github kubernetes/kops v1.22.0-alpha.2

latest releases: v1.31.0-alpha.1, v1.30.1, v1.30.0...
pre-release3 years ago

Release notes for kOps 1.22 series

⚠ kOps 1.22 has not been released yet! ⚠

This is a document to gather the release notes prior to the release.

Significant changes

Instance metadata service version 2

On AWS, kOps will enable Instance Metadata Service Version 2 and require tokens on new clusters with Kubernetes 1.22. In addition, the following max hop limits will be set by default:

  • worker and API server Nodes, and bastions, will have a limit of 1 hop.
  • control plane nodes will have a limit of 3 hops to accommodate for controller Pods without host networking that need to assume roles.

This will increase security by default, but may break some types of workloads. In order to revert to old behavior, add the following to the InstanceGroup:

spec:
  instanceMetadata:
    httpTokens: optional

Other significant changes

  • New clusters on AWS will no longer provision an SSH public key by default. To provision
    an SSH public key on a new cluster, use the --ssh-public-key flag to kops create cluster.

  • The kOps Terraform support now renders managed files through the Terraform configuration instead
    of writing them to S3 directly. This defers changes to these files until the time of terraform apply.
    This feature may be temporarily disabled by turning off the TerraformManagedFiles feature flag
    using export KOPS_FEATURE_FLAGS="-TerraformManagedFiles".

  • kOps now implements graceful rotation of its Certificate Authorities and the service
    account signing key. See the documentation on How to rotate all secrets / credentials

  • New clusters running Kubernetes 1.22 will have AWS EBS CSI driver enabled by default.

Breaking changes

  • Support for Kubernetes versions 1.15 and 1.16 has been removed.

  • The legacy location for downloads s3://https://kubeupv2.s3.amazonaws.com/kops/ has been deprecated and will not be used for new releases. The new canonical downloads location is https://artifacts.k8s.io/binaries/kops/.

  • The assets phase of kops update cluster has been removed. It is replaced by the new kops get assets --copy command.

  • Support for importing and converting kubeup clusters has been removed.

Required actions

  • The kOps Terraform support now renders managed files through the Terraform configuration instead
    of writing them to S3 directly. If, after upgrading kOps and applying a new Terraform plan,
    you subsequently downgrade to an earlier version of kOps, the generated plan will delete these
    files, breaking the cluster. Prior to applying the plan, you will need to orphan all the
    aws_s3_bucket_object objects the plan wants to destroy. Use terraform state rm on each of them.
    Then re-run terraform plan until there are no such objects in the plan.

    If you applied the plan without first orphaning all of these objects, fix the cluster by re-running
    kops update cluster --target terraform.

Deprecations

  • Support for Kubernetes version 1.17 is deprecated and will be removed in kOps 1.23.

  • Support for Kubernetes version 1.18 is deprecated and will be removed in kOps 1.24.

  • Support for the Lyft CNI is deprecated and will be removed in kOps 1.23.

  • Support for CentOS 7 is deprecated and will be removed in future versions of kOps.

  • Support for CentOS 8 is deprecated and will be removed in future versions of kOps.

  • Support for Debian 9 (Stretch) is deprecated and will be removed in future versions of kOps.

  • Support for RHEL 7 is deprecated and will be removed in future versions of kOps.

  • Support for Ubuntu 18.04 (Bionic) is deprecated and will be removed in future versions of kOps.

  • The manifest based metrics server addon has been deprecated in favour of a configurable addon.

  • The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.

  • The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and might be removed from control plane nodes in kOps 1.23.

  • Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.

  • Due to lack of maintainers, the CloudFormation support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this target.

Other changes of note

  • It is no longer necessary to set AWS_SDK_LOAD_CONFIG=1 in the environment when using AWS assumed roles with the kops CLI.

  • There is a new command kops get assets for listing image and file assets used by a cluster.
    It also includes a --copy flag to copy the assets to local repositories.
    See the documentation on Using local asset repositories for more information.

Full change list since 1.22.0-alpha.2 release

Don't miss a new kops release

NewReleases is sending notifications on new releases.