kubernetes/kops v1.26.2

on GitHub

Significant changes

• The default networking provider for new clusters is now Cilium.

• Control-plane instance groups in new clusters are now created with names starting
  with "control-plane-". The names of groups for existing clusters are unchanged.

• The channels CLI that kOps use to manage addons is now bundled with the kOps binary. These commands are useful for addon diagnostics and troubleshooting. For example, to list installed addons, run kops toolbox addons get addons.

• Since kOps 1.24, by default during rolling updates, kOps will time out after
  spending 15 minutes on an InstanceGroup (instead of hanging indefinitely on
  eviction errors), proceeding to the next InstanceGroup after timing out.
  As of kOps 1.26, rolling updates will not proceed if a cluster validation
  error is encountered while updating an InstanceGroup.

AWS

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

• Bastions are now fronted by a Network Load Balancer.

• Instance group images can now be dynamically fetched through an AWS SSM Parameter.

• The AWS Load Balancer, when enabled, will run on worker nodes if IRSA is enabled as of Kubernetes version 1.24.

• As of Kubernetes version 1.26 and with IRSA enabled, control plane nodes will now run with a max hop limit of 1 for the metadata service. This will prevent Pods without host networking from accessing the instance metadata service.

• IPv6 is now beta. New IPv6 clusters now default to using private topology.

• CapacityRebalance can be enabled/disabled on ASGs through a new capacityRebalance field in InstanceGroup specs.

• New clusters can more easily be configured to use Cilium in ENI mode by setting --networking=cilium-eni.

• Node Termination Handler now defaults to Queue-Processor mode. It also now enables Scheduled Event Draining by default.

• Node Termination Handler, when in Queue-Processor mode, no longer drains on rebalance recommendations unless configured to do so.

• When an S3 bucket for Service Account Issuer Discovery (IRSA) is public, kOps no longer sets object-level ACLs on the files placed therein.

GCP

• Clusters can be created without DNS or Gossip, by using the --dns=none flag (experimental).

• The default instance type is now e2-medium for control-plane and worker nodes, and e2-micro for bastions.

Hetzner

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

OpenStack

• Clusters can be created without DNS or Gossip, by using the --dns=none flag.

• When creating new clusters kOps now sets the cluster name flag for the external OpenStack cloud controller (OCCM) and the Cinder CSI plugin.

Other changes of note

• containerd config is now written to /etc/containerd/config.toml.

• Cilium can be configured to add unreachable route for pod IP on deletion.

Breaking changes

Other breaking changes

• Support for Kubernetes version 1.20 has been removed.

• Support for CloudFormation has been removed.

• The experimental support for using Vault as a state store has been removed.

• Support for automated reboots with Flatcar has been removed. Use FLUO instead, to gracefully reboot nodes.

• The "external" networking option is not supported for Kubernetes 1.26 or later. For "bring your own"
  CNIs, use the "cni" networking option instead.

• If the cluster autoscaler is configured to use the priority expander, kOps will automatically create its ConfigMap. If you still want to manage the ConfigMap manually, set spec.clusterAutoscaler.createPriorityExpanderConfig: false. See the documentation for more details.

Deprecations

• The "kops get [CLUSTER]" command is deprecated. It is replaced by "kops get all [CLUSTER]".

• Support for Kubernetes version 1.21 is deprecated and will be removed in kOps 1.27.

• Support for Kubernetes version 1.22 is deprecated and will be removed in kOps 1.28.

• Support for Ubuntu 18.04 is deprecated and will be removed in kOps 1.28.

• Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.

• All legacy addons are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.

Help Wanted

• kOps needs maintainers for Canal, Flannel, Kube-Router, and Spotinst to keep versions up to date and move the integration from experimental to stable.
  If no volunteers step up by the time kOps 1.27 is released, support will be phased out.

