(The kops 1.19 series has not been released yet; this is a pre-release).

kops 1.19.0-alpha.2 is the next alpha in the 1.19 series for kops.

Please see the release notes for the full list of changes.

Significant changes

Changes to kubernetes config export

Kops will no longer automatically export the kubernetes config on kops update cluster. In order to export the config on cluster update, you need to either add the --user <user> to reference an existing user, or --admin to export the cluster admin user. If neither flag is passed, the kubernetes config will not be modified. This makes it easier to reuse user definitions across clusters should you, for example, use OIDC for authentication.

Similarly, kops export kubecfg will also require passing either the --admin or --user flag if the context does not already exist.

kops create cluster --yes exports the admin user along with rest of the cluster config, as is existing behaviour.

Other significant changes

• New clusters will now have one nodes group per zone. The number of nodes now defaults to the number of zones.

• On AWS kops now defaults to using launch templates instead of launch configurations.

• Clusters using the Amazon VPC CNI provider now perform an ec2.DescribeInstanceTypes call at instance launch time. In large clusters or AWS accounts this may lead to API throttling which could delay node readiness. If this becomes a problem please open a GitHub issue.

• Alpha support for Hashicorp Vault as store for secrets and keys. See the Vault state store docs.

• New clusters running Cilium will have enabled BPF NodePort by default if kubernetes version is 1.12 or newer.

• The kops update cluster command will now refuse to run on a cluster that
  has been updated by a newer version of kops unless it is given the --allow-kops-downgrade flag.

Breaking changes

• Support for Kubernetes 1.9 and 1.10 has been removed.

• Support for the Romana networking provider has been removed.

• Support for legacy IAM permissions has been removed. This removal may be temporarily deferred to kops 1.20 by setting the LegacyIAM feature flag.

Required Actions

Deprecations

• Support for Kubernetes versions 1.11 and 1.12 are deprecated and will be removed in kops 1.20.

