kOps 1.21.1 is the latest in the 1.21 series, with support for kubernetes 1.21.
Significant changes in 1.21 series
Service Account Issuer Discovery and AWS IAM Roles for Service Accounts (IRSA)
kOps now supports publishing an OIDC-compatible discovery document to an S3 bucket and configuring AWS to use it for IAM Roles for Service Accounts (IRSA).
See the Service Account Issuer Discovery documentation for more information.
Dedicated API Server nodes.
kOps now supports extending the control plane with dedicated apiserver nodes. These nodes run in dedicated instance groups that can be scaled horizontally.
In 1.21, this feature is behind a feature flag as node role name, labels, taints, and domains can change based on feedback from the community.
Warm Pool (AWS only)
A Warm Pool contains pre-initialized EC2 instances that can join the cluster significantly faster than regular instances. These instances run the kOps configuration process, pull known container images, and then shut down. When the ASG needs to scale out it will pull instances from the warm pool if any are available.
See the warm pool documentation for more information.
Other significant changes
-
Protokube now runs as a systemd process rather than a docker container.
-
Support for AWS launch configurations has been removed in favour of launch templates.
-
kOps can now use Node Termination Handler's Queue Processor mode, which offers more functionality than the IMDS Processor mode. See the addons page for more information.
-
New addon for the CSI snapshot-controller.
Breaking changes
- Support for Kubernetes versions 1.13 and 1.14 has been removed.
Required Actions
-
The ClusterRoleBinding for AWS EBS CSI DaemonSet has changed name. If you installed this addon before kOps 1.21, you need run
kubectl delete crb ebs-csi-node-binding
. -
To support Node Termination Handler's Queue Process mode, AWS cluster deletion now requires the kops CLI have
sqs:ListQueues
andevents:ListRules
permissions regardless of whether or not the addon is used.
Deprecations
-
Support for Kubernetes versions 1.15 and 1.16 is deprecated and will be removed in kOps 1.22.
-
Support for Kubernetes version 1.17 is deprecated and will be removed in kOps 1.23.
-
Support for CentOS 7 is deprecated and will be removed in future versions of kOps.
-
Support for CentOS 8 is deprecated and will be removed in future versions of kOps.
-
Support for Debian 9 (Stretch) is deprecated and will be removed in future versions of kOps.
-
Support for RHEL 7 is deprecated and will be removed in future versions of kOps.
-
Support for Ubuntu 18.04 (Bionic) is deprecated and will be removed in future versions of kOps.
-
The legacy location for downloads
s3://https://kubeupv2.s3.amazonaws.com/kops/
has been deprecated and will not be used as of kOps 1.22. The new canonical downloads location ishttps://artifacts.k8s.io/binaries/kops/
. -
The manifest based metrics server addon has been deprecated in favour of a configurable addon.
-
The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.
-
The
node-role.kubernetes.io/master
andkubernetes.io/role
labels are deprecated and might be removed from control plane nodes in kOps 1.23. -
Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.
Full change list since 1.21.0 release
- Release 1.21.0 @justinsb #11908
- Add log rotation for etcd-cilium.log @hakman #11943
- check if the instance is under an asg @olivierpilotte #11958
- Cilium etcd fixes @olemarkus #11961
- Use regional STS endpoint @johngmyers #12043
- Update containerd to v1.4.8 @hakman #12059
- Update core-dns to v1.8.4 @hakman #12062
- Update Docker to v20.10.8 @hakman #12096
- Make metrics-server insecure if insecure is true @olemarkus #12114
- Update Calico to v3.19.2 @hakman #12125
- Fix cases when the VPC doesn't exist yet for vpccidrblocks in 1.21 @mikesplain #12126
- Fix disabling unattended upgrades @olemarkus #12123
- Support Debian 11 Bullseye @ReillyBrogan #12108
- Bump cilium to 1.9.9 @olemarkus #12146
- Reconcile if managedFile is public or not @olemarkus #12148
- leverage proxy env variables @aojea #12150
- Update Go to v1.16.7 @hakman #12153
- Debian 11: Release AMIs use same AWS Owner ID as Buster @ReillyBrogan #12161
- Log s3 acl in additional cases @olemarkus #12167
- Hardcode Flatcar containerd exec command @hakman #12177
- Backport moving updatePolicy to nodeup config @ReillyBrogan #12175
- Add option in Cluster Autoscaler AddOn for AWS EC2 Static instance list @amitpd #12187
Please see the release notes for the full list of changes.