Release notes for kOps 1.20 series

(The kOps 1.20 release has not been released yet; this is a document to gather the notes prior to the release).

Significant changes

• Default container runtime is now set to containerd for new clusters running Kubernetes 1.20.0+.

• Added experimental Azure support. To get started check the docs

• Default settings for AWS instances are updated to take advantage of recent performance and security features:

  • Default etcd volumes encryption changes to enabled for newly created clusters
  • Default root volume encryption changes to enabled
  • Default etcd volumes type changes from gp2 to gp3
  • Default root volume type changes from gp2 to gp3

• Added template funtions for kubernetes version based on channel data.

• kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.

• Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""

• Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.17.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

• Support for Kubernetes 1.11 and 1.12 has been removed.

• Support for Terraform version 0.11 has been removed.

• Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions 0.12.26+ and 0.13.0+.

Required Actions

• If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (k8s-ec2-srcdst) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature.

• If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.

• If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the node-role.kubernetes.io/control-plane:NoSchedule toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

• Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.

• The manifest based metrics server addon has been deprecated in favour of a configurable addon.

• The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

• The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22

• The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.

• Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

• Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Change list since the 1.20.0-alpha.2 release

• fix: asset task copy docker image @johanneswuerbach #10767
• Add AWS LoadBalancerController @olemarkus #10489
• Update Calico to v3.17.2 @hakman #10787
• Enable CSIMigrationAWS if CSI EBS driver is installed @olemarkus #10791
• Fill Role names in kops-controller-config instead of instance profile names when it is specified @h3poteto #10728
• Update Docker to v19.03.15 @hakman #10802
• Fix LaunchSpec TF output @hakman #10806
• add azure support for internal loadbalancer to k8s api @collin-woodruff-t1cg #10744
• Allow managed images for Azure instance groups @NickSchleicher #10797
• kubenet containerd: match upstream @justinsb #10759
• Storage: Allow disabling of kOps's management of StorageClasses @seh #10733
• Spotinst: Replace corev1.Taint to fix HCL2 serialization @liranp #10819
• Spotinst: Bump the Ocean Controller to 1.0.72 @liranp #10820
• Allow to control which subnets and IPs get used for the API loadbalancer @codablock #10741
• Use correct tag when creating node labels from azure cloud tags @NickSchleicher #10619
• containerd installation: always configure, even if we don't install @justinsb #10813
• Precreate the kops-controller DNS name @rifelpet #10833
• Actually enable systemd cgroup for containerd @codablock #10846
• Update Go to v1.15.8 @hakman #10853
• Add support for CAS 1.20 + support for disabling CAS for a given IG @olemarkus #10857
• Add liveness probe for calico-kube-controllers @hakman #10856
• Bump aws node termination handler to 1.12.0 @bharath-123 #10863
• Update AWS CNI to latest patch version @MoShitrit #10876
• Bump metrics-server to 0.4.2 @olemarkus #10858
• Fixes for 1.21 e2e tests @olemarkus #10879
• Add validation for instanceType and ami architecture @bharath-123,@hakman #10747
• fix loadBalancerID null pointer @collin-woodruff-t1cg #10886
• Update Calico to v3.18.0 @hakman #10904
• Adding Elastic IP Allocations to NLB API @timothyclarke #10872
• add usage of subnet and routetable shared resources in azure @ngalantowicz #10900
• Release 1.20.0-beta.1 @hakman #10906