Announcements
We are looking for maintainers, reach out in #5432.
Deprecation / Removal
- Remove support for Fedora 31 (EOL)
- Remove support for Contiv CNI (#6964)
- Remove hyperkube support, no longer available in Kubernetes (#6965)
- Helm 2 can no longer be installed (#6846)
Major changes
- Add support for Fedora 33 (#7072) (see Notes)
- Add Kata Containers support to CRI-O runtime (#6830)
- Add RHEL support subscription registration (#6572)
- Add crun support (#6864)
- Add etcd tls cipher suites support (#7001)
- Add GCP terraform support (#6974)
- Allow airgapped CRI-O installation (#6927)
- Harden reset to work in more cases (#6781)
- Disable Kubernetes Dashboard by default (#6804) (see Notes)
- Add an option to force apiserver and respective client certificate to be regenerated without upgrading (#6403)
- Add a script to collect necessary container images and register the images to local registry (#7024)
- Major proxy rework on different playbooks (#7095)
Applications
- Allow configuration of nodelabels in local_volume_provisioner (#6620)
- [Openstack] Add external_openstack_lbaas_provider setting for occm (#6566)
- [Openstack] Add security groups not managed by terraform (#6865)
- [Openstack] Do not apply floating IP's before router port is created (#6887)
- [Openstack] Add cluster-name to external-openstack-cloud-controller-manager (#7055)
- [Azure / AWS] Added support for dynamic tags in AWS and Azure (#6752)
Container managers
- [All] Remove libseccomp install tasks (#7074)
- [Containerd] Add registry mirror support (#6962)
- [Containerd] Ensure libseccomp is installed before starting containerd on CentOS 8 (#6922)
- [Containerd] Add download run once feature (#6997)
- [Containerd] Allow root path and state path to be configured (#7098)
- [CRI-O] Use system default for storage driver by default (#6637)
- [CRI-O] Ensure service is started and enabled (#6753)
- [CRI-O] Reset is now working when CRI is set to CRI-O (#6812)
- [CRI-O] Avoid extra restart after install and upgrade (#6882)
- [CRI-O] Disable CRI-O restart by Multus (#6930)
- [CRI-O] Add registry mirror support (#6977)
- [CRI-O] Allow to enable
download_run_once
(#6998) - [Docker] Add CentOS 8 and Fedora 32 docker repository (#6747)
Network
- [Weave] Add iptables_backend to weave options (#6639)
- [Calico] Add support for Calico CNI host-local IPAM plugin (#6580)
- [Calico] Added ability to set VXLAN vni and port. defaults to calico's documented default (#6678)
- [Calico] default to using kdd datastore (#6693)
- [Calico] Add retries to update calico-rr data in etcd through calicoctl (#6505)
- [Calico] Handle calico-rr nodes as workers so they get upgraded too (#6447)
- [Calico] Avoid POD restart during initial deploy (#6886)
- [Calico] Add serviceExternalIPs option for calico installation (#6928)
- [Calico] Update files to handle multi-asn bgp peering conditions (#6971)
- [Calico] Blacklist Calico's VXLAN interface from NetworkManager (#7037)
- [Calico] Check if inventory settings match cluster settings (#6969)
- [Flannel] Add multi architeture support to flannel (#6166)
Other note worthy changes
- Allow pre-existing floating IPs to be specified with k8s_master_fips (#6755)
- Set ansible_python_interpreter to python3 on debian (#6633)
- Allow resource management of metrics-server container (#6652)
- Use "kubeadm join" to join masters to control plane (#6661)
- Add new variable allowing additionnal audit webhook server configuration (#6726)
- Add leader election timeouts and durations to available parameters (#6691)
- Make sure node_ip is set if node is in etcd group (#6719)
- Install etcdctl to host when etcd deployment type is kubeadm (#6857)
- Chmod kubeconfig to avoid group-readable (#6800)
- Hold the docker-ce-cli upgrade in Debian (#6995)
- Removes apps tags from apps meta dependencies (#7041)
- Change owner to root for bin_dir directory (#6814)
- Add an option to disable globally applying a proxy to etc/yum.conf (#6828)
- Set feature gates in kube-proxy ConfigMap (#6851)
- Allow configuring container log limits for Kubelet (#6933) (see Notes)
- Remove executable bit from yaml and j2 files (#6894)
- Fails if kubeadm_version do not matches kubernetes version (#6302)
- Disable docker-ce yum repo by default (#7080)
- Improve reset with many tweak (#7094)
- Small Proxy fixes (add svc,svc.{{ dns_domain }} to no_proxy) (#7102)
- Restore ability to set pod eviction timer (#7114) (see Notes)
- Add
ping_access_ip
variable to enable/disable ping test during preinstall. Enabled by default (#7020) - Remove unnecessary condition check when updating server field in kube-proxy kubeconfig (#7145)
Component versions:
- Kubernetes v1.19.7
- Etcd 3.4.13
- Docker 19.03
- Containerd 1.3.9
- CRI-O 1.19
- CNI-plugins v0.9.0
- Calico v3.16.5
- Cilium 1.8.6
- Flannel 0.13.0
- Kube-Router 1.1.1
- Multus 3.6
- Kube-ovn 1.5.2
- Weave 2.7.0
- CoreDNS 1.7.0
- Nodelocaldns 1.16.0
- Helm 3.3.4
- Nginx-ingress 0.41.2
- Cert-manager 1.0.4
- Kubernetes Dashboard v2.1.0
Known issues
- Ansible 2.10 is not supported and using it will results in errors (cf #7130)
Notes
- Kubernetes Dashboard deployment needs to be explicitly configured with
dashboard_enabled: true
- Docker version for Fedora 33 needs to be set to 20.10 as they are the only packages available and validated
- Two new variables are used for this use case
kube_apiserver_pod_eviction_not_ready_timeout_seconds
andkube_apiserver_pod_eviction_unreachable_timeout_seconds
- Action required: users that relies on the default value of calico_datastore needs to explicitly configure their datastore choice.