What's Changed

• support for scaleway in s3 buckets by @Mia-Cross in #14214
• AWS IAM Role listing: don't ignore "other" errors by @justinsb in #14215
• Some minor docs fixes by @olemarkus in #14221
• Update dependencies by @github-actions in #14222
• Remove warning for FindClusterStatus not implemented for Hetzner by @hakman in #14223
• Add support for installing dcgm exporter by @olemarkus in #14203
• Release notes for 1.23.4 by @justinsb in #14230
• Makefile: Don't assume GOBIN is set by @justinsb in #14232
• Release notes for 1.24.2 by @justinsb in #14231
• Update Calico and Canal to v3.24.1 by @hakman in #14225
• Update Flannel to v0.19.2 by @hakman in #14226
• applylib: Better health checking by @justinsb in #14234
• Bump cluster-autoscaler images by @olemarkus in #14235
• Allow cert-manager the privileges needed to resolve dns-01 challenges by @olemarkus in #14229
• GCE: change default control-plane instance type to e2-medium by @justinsb in #14233
• Small release notes cleanup for 1.25 by @olemarkus in #14237
• Add suport to --cordon-node-before-terminating autoscaler flag by @dcfranca in #14236
• Fix openstack tag limitation by @akkina2107 in #13853
• Bump versions in netlify and mkdocs by @rifelpet in #14248
• aws-node-termination-handler to match node using providerID instead of AWS DNS name by @anthonyhaussman in #14244
• Update dependencies by @github-actions in #14250
• kOps managed OIDC provider is no longer needed for IRSA by @olemarkus in #14243
• Update recommended kOps versions in alpha and stable by @moshevayner in #14252
• AWS LBC needs ec2:DescribeVpcPeeringConnections for IPv6 by @johngmyers in #14255
• Add back missing permissions for legacy CCM. Again. by @olemarkus in #14253
• Fix CAS cordon flag by @olemarkus in #14254
• Bump verbosity level for some log statements by @olemarkus in #14260
• Warm pool-enabled ASGs scaled to zero will no longer panic by @olemarkus in #14251
• Bump aws-cni to v1.11.4 by @moshevayner in #14265
• aws-cni clusterRole fix by @moshevayner in #14272
• bump k8s versions in alpha with September releases by @moshevayner in #14278
• rolling-update: don't deregister our only apiserver by @justinsb in #13163
• Update dependencies by @github-actions in #14280
• Delete the oldest servers when over the desired count for Hetzner by @hakman in #14282
• Release notes for 1.24.3 by @olemarkus in #14281
• [Docs] Fix karpenter link by @jorge07 in #14284
• Bump stable and alpha channels with latest k8s/kops releases by @olemarkus in #14288
• Prevent kops edit cluster from writing the populated IG spec to state store by @olemarkus in #14287
• User IG without image should be allowed by @olemarkus in #14290
• Remove k8s GTE 1.20 checks as it is always true by @olemarkus in #14291
• Add support for using an existing network for Hetzner by @hakman in #14294
• Update Hetzner CCM to v1.13.0 by @hakman in #14297
• hetzner: Move out of alpha and drop feature flag by @hakman in #14299
• Add release 1.25.0 to channels by @hakman in #14306
• Release notes for 1.25.0 by @hakman in #14305
• Remove support for K8s 1.20 by @olemarkus in #14307
• Hetzner: Generate CCM args from external CCM config by @hakman in #14309
• Release 1.26.0-alpha.1 by @hakman in #14311
• Promote out-of-bound Kubernetes releases by @yurrriq in #14312
• Update dependencies by @github-actions in #14316
• Avoid spurious changes with bastion hosts due to user data by @hakman in #14318
• Replace --vpc flag with --network-id by @hakman in #14295
• Avoid spurious changes with NLB due to access log config by @hakman in #14319
• Add more details to the NTH documentation by @yurrriq in #14323
• cluster-autoscaler : Add iam permission autoscaling:DescribeScalingActivities needed since 1.24 version by @noony in #14317
• Bump peter-evans/create-pull-request from 4.1.1 to 4.1.2 by @dependabot in #14330
• Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by @dependabot in #14331
• Fix typo in doc for enabling cert-manager dns-01 challenges by @ilyasotkov in #14332
• Scaleway init and nodeup by @Mia-Cross in #14322
• Set metrics-server --kubelet-preferred-address-types by k8s version by @hakman in #14336
• Validate --zones flag earlier by @hakman in #14343
• Make kOps release and deprecation policy more clear by @olemarkus in #14342
• Bump Terraform tag to v1.3.0 by @hakman in #14335
• Revert "Set metrics-server --kubelet-preferred-address-types by k8s version" by @hakman in #14349
• hetzner: Fix metrics-server config to use internal IP by @hakman in #14350
• Set higher verbosity when logging Gossip DNS info by @hakman in #14339
• Update channels with the latest Ubuntu images by @hakman in #14351
• Update channels with the latest Ubuntu images by @hakman in #14354
• Scaleway support in protokube by @Mia-Cross in #14345
• Add node/master size from create cluster into IG spec by @olemarkus in #14347
• Ensure kubelet configuration from IG takes precedence over cluster's by @olemarkus in #14333
• Update dependencies by @github-actions in #14358
• gce: memberlist needs TCP also by @justinsb in #14364
• Bump peter-evans/create-pull-request from 4.1.2 to 4.1.3 by @dependabot in #14367
• Always infer gossip DNS from cluster name by @hakman in #14366
• Refactor NodeUp GossipBuilder to EtcHostsBuilder by @hakman in #14368
• Disable rp_filter on cilium hosts by @olemarkus in #14369
• Fix logic for pre-creating DNS records by @hakman in #14377
