kOps 1.20.1 is the latest in the 1.20 series, with support for kubernetes 1.20.

Significant changes

• Default container runtime is now set to containerd for new clusters running Kubernetes 1.20.0+.

• Added experimental Azure support. To get started check the docs

• Default settings for AWS instances are updated to take advantage of recent performance and security features:

  • Default etcd volumes encryption changes to enabled for newly created clusters
  • Default root volume encryption changes to enabled
  • Default etcd volumes type changes from gp2 to gp3
  • Default root volume type changes from gp2 to gp3

• Added template funtions for kubernetes version based on channel data.

• kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.

• Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""

• Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.18.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

• Support for Kubernetes 1.11 and 1.12 has been removed.

• Support for Terraform version 0.11 has been removed.

• Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions 0.12.26+ and 0.13.0+.

Required Actions

• If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (k8s-ec2-srcdst) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature.

• If you are using self-hosted channels files, you have to add the new architectureID field, with one of the amd64 or arm64 values.

• If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.

• If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the node-role.kubernetes.io/control-plane:NoSchedule toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

• Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.

• The manifest based metrics server addon has been deprecated in favour of a configurable addon.

• The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

• The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22

• The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.

• Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

• Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Full Change List Since 1.20.0

• Correct typos @Akiros001 #11190
• Use "string" for architecture type in ChannelRecommendedImage @hakman #11220
• Always secure api -> kubelet communication @olemarkus #11185
• Fix etcd volume validation logic @hakman #11225
• Remove validations for EBS from cluster validation @h3poteto #11228
• Add support for Docker v20.10.6 @hakman #11236
• Add Azure image to alpha/stable channel @kenji-cloudnatix #11271
• Exclude nodes from load balancers upon cordoning @johngmyers #11273
• Fix cilium template scoping typo @javipolo #11270
• If one tries to use eip with a public ip that doesn't exist, fail @olemarkus #11276
• Spotinst: Prevent nil pointer dereference @liranp #11289
• Spotinst: Update spotinst/ocean-controller to v1.0.74 @liranp #11286
• Make it possible to detect field changes when mixedInstancePolicy is removed @h3poteto #11255
• Add ability to set a default Issuer in certManager addon @javipolo #11281
• Filter servers using cluster name in tags @zetaab #11305
• Use the full operator instead of the generic one @olemarkus #11312
• Update Calico to v3.18.2 @hakman #11339
• Set SAN for addon CAs @olemarkus #11328
• Add support for configuring Cilium enable-host-reachable-services. @bjhaid,@hakman #11333
• Mount /run inside etcd-manager pods for systemd mounts @hakman #11352
• Expose hubble agent when hubble is enabled @olemarkus #11314
• Mark control-plane node for update when etcd volume size changes @hakman #11365
• Update Calico to v3.18.3 for kOps 1.20 @hakman #11377
• Don't try to mount hubble TLS on the agent if we don't use hubble @olemarkus #11379
• Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller @olemarkus #11393
• Use etcd-manager built from etcdadm repo @justinsb,@hakman #11098
• csi/aws: Bump templates + add support for warm pools @dntosas,@codablock #11304
• Verify all versions are set correctly @johngmyers #11413
• Backport rename of service-account key to 1.20 @johngmyers #11388
• Update verify-terraform to use 0.14.11 @rifelpet #11436
• Create new clusters without forcing a container runtime @hakman #11428
• Allow AWS instance types with multiple architectures @hakman #11463

Please see the release notes for the full list of changes.