(The kops 1.19 series has not been released yet; this is a pre-release).
kops 1.19.0-alpha.1 is the first alpha in the 1.19 series for kops.
Please see the release notes for the full list of changes.
Significant changes
-
On AWS kops now defaults to using launch templates instead of launch configurations.
-
Clusters using the Amazon VPC CNI provider now perform an
ec2.DescribeInstanceTypes
call at instance launch time. In large clusters or AWS accounts this may lead to API throttling which could delay node readiness. If this becomes a problem please open a GitHub issue. -
Alpha support for Hashicorp Vault as store for secrets and keys. See the Vault state store docs.
-
New clusters running Cilium will have enabled BPF NodePort by default if kubernetes version is 1.12 or newer.
Breaking changes
-
Support for Kubernetes 1.9 and 1.10 has been removed.
-
Support for the Romana networking provider has been removed.
Required Actions
Deprecations
- Support for Kubernetes versions 1.11 and 1.12 are deprecated and will be removed in kops 1.20.
Full change list since 1.18.0 release
v1.18.0-alpha.3 to v1.19.0-alpha.1
- Add etcd-manager certificate expiration advisory @rifelpet #9030
- Treat NatGatewaysNotFound error as already-deleted @johngmyers #9052
- Allow cluster maintenance when channel is unavailable @johngmyers #9053
- Release notes for 1.18.0-alpha.3 @justinsb #9075
- Release notes for 1.17.0-beta.2 @justinsb #9073
- Disable TX checksum offload for Flannel VXLAN @hakman #9074
- Added support for configuring disable-attach-detach-reconcile-sync in… @andersosthus #9068
- Add advisory notice to readme and docs homepage @rifelpet #9083
- Revert "feat(openstack): propagate cloud labels to machines" @zetaab #9087
- kube-apiserver: healthcheck via sidecar container @justinsb #9069
- Include secondary protocol flag always @jacksontj #9008
- Fix port conflict on etcd-cilium vs dns-controller memberlist @justinsb #9097
- kube-apiserver-healthcheck: actually enable on 1.17 @justinsb #9098
- Update instance_groups.md @ranshn #9072
- Fix containerd image side-loading @hakman #9101
- Dont use terraform's file() for singleline strings in GCE metadata @rifelpet #9084
- Add documentation on gossip @olemarkus #9111
- upgrade to use cinder v3 api @zetaab #9113
- Fix zsh completion @olemarkus #9108
- Add unit test for util/pkg/hashing/hash.go @Hellcatlk #9114
- Spotinst: Allow users to disable the controller add-on @liranp #9091
- Fail cluster validation if too few nodes for ig's target size @johngmyers #9126
- Adding most recent version of kube-state-metrics - 1.9.5 @MoShitrit #9125
- PKI code cleanup @johngmyers #9106
- Return cluster validation failure if ASG missing @johngmyers #9118
- Add EC2 Instance LifeCycle label @atmosx #9121
- add some unit tests @q384566678 #8960
- Remove code for unsupported Kubernetes version @johngmyers #9134
- http download: set a timeout to avoid hangs @justinsb #9136
- Move CNI docs to their own files @olemarkus #9107
- Added Launch Template support for instance interruption behavior @tomesm,@rifelpet #9024
- DNS: Don't try to apply empty changesets @justinsb #8464
- Remove redundant menu item in the docs site @rifelpet #9144
- Remove Classic networking from docs @johngmyers #9142
- doc: Typo in docs/state.md @nvanheuverzwijn #9147
- Spotinst: Documentation @liranp #9139
- Map kube-apiserver service-account-jwks-uri flag @justinsb,@rifelpet #9133
- Don't put bastions in the utility subnets @johngmyers #9124
- Create golden image test for nodeup kube-apiserver @justinsb #8950
- Add unit test for func matchesElbTags @hs0210 #8989
- Remove support for reading legacy-format keypairs @johngmyers #9131
- Update alpha channels with May updates @MoShitrit #9155
- Add support for Kubenet with containerd @hakman #9104
- [Digital Ocean] Handle logic for kops edit/update cluster @srikiz #9116
- Move OS deprecations to deprecations section of relnotes @johngmyers #9093
- Add unit test case for pkg/k8sversion/version_test.go @Hellcatlk #9112
