Release notes for kOps 1.20 series

Significant changes

• Default container runtime is now set to containerd for new clusters running Kubernetes 1.20.0+.

• Added experimental Azure support. To get started check the docs

• Default settings for AWS instances are updated to take advantage of recent performance and security features:

  • Default etcd volumes encryption changes to enabled for newly created clusters
  • Default root volume encryption changes to enabled
  • Default etcd volumes type changes from gp2 to gp3
  • Default root volume type changes from gp2 to gp3

• Added template funtions for kubernetes version based on channel data.

• kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.

• Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""

• Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.18.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

• Support for Kubernetes 1.11 and 1.12 has been removed.

• Support for Terraform version 0.11 has been removed.

• Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions 0.12.26+ and 0.13.0+.

Required Actions

• If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (k8s-ec2-srcdst) deployment that was previously deprecated and replaced with the new awsSrcDstCheck feature.

• If you are using self-hosted channels files, you have to add the new architectureID field, with one of the amd64 or arm64 values.

• If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.

• If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the node-role.kubernetes.io/control-plane:NoSchedule toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

• Support for Kubernetes versions 1.13 and 1.14 are deprecated and will be removed in kOps 1.21.

• The manifest based metrics server addon has been deprecated in favour of a configurable addon.

• The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

• The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22

• The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.

• Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

• Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Full change list since 1.20.2 release

• Also set haveUserInfo=true in case --user was provided in "kops export kubecfg" @codablock #11778
• Handle containerExec hooks when using containerd @hakman #11852
• Update aws-sdk-go to v1.37.33 for kOps 1.20 @hakman #11858
• Include GCP Project in terraform HCL2 output @rifelpet #11901
• cluster validation - allow flapping of validation errors @rifelpet #11049
• Add log rotation for etcd-cilium.log @hakman #11943
• Don't ignore channel value in toolbox template @hakman #12464
• Update containerd and Docker for kOps 1.20 @hakman #12509