Release notes for kOps 1.20 series

(The kOps 1.20 release has not been released yet; this is a document to gather the notes prior to the release).

Significant changes

• Default container runtime is now set to containerd for new clusters running Kubernetes 1.20.0+.

• Added experimental Azure support. To get started check the docs

• Default settings for AWS instances are updated to take advantage of recent performance and security features:

  • Default etcd volumes encryption changes to enabled for newly created clusters
  • Default root volume encryption changes to enabled
  • Default etcd volumes type changes from gp2 to gp3
  • Default root volume type changes from gp2 to gp3

• Added template funtions for kubernetes version based on channel data.

• kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.

• Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""

• Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.17.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

• Support for Kubernetes 1.11 and 1.12 has been removed.

• Support for Terraform version 0.11 has been removed.

• Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions 0.12.26+ and 0.13.0+.

Required Actions

• If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (k8s-ec2-srcdst) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature.

• If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.

• If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the node-role.kubernetes.io/control-plane:NoSchedule toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

• Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.

• The manifest based metrics server addon has been deprecated in favour of a configurable addon.

• The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

• The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22

• The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.

• Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

• Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Partial change list since 1.20.0-beta.1 release

1.20.0-beta.1 to 1.20.0-beta.2

• add support for azure public loadbalancer @collin-woodruff-t1cg #10915
• Spotinst: Prevent instance groups with the same suffix from being deleted @liranp #10918
• Fix nil pointer deference for image ID with spotinst @hakman #10924
• Sort external policies when checking for changes @hakman #10940
• Further improve cloudLabel validation @olemarkus #10910
• Update etcd-manager to 3.0.20210228 @justinsb #10949
• Allow multi-CNI setups to set usesSecondaryIP @ravens #10828
• Spotinst: Don't skip LB attachments when SpotinstHybrid is enabled @liranp #10961
• Add AWS Transit Gateway support @rifelpet #10948
• gce doesn't suffix the IG names with ClusterName @olemarkus #10944
• Fix node label conversion in Azure @kenji-cloudnatix #10935
• Spotinst: Bump the Ocean Controller to 1.0.73 @liranp #10960
• Add support for enable-cadvisor-json-endpoints with Kubelet @adrianmoisey #10957
• Add explicit RBAC permissions for finalizers subresources @olemarkus #10966
• Add support for CPU Credits on AWS t2 and t3 instance families @rifelpet #10934
• Update controller-runtime to v0.8.2 for kOps 1.20 @hakman #10967
• Removing duplicate local and output values in terraform(#10786) @mmerrill3 #10978
• Add CloudLabels as --extra-tags to aws-ebs-csi driver @codablock #10976
• Use internal api url for jwks @olemarkus #10888
• Disable Calico Prometheus metrics by default @hakman #10982
• Add etcd-manager discoveryPollInterval option @ottosulin #10975
• Storage: Amend default choice for StorageClass management to honor a specified OpenStack-related value @seh #11002
• Use exponential backoff for DNS updates @hakman #10996
• Update Calico to v3.18.1 @hakman #11018
• Various cleanups around apply_cluster and awsmodel @olemarkus #10579
• Spotinst: Add support for block device mappings in Ocean Launch Spec @liranp #11009
• Fix rendering of multiple Docker insecure registries @hakman #11027
• Release 1.20.0-beta.2 @hakman #11031