- Update OWNERS file @johngmyers #9105
- Minor doc fix. address is not valid to use, will cuase etcd faili… @granular-ryanbonham #9160
- GCE: don't rely on hostname being correct @justinsb,@rifelpet #9135
- Reduce test flakiness @johngmyers #9164
- Add unit test case for pkg/apis/kops/util/versions_test.go @Hellcatlk #9156
- Spotinst: New hybrid integration mode @liranp #7252
- Fix nodetask.File dependency on owner @johngmyers #9169
- Networking cleanup @olemarkus #9157
- Update DigitalOcean cloud-controller-manager to v0.1.24 @timoreimann #9179
- Update etcd-manager to 3.0.20200527 @justinsb #9184
- Use debian as default image for DO images @srikiz #9181
- Remove all versions of a file form the S3 bucket @hakman #9171
- Remove unused VFSScan @johngmyers #9174
- Remove loader support for nodeup tasks not used in models @johngmyers #9170
- Document etcd-manager backups retention settings @hakman #9187
- Add gjtempleton as reviewer @johngmyers #9183
- Fix nits for removal of S3 file versions @hakman #9188
- Remove support for CoreOS and Jessie @johngmyers #9065
- Update Bazel rules for Docker to v0.14.2 @hakman #9196
- Remove support for the legacy etcd provider as of k8s 1.18 @johngmyers #8826
- Add deprecation notice for legacy etcd provider to 1.17 relnotes @johngmyers #9201
- Add comment in OWNERS linking to test-infra OWNERS files @rifelpet #9202
- Fix repo packages not being installed @hakman #9203
- Allow listing versions for objects in the S3 bucket @hakman #9205
- Try validating multiple times before updating instancegroup @johngmyers #9165
- Use kubescheduler.config.k8s.io/v1beta1 for Kubernetes 1.19 @hakman #9204
- Update adding_a_feature.md with more modern example @johngmyers #9208
- Add example for delete secret @q384566678 #9198
- Upgrade docker/containerd/containeros hashes to SHA256 @johngmyers #9215
- Release notes for 1.16.3 @justinsb #9219
- Remove extraneous markdown files in pkg/apis @rifelpet #9220
- Release notes for 1.17.0 @justinsb #9222
- Remove unused file @johngmyers #9218
- Update set-version script to bump tag in Makefile @justinsb #9224
- Start release notes for kops 1.19 @justinsb #9223
- Use AWS SDK to fetch metadata @justinsb #9227
- S3 DeleteAllVersions: use pagination @justinsb #9228
- Bump compatibility matrix for kops 1.17 @johngmyers #9225
- Validation: MixedInstancePolicy need not override instance types @justinsb #9231
- GCE: fix typo @justinsb #9232
- Add packages hashes verification for containerd and Docker @hakman #9234
- Remove vsphere cloud provider @olemarkus #9177
- Update etcd-manager to 3.0.20200531 @hakman #9237
- Don't build site when docs are unchanged @hakman #9235
- Updating stable channel with May updates @MoShitrit #9212
- Upgrde amazon vpc cni to 1.6.2 @MoShitrit #9214
- Disable static tokens by default as of Kubernetes 1.18 @johngmyers #8850
- Add example for describe secret @q384566678 #9241
- Release notes for 1.18.0-beta.1 @justinsb #9242
- 1.18 release note corrections @johngmyers #9243
- Update channels for 1.18 @mikesplain #9250
- [Digital Ocean] Update RBAC for DO CCM @srikiz #9249
- Remove redundant ValidateInstanceGroup call @rifelpet #9252
- Add ARM64 build targets for kops and nodeup @hakman #8922
- Remove all traces of utils.tar.gz @hakman #9197
- Enable configuration of the calico IP_AUTODETECTION_METHOD and IP6_AUTODETECTION_METHOD @mtl-wgtwo #9175
- Use CNI 0.8.6 for Kubernetes 1.15+ @hakman #9256
- Add table of networking providers and their status @olemarkus #9140
- Use Docker 19.03.11 for Kubernetes 1.18+ @hakman #9258
- Fix link to point to aws docs @mikesplain #9263
- Refactor Debian automatic upgrades to Go code @johngmyers #9213
- Remove romana support @olemarkus #9255
- Don't make it possible to toggle ipv4/6. We only support ipv4 anyway @olemarkus #9253
- Update channel 1.15 k8s recommendation to 1.15.12 @jeffb4 #9266
- Add support for encryption in Cilium @MoShitrit #9154
- Bump Dashboard to v2.0.1 @maciaszczykm #9199
