Release notes for Cluster API Provider AWS (CAPA) v0.6.5
Changelog since v0.6.4
Urgent Upgrade Notes
(No, really, you MUST read this before you upgrade)
- The behaviour when selecting which subnets to use with machine pools (AWSMachinePool & AWSManagedMachinePool) when subnet ids haven't been included has changed. There is now a defined order of precedence that will determine which subnets to use:
- Subnets defined explicitly in the
spec
ofAWSMachinePool/AWSManagedMachinePool
- If
AvailabilityZones
is specified onAWSMachinePool/AWSManagedMachinePool
then the subnets associated with those AZs will be used - If
failureDomains
are specified in theMachinePool
then subnets that are in thosefailureDomains
(a.k.a. Availability Zones) will be used - All the private subnets from the control plane are used (#2302, @richardcase)
- Subnets defined explicitly in the
- EKS: New
AWSManagedMachinePool
resources with non-emptyremoteAccess
now requireremoteAccess.public: true
in order to allow public access to SSH on port 22 (#2243, @michaelbeaumont)
Changes by Kind
API Change
- Add the following cluster-scoped resources for multi-tenancy support:
- AWSClusterStaticIdentity - Static credentials using a Access Key ID and Secret Key
- AWSClusterControllerIdentity - A singleton resource that states a cluster can use inherited credentials
- AWSClusterRoleIdentity - An IAM role definition (#2253)
- Add ability to toggle the new AWS Capacity Rebalance feature by setting a new
.spec.capacityRebalance
field inAWSMachinePool
objects. (#2288, @trutx)
Feature
- Add Multi-tenancy support (multi-tenancy proposal) (#2253)
- For migration of current cluster resources to the new multi-tenancy model, there is a new experimental controller
AutoControllerIdentityCreator
that will create and apply AWSClusterControllerIdentity to all existing resources. This will be enabled by default until v1alpha4.
No additional steps are needed to migrate existing clusters, multi-tenancy model is fully backward-compatible when this controller is kept enabled (#2253) - Add
clusterawsadm ami list
command to list AMIs that can be filtered by region, OS, and Kubernetes version. (#2304, @sedefsavas) clusterawsadm ami
commands now support--source-region
to copy AMIs across regions (#2345)clusterawsadm ami
commands now output versioned AWSAMIList and AWSAMI resources to stdout (#2345, @randomvariable)- Add the ability to enable the AWS SDK debug logging (#2229, @shuheiktgw)
- Adopt the
release-notes
tool fromkubernetes/release
to generate the changelog for a release (#2247, @richardcase) - PRs now require
release-notes
code block, which is used in the release notes generation (#2232, @richardcase) - EKS: Ability to declaratively remove the Amazon VPC CNI when using an alternate CNI (#2292, @richardcase)
- EKS: Add the
AWSFargateProfile
resource for managing EKS Fargate profiles (#2265, @michaelbeaumont) - EKS: Add/update conditions for the AWSManagedControlPlane to detect when EKS control plane is being created or updated. (#2246, @michaelbeaumont)
- EKS: Add new cluster template for a GPU-accelerated EKS cluster (#2278, @richardcase)
Documentation
- Add documentation for IAM permissions and clusterawsadm, dynamically generated via clusterawsadm itself (#2342, @randomvariable)
- Add Published AMIs page that gets updated by a lambda function every hour (#2345, @randomvariable)
- Add auto-generated CRD reference documentation for core APIs, EKS controlplane and experimental features (#2347) (#2352, @randomvariable)
- Add multitenancy documentation with examples (#2319, @sedefsavas)
- EKS: Add a guide on how to develop EKS Control Plane locally using Tilt (#2234, @kenichi-shibata)
- EKS: New ADR to document the decision of how Fargate Profiles will be represented. (#2250, @michaelbeaumont)
Failing Test
- Enable EventBridgeInstanceState feature in e2e tests (#2293, @sedefsavas)
Bug or Regression
- AWSMachine: Add filters support for additional security groups (#2241, @alexander-demichev)
- Fix AWSCluster & AWSMachine validation webhooks to accept an empty string for the
SSHKeyName
field (#2308, @dlipovetsky) - Fix bug where custom bootstrap user name was not accepted (#2341, @randomvariable)
- Restore GovCloud and other AWS partition support for CloudFormation generation. If using EKS, you must provide the relevant value for
partition
in your clusterawsadm configuration file. (#2289, @randomvariable)
Other (Cleanup or Flake)
- Add validation for loadbalancer scheme to allow only Internet-facing and internal values (#2290, @sedefsavas)
- Add test coverage to test grid (#2350, @sedefsavas)
- Add upgrade to Kubernetes main test (#2313, @sedefsavas)
- EKS: Removal of AWSManagedCluster from templates/docs to help with the future deprecation in v1alpha4 (#2264, @richardcase)
Support
- @sedefsavas joined to the maintainers of Cluster API Provider AWS (#2279, @richardcase)
The images for this release is:
us.gcr.io/k8s-artifacts-prod/cluster-api-aws/cluster-api-aws-controller:v0.6.5
us.gcr.io/k8s-artifacts-prod/cluster-api-aws/eks-controlplane-controller:v0.6.5
us.gcr.io/k8s-artifacts-prod/cluster-api-aws/eks-bootstrap-controller:v0.6.5
Thanks to all our contributors!
Special thanks to @detiber for his contributions to CAPA from its inception who moves to emeritus status now.