Release notes for kOps 1.20 series

(The kOps 1.20 release has not been released yet; this is a document to gather the notes prior to the release).

Significant changes

• Default container runtime is now set to containerd for new clusters running Kubernetes 1.20.0+.

• Added experimental Azure support. To get started check the docs

• Default settings for AWS instances are updated to take advantage of recent performance and security features:

  • Default etcd volumes encryption changes to enabled for newly created clusters
  • Default root volume encryption changes to enabled
  • Default etcd volumes type changes from gp2 to gp3
  • Default root volume type changes from gp2 to gp3

• Added template funtions for kubernetes version based on channel data.

• kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.

• Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""

• Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.17.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

• Support for Kubernetes 1.11 and 1.12 has been removed.

• Support for Terraform version 0.11 has been removed.

• Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions 0.12.26+ and 0.13.0+.

Required Actions

• If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.

• If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the node-role.kubernetes.io/control-plane:NoSchedule toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

• Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.

• The manifest based metrics server addon has been deprecated in favour of a configurable addon.

• The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

• The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22

• The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.

• Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

Partial change list since 1.20.0-alpha.1 release

1.20.0-alpha.1 to 1.20.0-alpha.2

• Release notes for 1.20.0-alpha.1 @hakman #10592
• Make cluster proportional autoscaler image configurable. @bjhaid #10564
• Set default container runtime to containerd @bmelbourne #10370
• Fix minor docs typos @JamesJJ #10598
• Validate cluster cloud labels @olemarkus #10599
• Exclude terraform.lock.hcl files from Git repo @bmelbourne #10597
• Provide required --kubernetes-version flags to kubetest2-kops --up @rifelpet #10600
• Kubetest - add networking support + misc fixes @rifelpet #10601
• Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage @justinsb,@hakman #10602
• Add troubleshooting documentation @olemarkus #10594
• Fix menu link to troubleshooting @olemarkus #10607
• Use kops binary built by kubetest2-kops in upgrade script @rifelpet #10613
• Warn if cilium encryption is enabled, but no secret has been set @olemarkus #10608
• kubetest2 upgrade script - PATH needs to be a directory @rifelpet #10617
• Add support for container-log-max-size/files with kubelet @hakman #10612
• Add network and router availability zone hints to OpenStack @ottosulin #10616
• Increase CoreDNS default ttl @johanneswuerbach #10610
• Update Go to v1.15.7 @hakman #10614
• kubetest2 - Add support for specifying a kubernetes version marker file @rifelpet #10620
• kubetest 2 - fix parsing of k8s version semver values @rifelpet #10621
• Update Weave to v2.8.0 @hakman #10604
• Update AWS instances defaults @hakman #10624
• kubetest2 - update the skip regex for the upgrade scenario @rifelpet #10626
• Install dbus if needed for protokube with containerd @justinsb #10583
• Ensure SpecOverrideFlag is set in upgrade test @rifelpet #10628
• Fix unbound variable in upgrade scenario script @rifelpet #10631
• kubetest2 - increase validation timeout for the upgrade scenario @hakman #10632
• Add startup probe for calico-kube-controllers @hakman #10633
• Remove coredns dnsprovider @olemarkus #10629
• Spotinst: Avoid unnecessary duplication of tasks @liranp #10630
• enableRemoteNodeIdentity actually defaults to true @olemarkus #10635
• Replace gopkg yaml with k8s-sigs yaml @olemarkus #10634
• protokube: Remove unused ExecuteTemplate function @justinsb #10637
• Fix phony make target for setting up kubetest2 @rifelpet #10636
• [Digital Ocean] Add SFO3 region. Also update e2e tests to use full list of supported zones @srikiz #10622
• etcd-manager: Update to 3.0.20210122 @justinsb #10638
• Update k8s versions in stable channel and bump ubuntu ami version in alpha channel @MoShitrit #10639
• Update kubetest2 library @rifelpet #10646
• feat: implement azure get api ingress status fn @ngalantowicz #10609
• Use the same package marker for kubectl as for e2e binary @rifelpet #10649
• Reword 'what is kOps' @olemarkus #10570
• Add back support for kubenet style networking with containerd @hakman #10651
• Add set instancegroup command @gabrieljackson #10593
• Set the tcp_rmem sysctl in bootstrap script @justinsb #10654
• Add --create-args kubetest2 flag @rifelpet #10658
• Fix cluster_spec.md indentation @trondhindenes #10660
• Allow attaching same external load balancer to multiple instance groups @hakman #10666
• Fix typo @adrianmoisey #10667
• Update kops e2e testing docs @bmelbourne #10652
• Create default loadbalancer when SSL certificate is specified @rudeigerc #10665
• Bump Ubuntu images for AWS and GCE @hakman #10670
• Release notes for 1.18.3 @justinsb #10673
• Remove taints from spotinst ocean terraform resource @rifelpet #10674
• Allow SSH user to be overridden for toolbox dump @rifelpet #10675
• kubetest2 - Use --ssh-user to dump logs @rifelpet #10676
• Update AWS etcd-manager volumes defaults @hakman #10661
• Update aws-sdk-go to 1.37.0 @rifelpet #10682
• Release notes for 1.19.0 @justinsb #10683
• Update release compatibility matrix @johngmyers #10684
• Default IMDSv2 to "optional" for AWS @hakman #10655
• Add link to 1.19 @olemarkus #10686
• Fix header indentation in addons.md @olemarkus #10685
• Documentation update: Corrected externalPolicy AWS ARN formatting @timothyclarke #10680
• Remove 'not released' notice from 1.19 notes @olemarkus #10688
• Fix bug preventing tasks using gp2 @olemarkus #10694
• Have channels create PKI for addons @olemarkus #10545
• Add template function returning the latest image @olemarkus #10689
• Update Weave to v2.8.1 @hakman #10698
• Increase IMDSv2 hop limit on control plane nodes @olemarkus #10702
• Kubetest2 - refactor how kops create cluster arguments are set @rifelpet #10701
• Update upgrade test to use 1.18->1.19 @rifelpet #10710
• Fix create args for upgrade test @rifelpet #10711
• Docs: Fix ServiceAccountVolume proposed configuration for Istio @dntosas #10712
• Update the skipped tests in the upgrade job to help the test stage pass @rifelpet #10713
• Remove unused instanceGroup parameter from setClusterFields @bharath-123 #10690
• Update code reference links in docs @bharath-123 #10696
• Fix rendering issue created by #10414 @avdhoot #10700
• Fix panic when exporting kubecfg for AWS cluster without load balancer @rifelpet #10720
• Cleanup kops-controller Route53 record during cluster deletion @rifelpet #10721
• Revert making imdsv2 default @olemarkus #10729
• Throw error if path being set by kops set is not present in struct @bharath-123 #10692
• Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed @h3poteto #10742
• Fix ineffassign issues @zhijianli88 #10739
• Deprecate aliyun @olemarkus #10746
• alpha channel: Update older images @justinsb #10748
• Fix docs build failure @bharath-123 #10750
• add user agent to openstack api requests @zetaab #10732
• Add support for cilium 1.9 @olemarkus #10695
• Use EnsureTask instead of prepending IG names to external ELB tasks @rifelpet #10754
• nodeup file: Set owner & group when we write the file. @justinsb,@hakman #10757
• Always generate kops-controller certs @hakman #10758
• Release 1.20.0-alpha.2 @hakman #10765