- Update Calico and Canal for CVE-2020-13597 @hakman #9268
- Tag all cilium keys with omitempty @olemarkus #9254
- When building to staging, split out the marker files by branch @justinsb #9272
- Move networking in nodeup to dedicated subpackage @olemarkus #9137
- Bump supported and recommended k8s versions for kops 1.19 @johngmyers #9226
- Clean up wording in releases.md @johngmyers #9230
- Spotinst: Allow a user specifiable node draining timeout @liranp #9221
- Validate IG RootVolumeType @olemarkus #9265
- gce: log bucket-policy-only message at a level that always appears @justinsb #9276
- Prepare Kops for multi-architecture support @hakman #9216
- Ensure we have IAM bucket permissions to other S3 buckets @justinsb #9274
- Refactor cert issuance code @johngmyers #9130
- Allow failure of the ARM64 job in TravisCI @hakman #9279
- Use Ubuntu 20.04 as the default image for Kubernetes 1.18+ @hakman #9283
- Disable disk based evictions for Kubernetes 1.19 @hakman #9296
- More nodeup golden tests @justinsb #9248
- Adding recent releases to docs site @MoShitrit #9293
- Update Weave for CVE-2020-13597 @hakman #9285
- Create nodetasks.IssueCert() @johngmyers #9282
- Don't export basic auth credentials if basic auth is disabled @johngmyers #9284
- Copy "portmap" to /opt/cni/bin for Weave @hakman #9286
- Update shipbot config @hakman #9277
- Fix some go-lint warning @Hellcatlk #9236
- Docs - add syntax highlighting + markdown cleanup @rifelpet #9308
- Install common CNI plugin binaries for all network plugins @hakman #9310
- Don't try building TLS for etcd-manager if not using etcd-manager @johngmyers #9302
- Use ec2.DescribeInstanceTypes for machine type info @rifelpet #8856
- Don't require nodeup tasks to have SetName() @johngmyers #9299
- Refactor and improve API validation @johngmyers #9217
- Disable kubeproxy when creating a kube-router cluster @rifelpet #9321
- Use Docker 19.03.11 for Kubernetes 1.17+ @hakman #9317
- Install all CNI plugin binaries for all network plugins @hakman #9320
- Fix NPD when creating a kube-router cluster @rifelpet #9323
- Fix mismatch in SecurityGroups handling with launch templates @johngmyers #9288
- Allow docker options to be specified by create cluster overrides @bertinatto #9324
- Issue kube-scheduler and kube-controller-manager certs in nodeup @johngmyers,@justinsb #9313
- IAM: Refactor vfs-access logic so we can see the required readable paths @justinsb #9328
- Update Weave Net to 2.6.5 @hakman #9330
- Docs helptext @olemarkus #9333
- Use launch templates by default @johngmyers #9289
- Refactor kubemanifest to be clearer @justinsb #9342
- Refactor BootstrapChannelBuilder to use a KopsModelContext @justinsb #9338
- Issue kubecfg and kops certs in nodeup @johngmyers #9347
- Update release notes for Ubuntu 20.04 and CVEs @hakman #9332
- Add nodelocal dns cache to release notes and add kops version to docs @olemarkus #9351
- Bug: Explicitly set default StorageClass to support upgrades @joshbranham #9337
- Promote alpha channel to stable @johngmyers #9366
- Prefer the GA label for node zone @johngmyers #9363
- Cleanup networking docs @ari-becker #9349
- Bump recommended kops versions in alpha channel @johngmyers #9361
- Validate cilium version @olemarkus #9295
- Fix kube-apiserver-healthcheck image @coreypobrien #9359
- Remove the baremetal cloud provider @johngmyers #9360
- Add "--selinux-enabled" flag for Docker @hakman #9334
- Issue kubelet-api cert in nodeup @johngmyers #9356
- Revert "Fix kube-apiserver-healthcheck image" @johngmyers #9371
- Move host-network services off of port 8080 @johngmyers #9355
- Remove bundler as baremetal support was removed @johngmyers #9372
- Add support for AWS OIDC Provider @rifelpet #9375
- NodeLocalDNS config population: small tweaks @justinsb #9376
- Add comment on blocking jobs to actions @mikesplain #9305
- Prune old metrics-server and update HPA docs @johngmyers #9233
- Upgrade mkdocs to latest versions @rifelpet #9309
- Store terraform launchtemplate userdata in plaintext rather than b64 @rifelpet #9340
