github kubernetes/kops v1.19.0-alpha.4

Release notes for kops 1.19 series

(The kops 1.19 release has not been released yet; this is a document to gather the notes prior to the release).

Significant changes

Changes to kubernetes config export

Kops will no longer automatically export the kubernetes config on kops update cluster. In order to export the config on cluster update, you need to either add the --user <user> to reference an existing user, or --admin to export the cluster admin user. If neither flag is passed, the kubernetes config will not be modified. This makes it easier to reuse user definitions across clusters should you, for example, use OIDC for authentication.

Similarly, kops export kubecfg will also require passing either the --admin or --user flag if the context does not already exist.

By default, the credentials of any exported admin user now have a lifetime of 18 hours. The lifetime of the exported
credentials may be specified as a value of the --admin flag. To get the previous behavior, specify --admin=87600h to either kops update cluster or kops export kubecfg.

kops create cluster --yes exports the admin user along with rest of the cluster config, as was the previous behaviour (except for the 18-hour validity).

OpenStack Cinder plugin

Kops will install the Cinder plugin for kops running kubernetes 1.16 or newer. If you already have this plugin installed you should remove it before upgrading.

If you already have a default StorageClass, you should set cloudConfig.Openstack.BlockStorage.CreateStorageClass: false to prevent kops from installing one.

Other significant changes

  • New clusters will now have one nodes group per zone. The number of nodes now defaults to the number of zones.

  • On AWS kops now defaults to using launch templates instead of launch configurations.

  • Clusters using the Amazon VPC CNI provider now perform an ec2.DescribeInstanceTypes call at instance launch time. In large clusters or AWS accounts this may lead to API throttling which could delay node readiness. If this becomes a problem please open a GitHub issue.

  • There is now Alpha support for Hashicorp Vault as a store for secrets and keys. See the Vault state store docs.

  • New clusters running Cilium now enable BPF NodePort by default if the Kubernetes version is 1.12 or newer.

  • The kops update cluster command will now refuse to run on a cluster that
    has been updated by a newer version of kops unless it is given the --allow-kops-downgrade flag.

  • The lifetimes of certificates used by various components have been substantially reduced.
    The certificates on a node will expire sometime between 455 and 485 days after the node's creation.
    The expiration times vary randomly so that nodes are likely to have their certs expire at different times than other nodes.

  • New command for deleting a single instance: kops delete instance

Breaking changes

  • Support for Kubernetes 1.9 and 1.10 has been removed.

  • Support for the Romana networking provider has been removed.

  • Support for legacy IAM permissions has been removed. This removal may be temporarily deferred to kops 1.20 by setting the LegacyIAM feature flag.

Required Actions


  • Support for Kubernetes versions 1.11 and 1.12 are deprecated and will be removed in kops 1.20.

Full change list since 1.18.0 release

1.19.0-alpha.3 to 1.19.0-alpha.4

pre-release4 days ago