
  No additional steps are needed to migrate existing clusters, multi-tenancy model is fully backward-compatible when this controller is kept enabled (#2253)
• Add clusterawsadm ami list command to list AMIs that can be filtered by region, OS, and Kubernetes version. (#2304, @sedefsavas)
• clusterawsadm ami commands now support --source-region to copy AMIs across regions (#2345)
• clusterawsadm ami commands now output versioned AWSAMIList and AWSAMI resources to stdout (#2345, @randomvariable)
• Add the ability to enable the AWS SDK debug logging (#2229, @shuheiktgw)
• Adopt the release-notes tool from kubernetes/release to generate the changelog for a release (#2247, @richardcase)
• PRs now require release-notes code block, which is used in the release notes generation (#2232, @richardcase)
• EKS: Ability to declaratively remove the Amazon VPC CNI when using an alternate CNI (#2292, @richardcase)
• EKS: Add the AWSFargateProfile resource for managing EKS Fargate profiles (#2265, @michaelbeaumont)
• EKS: Add/update conditions for the AWSManagedControlPlane to detect when EKS control plane is being created or updated. (#2246, @michaelbeaumont)
• EKS: Add new cluster template for a GPU-accelerated EKS cluster (#2278, @richardcase)

Documentation

• Add documentation for IAM permissions and clusterawsadm, dynamically generated via clusterawsadm itself (#2342, @randomvariable)
• Add Published AMIs page that gets updated by a lambda function every hour (#2345, @randomvariable)
• Add auto-generated CRD reference documentation for core APIs, EKS controlplane and experimental features (#2347) (#2352, @randomvariable)
• Add multitenancy documentation with examples (#2319, @sedefsavas)
• EKS: Add a guide on how to develop EKS Control Plane locally using Tilt (#2234, @kenichi-shibata)
• EKS: New ADR to document the decision of how Fargate Profiles will be represented. (#2250, @michaelbeaumont)

Failing Test

• Enable EventBridgeInstanceState feature in e2e tests (#2293, @sedefsavas)

Bug or Regression

• AWSMachine: Add filters support for additional security groups (#2241, @alexander-demichev)
• Fix AWSCluster & AWSMachine validation webhooks to accept an empty string for the SSHKeyName field (#2308, @dlipovetsky)
• Fix bug where custom bootstrap user name was not accepted (#2341, @randomvariable)
• Restore GovCloud and other AWS partition support for CloudFormation generation. If using EKS, you must provide the relevant value for partition in your clusterawsadm configuration file. (#2289, @randomvariable)

Other (Cleanup or Flake)

• Add validation for loadbalancer scheme to allow only Internet-facing and internal values (#2290, @sedefsavas)
• Add test coverage to test grid (#2350, @sedefsavas)
• Add upgrade to Kubernetes main test (#2313, @sedefsavas)
• EKS: Removal of AWSManagedCluster from templates/docs to help with the future deprecation in v1alpha4 (#2264, @richardcase)

Support

• @sedefsavas joined to the maintainers of Cluster API Provider AWS (#2279, @richardcase)

The images for this release is:
us.gcr.io/k8s-artifacts-prod/cluster-api-aws/cluster-api-aws-controller:v0.6.5
us.gcr.io/k8s-artifacts-prod/cluster-api-aws/eks-controlplane-controller:v0.6.5
us.gcr.io/k8s-artifacts-prod/cluster-api-aws/eks-bootstrap-controller:v0.6.5

Thanks to all our contributors!

Special thanks to @detiber for his contributions to CAPA from its inception who moves to emeritus status now.