Release notes for kOps 1.21 series
⚠ kOps 1.21 has not been released yet! ⚠
This is a document to gather the release notes prior to the release.
Significant changes
Service Account Issuer Discovery and AWS IAM Roles for Service Accounts (IRSA)
kOps now supports publishing an OIDC-compatible discovery document to an S3 bucket and configuring AWS to use it for IAM Roles for Service Accounts (IRSA).
See the Service Account Issuer Discovery documentation for more information.
Dedicated API Server nodes.
kOps now supports extending the control plane with dedicated apiserver nodes. These nodes run in dedicated instance groups that can be scaled horizontally.
In 1.21, this feature is behind a feature flag as node role name, labels, taints, and domains can change based on feedback from the community.
Warm Pool (AWS only)
A Warm Pool contains pre-initialized EC2 instances that can join the cluster significantly faster than regular instances. These instances run the kOps configuration process, pull known Docker images, and then shut down. When the ASG needs to scale out it will pull instances from the warm pool if any are available.
See the warm pool documentation for more information.
Other significant changes
-
Protokube now runs as a systemd process rather than a docker container.
-
Support for AWS launch configurations has been removed in favour of launch templates.
-
kOps can now use Node Termination Handler's Queue Processor mode, which offers more functionality than the IMDS Processor mode. See the addons page for more information.
-
New addon for the CSI snapshot-controller.
Breaking changes
- Support for Kubernetes versions 1.13 and 1.14 has been removed.
Required Actions
- To support Node Termination Handler's Queue Process mode, AWS cluster deletion now requires the kops CLI have
sqs:ListQueues
andevents:ListRules
permissions regardless of whether or not the addon is used.
Deprecations
-
Support for Kubernetes versions 1.15 and 1.16 are deprecated and will be removed in kOps 1.22.
-
Support for Kubernetes version 1.17 is deprecated and will be removed in kOps 1.23.
-
The legacy location for downloads
s3://https://kubeupv2.s3.amazonaws.com/kops/
has been deprecated and will not be used as of kOps 1.22. The new canonical downloads location ishttps://artifacts.k8s.io/binaries/kops/
. -
The manifest based metrics server addon has been deprecated in favour of a configurable addon.
-
The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.
-
The
node-role.kubernetes.io/master
andkubernetes.io/role
labels are deprecated and might be removed from control plane nodes in kOps 1.23. -
Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.
Full change list since 1.21.0-beta.2 release
- Release 1.21.0-beta.2 @johngmyers #11567
- Allow Spotinst to use comma separated instance types @hakman #11560
- Only allow deletion of snapshots owned by the cluster @olemarkus #11571
- Only update kubeconfig user when we have user info @justinsb #11584
- Update Calico to v3.19.1 @hakman #11594
- Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet @johngmyers #11590
- Add init image field for Amazon VPC CNI @ryan-dyer #11602
- Fix duplicate CopyFile tasks @johngmyers #11619
- Update Go to v1.16.4 @hakman #11626
- Set lifecycle on WarmPool task @johngmyers #11618
- Consolidate CSI livenessprobe images for multi-arch support @rifelpet #11652
- Fix jwks object path in S3 for IRSA @h3poteto #11649
- Set canonical location for downloads to artifacts.k8s.io @hakman #11486
- Drop trailing slash from oidc issuer @olemarkus #11682
- Update Go to v1.16.5 @hakman #11686
- Add support for Docker v20.10.7 @hakman #11674