Change list

Changes from 1.19.0-alpha.1 to 1.19.0-alpha.2

• Use kubelet docker-specific flags only for Docker @hakman #9495
• cloudbuild: Push additional images from cloudbuild @justinsb #9497
• Release notes for 1.19.0-alpha.1 @justinsb #9498
• Release notes for 1.16.4 @justinsb #9501
• Update bazel rules versions @rifelpet #9428
• Release notes for 1.17.1 @justinsb #9503
• Default ClusterDNS appropriately when NodeLocalDNS is enabled @johngmyers #9491
• Fixing typos and rewording docs/examples/basic-requirements.md @MoShitrit #9442
• Move more cluster creation code to NewCluster() @johngmyers #9490
• Continue refactoring certs into nodeup @johngmyers #9354
• Update AWS VPC CNI docs to use --networking amazonvpc @rifelpet #9509
• Update aws-sdk-go to v1.32.13 @hakman #9510
• Add Ambassador documentation to addons docs @concaf #9516
• Move remaining new cluster setup to pkg @johngmyers #9513
• Changing base image for node authorizer. @michalschott #9056
• Update kube-router to v1.0.0 @hakman #9512
• Remove deprecated function @johngmyers #9514
• Add ability to set various cilium flags through CLI @olemarkus #8928
• Add tag support to AWS launch templates @rifelpet #9519
• Fix a link typo in the networking.md @nikola-milikic #9461
• Cilium parse k8s version url @olemarkus #9525
• Cloudmock cleanup - preparation for EC2 tag-on-create @rifelpet #9520
• Update mock version to 1.19.0-alpha.1 @hakman #9527
• Use EC2's tag-on-create for various resources @rifelpet #9529
• Fix KubeDNS missing resourceVersion @phspagiari,@hakman #9521
• Use filebase64 for launch template userdata and Terraform 0.12 @rifelpet #9532
• Promote alphas to stable @olemarkus #9537
• Add some err judgments @zhouhao3 #9538
• Force single arch support via env var @hakman #9535
• Add lyft hash environment variable @hintofbasil #9539
• Update AWS IAM Authenticator to 0.5.1 @rifelpet #9540
• Update CoreDNS to v1.7.0 - Take 2 @rajansandeep #9541
• Add healthcheck to aws-iam-authenticator @rdrgmnzs #8991
• Re-enable disk based evictions for Kubernetes 1.19 @hakman #9475
• Switch AWS NAT Gateway creation to use tags on create @rifelpet #8726
• Improve Makefile @johngmyers #9542
• Remove the checksum workaround for Flannel VXLAN @hakman #9543
• Widen the tolerations of kuberouter @johngmyers #9547
• Add missing lifecycle to etcd keypair tasks @johngmyers #9553
• Use a stable key for signing service account tokens @johngmyers #9534
• Use distroless image as base for Protokube @justinsb,@hakman #9403
• Use stable names for GH workflow jobs @hakman #9552
• File permission test: clear umask before testing @justinsb #9562
• Don't try to delete terraform providers @justinsb #9561
• Release notes for 1.18.0-beta.2 @justinsb #9563
• Remove old unused files @rifelpet #9564
• Add support for uploading to private buckets @johngmyers #9568
• Upgrade to go 1.14.4 @rifelpet #9499
• Upgrade go to 1.14.5 @rifelpet #9572
• Update goimports script for go 1.14 @rifelpet #9573
• [Digital Ocean] Implement KOPS validate cluster @srikiz #9476
• Update alpha channel with July releases @hakman #9579
• Use fixed UID for etcd user and restrict to legacy provider @johngmyers #9581
• Adding feature stability table to docs and including one example for encryption support in cilium @MoShitrit #9555
• Print error during cluster delete for dependency violation @hakman #9589
• Specify user on export kubecfg @olemarkus #9280
• Require extra flag when updating cluster with downgraded kops version @johngmyers #9362
• Create one nodes instance group per zone @johngmyers #9471
• Promote Ciprian & John to approvers @hakman #9590
• Remove unused and unmaintained Docker build targets @hakman #9576
• Remove min width on tables @mikesplain #9592
• Remove support for legacy IAM permissions @johngmyers #9492
• Update stable channel with July releases @hakman #9596
• Improve locking in memfs @johngmyers #9597
• Docs - Add the new feature table to various feature sections @rifelpet #9585
• Update stretch images (from 1.11) in alpha channel @justinsb #9599
• Restore default SELinux security contexts for container runtime binaries @hakman #9584
• Revert move to explicit dependencies @johngmyers #9605
• Prefer nodes with "master" role for Calico Typha pods @hakman #9609
• Add Ubuntu 20.04 support for Docker 18.06.3 @hakman #9616
• Openstack fixes @olemarkus #9554
• remove LB circular in OpenStack @zetaab #9623
• fix(docs): render double curly braces @FrankYang0529 #9626
• Use public client accessors within openstackCloud functions @rifelpet #9628
• Exempt OpenStack from the EnableExternalCloudController feature flag @johngmyers #9629
• Fix int to string conversions @hakman #9630
• add os.RemoveAll err verification @zhouhao3 #9610
• Update instructions for fixing verify-gomod.sh @johngmyers #9636
• Add repo SECURITY.md @joelsmith #9638
• Use "tag on create" for AWS Route Tables @rifelpet #9639
• Spotinst: Upgrade the Spotinst controller to version 1.0.62 @liranp #9642
• Add tagging support for AWS Keypairs @rifelpet #9533
• Make ARM64 job blocking with TravisCI @hakman #9644
• Upgrade Go to version 1.15rc1 @hakman #9641
• Replace custom codegen package with gengo @johngmyers #9632
• Calico: Upgrade the "k8s-ec2-srcdst" controller to version v0.3.0 @seh #9647
• Remove dead code from tasks @johngmyers #9646
• Cleanup AWS EC2 eventual consistency warnings @hakman #9637
• Cleanup unused loader features @johngmyers #9649
• Promote alpha channel to stable @johngmyers #9652
• Remove tags from NodeupConfig @johngmyers #9650
• Release 1.19.0-alpha.2 @justinsb #9654

Please see the release notes for the full list of changes.