Release notes for kOps 1.23 series

Significant changes

• If the Kubernetes version is 1.23 or later and the external AWS Cloud Controller Manager is
  being used, then Kubernetes Node resources will be named after their AWS instance ID instead of their domain name and
  managed subnets will be configured to launch instances with Resource Based Names.

• Support for ShutdownGracePeriod and ShutdownGracePeriodCriticalPods. By default, kOps will set ShutdownGracePeriod to 30 seconds and ShutdownGracePeriodCriticalPods to 10 seconds if the Kubernetes version is above 1.21.

• By enabling the pod identity webhook, you no longer need to modify your Pod specs to assume IAM roles.

Breaking changes

• Support for Kubernetes version 1.17 has been removed.

• Support for the Lyft CNI has been removed.

• The Weave CNI is not supported for Kubernetes 1.23 or later.

• Support for CentOS 7 has been removed.

• Support for CentOS 8 has been removed.

• Support for Debian 9 has been removed.

• Support for RHEL 7 is has been removed.

• Support for Ubuntu 16.04 (Xenial) has been removed.

• Support for Ubuntu 18.04 (Bionic) has been removed.

• Cilium now has disable-cnp-status-updates: true by default. Set this to false if you rely on the CiliumNetworkPolicy status fields.

Required actions

Deprecations

• Support for Kubernetes version 1.18 is deprecated and will be removed in kOps 1.24.

• Support for Kubernetes version 1.19 is deprecated and will be removed in kOps 1.25.

• All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.

• The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and might be removed from control plane nodes in future versions of kOps.

• Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated and will be removed in kOps 1.24.

• Due to lack of maintainers, the CloudFormation support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this target.

Other changes of note

• The kops create cluster command has a new --discovery-store flag for specifying a public store for the OIDC-compatible discovery documents.
  If this flag is used in AWS, it will enable IRSA.

• If externalDns.provider is external-dns, then externalDns.watchIngress will now default to true.

• This release introduces a v1alpha3 API version. This API version is a work in progress and is likely to be replaced in kOps 1.24.
  It is recommended to keep using the v1alpha2 API version.

• IPv6 pod subnets is in a working state using public IPv6 addresses for the Pod network. This works with both Cilium and Calico. IPv6 is still behind a feature flag until service controllers and addons implement support for IPv6. See the IPv6 documentation.

• The kops rolling-update cluster command has a new --drain-timeout flag for specifying the maximum amount of time to wait when attempting to drain a node. Previously, rolling-updates would attempt to drain a node for an indefinite amount of time. If --drain-timeout is not specified, a default of 15 minutes is applied.

• Fix inconsistent output of kops get clusters -ojson. This will now always return a list (irrespective of a single or multiple clusters) to keep the format consistent. However, note that kops get cluster dev.example.com -ojson will continue to work as previously, and will return a single object.

• Digital Ocean kops now has vpc support. You can specify a network-cidr range while creating the kops cluster. kops resources will be created in the new vpc range. Also supports shared vpc; you can specify the vpc uuid while creating kops cluster.

1.23.0 to 1.23.1

• Add missing permissions to aws lbc for IP targeting @olemarkus #13369
• Add protocol explicitly to services @olemarkus #13383
• If kubetest2 fails cluster validation, we run down before exiting @olemarkus #13373
• Allow duplicate taint keys @olemarkus #13366
• Fix long role names @olemarkus #13364
• update k8s dependencies @heybronson #13397
• Update golangci-lint to v1.45.0 @hakman #13403
• Correctly detect GovCloud regions @mixja #13410
• Do not return a '-1' exit if no keys found and json/yaml output @hierynomus #13378
• Tag on create for remaining CCM privileges @olemarkus #12911
• Update containerd to v1.6.2 @hakman #13455
• Add back hash for containerd v1.6.1 @hakman #13462
• Enable etcd corruption check as mitigatio of 3.5 corruption issue @olemarkus #13454
• Pick the right OS server group when creating cloud groups @ederst #13461
• Only delete node object on GCE @olemarkus #13289
• Bump AWS CNI to version 1.10.3 @MoShitrit #13488
• Update Calico and Canal to v3.21.5 @hakman #13497
• Update to etcd-manager 3.0.20220417 @justinsb #13499
• Revert "Enable etcd corruption check" @hakman #13495
• etcd 3 5 3 @justinsb #13501
• Bump CCM 1.22 and 1.23 images to stable versions @olemarkus #13506
• Update aws-sdk-go to v1.43.41 @hakman #13515
• Revert to using 1.23.0-alpha.0 for AWS CCM @hakman #13514
• add cluster autoscaler pod annotations @heybronson #13511