- Update alpha channel with June releases @MoShitrit #9384
- try github actions failure to see if PRs can't be merged @rifelpet #9015
- Run "go mod vendor" in verify-gomod @rifelpet #9389
- Start moving InstanceGroup data to NodeupConfig @johngmyers #9391
- Refactor to clean up TemplateFunctions @justinsb #9390
- Revert "try github actions failures to see if PRs can't be merged" @rifelpet #9392
- Add notice from k8s.io to docs site @mikesplain #9393
- Issue aws-iam-authenticator cert in nodeup @johngmyers #9378
- Updating cluster_spec doc. @michalschott #9380
- Add a couple more "area" labels @rifelpet #9394
- Cache terraform's providers between tests @rifelpet #9399
- Stop creating SHA1 hashes for build artifacts @hakman #9400
- Add initial support for ARM64 @hakman #8938
- Use -mod=vendor for most go commands @rifelpet #9396
- Add olemarkus as reviewer @hakman #9200
- Temporarily use containerd from Docker packages @hakman #9346
- Fix override css @mikesplain #9406
- Upgrade Amazon VPC CNI to 1.6.3 @MoShitrit #9408
- Fold multiple integration test cases into the complex test case @rifelpet #9409
- Move apply logic down into pkg for import use @johngmyers #9411
- Clean up the HA docs @olemarkus #9387
- Add master and node image options when creating a cluster @hakman #9407
- Implement VFS for vault @olemarkus #9094
- Rolling update instance groups in consistent order @johngmyers #9412
- Refactor lyft config file to Go code @johngmyers #9410
- Update 1.17-NOTES.md @wangxy518 #9414
- Make dns pods work on arm64 clusters @olemarkus #9418
- Typo and wording fix to getting_started/commands doc @MoShitrit #9417
- Alicloud: Refactor LoadBalancerWhiteList to LoadBalancerACL @bittopaz #8304
- Remove PHONY declaration on non-phony targets @johngmyers #9419
- Build and publish only Linux AMD64 Kops artifacts for CI @hakman #9401
- Remove more sha1-generation code @johngmyers #9423
- Fix: dns-controller: 3999 port address already in use @vgunapati #9404
- Fix dns selectors for older k8s @olemarkus #9431
- Fix staticcheck error with Go 1.14 @johngmyers #9434
- Remove kube-discovery @johngmyers #9435
- Start pushing create_cluster logic into pkg @johngmyers #9413
- Spotinst: Add missing lifecycle to awstasks.SecurityGroup @liranp #9445
- Prepatory refactoring of BootstrapScript @johngmyers #9402
- Fix cilium etcd migration @olemarkus #9451
- Spotinst: Support for Root Volume Size in Ocean Launch Spec @liranp #9459
- Spotinst: Upgrade the Spotinst controller to version 1.0.61 @liranp #9460
- Remove dead cloudup code @johngmyers #9422
- Refactor BootstrapScript into a Task @johngmyers #9449
- Refactor how api-server addresses are exported from tasks @johngmyers #9450
- Add unit test for func VersionedJSON @Hellcatlk #9458
- Cilium requires manual restart when migrating to nodeport @olemarkus #9454
- Bump k8s versions for alpha channel with latest releases @MoShitrit #9455
- Enable nodeport by default @olemarkus #9425
- Update staticcheck to latest version @rifelpet #9463
- Add Ambassador addon to kops @concaf #9115
- Update Calico to v3.15.0 for k8s 1.16+ @hakman #9444
- Update KubeDNS to v1.15.13 @hakman #9462
- Refactor more cluster creation code into NewCluster() @johngmyers #9443
- Update the service manifest for Docker @hakman #9465
- Cleanup tempfiles @zhijianli88 #9472
- Fix where etcd-cluster-spec is writen when etcd's BackupStore is defined -v2 @rdrgmnzs #9474
- Create separate field for disabling rolling updates @johngmyers #9348
- Move more cluster creation code to NewCluster() @johngmyers #9467
- Continue moving InstanceGroup data to NodeupConfig @johngmyers #9415
- Use new templates for cilium 1.8 @olemarkus #9424
- Update terraform docs with version compatibility @rifelpet #9488
- Updating the YAMLs for Ingress-Citrix Addon @christus02 #9480
- Allow CI builds to build a tagged version @justinsb #9493
- Release 1.19.0-alpha.1 @justinsb #9494
Please see the release notes for the full list of changes.