Release notes for kOps 1.21 series

⚠ kOps 1.21 has not been released yet! ⚠

This is a document to gather the release notes prior to the release.

Significant changes

Service Account Issuer Discovery and AWS IAM Roles for Service Accounts (IRSA)

kOps now supports publishing an OIDC-compatible discovery document to an S3 bucket and configuring AWS to use it for IAM Roles for Service Accounts (IRSA).

See the Service Account Issuer Discovery documentation for more information.

Dedicated API Server nodes.

kOps now supports extending the control plane with dedicated apiserver nodes. These nodes run in dedicated instance groups that can be scaled horizontally.

In 1.21, this feature is behind a feature flag as node role name, labels, taints, and domains can change based on feedback from the community.

Warm Pool (AWS only)

A Warm Pool contains pre-initialized EC2 instances that can join the cluster significantly faster than regular instances. These instances run the kOps configuration process, pull known Docker images, and then shut down. When the ASG needs to scale out it will pull instances from the warm pool if any are available.

See the warm pool documentation for more information.

Other significant changes

• Protokube now runs as a systemd process rather than a docker container.

• Support for AWS launch configurations has been removed in favour of launch templates.

Breaking changes

• Support for Kubernetes versions 1.13 and 1.14 has been removed.

Required Actions

• To support Node Termination Handler's Queue Process mode, AWS cluster deletion now requires the kops CLI have sqs:ListQueues and events:ListRules permissions regardless of whether or not the addon is used.

Deprecations

• Support for Kubernetes versions 1.15 and 1.16 are deprecated and will be removed in kOps 1.22.

• Support for Kubernetes version 1.17 is deprecated and will be removed in kOps 1.23.

• The legacy location for downloads s3://https://kubeupv2.s3.amazonaws.com/kops/ has been deprecated and will not be used as of kOps 1.22. The new canonical downloads location is https://artifacts.k8s.io/binaries/kops/.

• The manifest based metrics server addon has been deprecated in favour of a configurable addon.

• The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

• The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and might be removed from control plane nodes in kOps 1.23.

• Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

Full change list since 1.21.0-beta.1 release

• Use etcd-manager built from etcdadm repo @justinsb,@hakman #11098
• Release 1.21.0-beta.1 @johngmyers #11408
• [addons/awscsidriver] Bump to GA release @dntosas #11418
• Verify all versions are set correctly @johngmyers #11413
• Update verify-terraform to use 0.15.3 @rifelpet #11433
• Create new clusters without forcing a container runtime @hakman #11428
• Sort --extra-tags of ebs-csi-driver @codablock #11444
• Allow AWS instance types with multiple architectures @hakman #11463
• Add support for CAS 1.21.0 @olemarkus #11462
• 1.21 branch: Announce k8s removals two kOps versions in advance @johngmyers #11490
• Update cert-manager @olemarkus #11493
• Set priorityClassName on critical addons @olemarkus #11495
• fix(coredns/rbac): add permission to list and watch endpointslices @nettoclaudio #11459
• upup: gcetasks: fix diffs in instance template and router @nicktrav #11460
• upup: gcetasks: force send AutoCreateSubnetworks field when set to false @nicktrav #11457
• Spotinst: Update spotinst/ocean-controller to v1.0.75 @liranp #11512
• bump aws lb controller to 2.2.0 @olemarkus #11502
• Set default fstype for ebs volumes to ext4 @olemarkus #11525
• [addons/networking.cilium.io] enable prometheus scraping @ulfox #11514
• Update containerd to v1.4.6 @hakman #11535
• Release images bundle instead of separate images @hakman #11522
• Bump CoreDNS manifests to latest stable version 1.8.3 @dntosas #11500
• Update CAS manifest @olemarkus #11491
• Make events etcd cluster optional @codablock #11330
• Bump default cilium to 1.9.7 @olemarkus #11554
• Add snapshot-controller @olemarkus #10730
• Add snapshot-controller @olemarkus #11561
• Allow using insecure TLS for metrics-server with Kubernetes 1.19+ @hakman #11559
• Cleanup orphaned IAM service account roles in direct render @johngmyers #11497
• Fix deletion of IAM roles and policies @johngmyers #11558