• Karpenter : fallback on ondemand instance by default by @noony in #14378
• cluster-autoscaler : Add scaleDownUnneededTime and scaleDownUnreadyTime by @noony in #14379
• update node-problem-detector to version 0.8.12 by @jjinno in #14382
• hetzner: Update CCM to v1.13.2 by @hakman in #14386
• Bump EBS CSI driver to 1.12.0 by @olemarkus in #14388
• Remove fsGroupPolicy as it is immutable by @olemarkus in #14390
• Fix default launch spec detection for spotinst by @2solt in #14389
• Update dependencies by @github-actions in #14395
• Let kOps take ownership of any field currently owned by kubectl by @olemarkus in #14362
• nodeup script: accept strongly typed nodeup.Config by @justinsb in #14397
• Fix typo in format string by @justinsb in #14399
• Bump actions/checkout from 3.0.2 to 3.1.0 by @dependabot in #14400
• update k8s cloudprovider openstack images by @zetaab in #14401
• update k8s openstack by @zetaab in #14406
• karpenter: upgrade to version 0.16.3 and support kubeReserved configuration by @noony in #14408
• Deprecate AWS Classic Load Balancer support for API by @hakman in #14410
• Update dependencies by @github-actions in #14412
• Bump k8s and ubuntu ami version in alpha by @moshevayner in #14415
• Bump actions/dependency-review-action from 2.4.0 to 2.5.0 by @dependabot in #14416
• bump Openstack ccm version by @zetaab in #14417
• Remove usage of cluster kubelet config in nodeup by @olemarkus in #14419
• Allow snapshot controller to create volumesnapshotcontent by @TwoStone in #14413
• Ensure kOps doesn't surge on karpenter IGs by @olemarkus in #14423
• Bump AWS CCM to 1.25.1 by @olemarkus in #14424
• get-keypairs: Tolerate key set items without certificates by @seh in #14370
• Move setting role taints to cloudup by @olemarkus in #14420
• Bump alpha and stable channel with the latest kops releases by @olemarkus in #14433
• Log and aggregate errors from rolling update by @olemarkus in #14436
• add option to query AMI IDs from SSM by @heybronson in #14434
• Update dependencies by @github-actions in #14438
• Move Gossip check to cluster struct by @hakman in #14439
• Fix pdb for identity webhook by @olemarkus in #14442
• Update Kubernetes support removal documentation by @johngmyers in #14445
• Remove dead code by @johngmyers in #14446
• Bump peter-evans/create-pull-request from 4.1.3 to 4.2.0 by @dependabot in #14447
• Bump actions/setup-go from 3.3.0 to 3.3.1 by @dependabot in #14448
• Fix 1.22 deprecation notice by @johngmyers in #14449
• Need to setup topology before control plane for IPv6 private topology by @johngmyers in #14455
• hack: add support for dev-build script for scaleway by @remyleone in #14456
• Update containerd to v1.6.9 by @hakman in #14458
• ipv6: Tolerate multiple routes to the same NAT Gateway by @johngmyers in #14461
• Update dependencies by @github-actions in #14467
• Update Calico and Canal to v3.24.3 by @hakman in #14466
• Stop applying the beta.kubernetes.io/os by @pacoxu in #14459
• Fix Prometheus scraping for pod-identity-webhook by @jim-barber-he in #14463
• ipv6: NPE fixes for IPv6-only instances by @johngmyers in #14470
• aws: Set the target group health check interval to 10s by @hakman in #14473
• Bump actions/dependency-review-action from 2.5.0 to 2.5.1 by @dependabot in #14476
• Refactor to avoid looking up SSH keypairs twice by @johngmyers in #14475
• Refactor all normalization code into new Normalize() method by @johngmyers in #14477
• Move GCE project under CloudProvider in v1alpha3 API by @johngmyers in #14443
• Upgrade Amazon VPC CNI to v1.12.0 by @moshevayner in #14485
• Remove well known account aliases for unsupported distros by @johngmyers in #14484
• Update aws.md by @slb235 in #14486
• doc_fix: fixing update cluster command by @swagftw in #14487
• hetzner: Create cluster without DNS or Gossip by @hakman in #14440
• hetzner: Use kops-controller for node bootstrap by @hakman in #14460
• Add e2e template for dedicated APIserver nodes without DNS by @hakman in #14489
• hetzner: Add listener for kops-controller when using it for node bootstrap by @hakman in #14492
• Update dependencies by @github-actions in #14494
• Revert deprecation of positional clustername args by @johngmyers in #14454
• Create NLB instead of CLB for bastion by @johngmyers in #14468
• Deprecate Ubuntu 18.04 by @johngmyers in #14488
• Also dump logs from IPv6 nodes by @johngmyers in #14500
• aws: Create cluster without DNS or Gossip by @hakman in #14452
• aws: delete CLBs after migration to NLB by @johngmyers in #14499
• Update TopologySpec for v1alpha3 API by @johngmyers in #14498
• Set customizable affinity and tolerations for coredns-autoscaler to match main coredns deployment by @moshevayner in #14503
• azure: Update clients to latest (previous) versions by @hakman in #14509
• do: Return ingress addresses even when public name is not set by @hakman in #14508
• AWS CNI template updates by @moshevayner in #14513
• azure: Fix various issues when creating and updating clusters by @hakman in #14514
• Remove support for "external" networking as of k8s 1.26 by @johngmyers in #14511
• Remove obsolete kubenet information from networking.md by @johngmyers in #14512
• aws: Fix TestPolicyGeneration output by @hakman in #14517
• Use bastion to dump private instances by @johngmyers in #14522
• bump k8s patch versions in alpha for November releases by @moshevayner in #14526
• Change the default networking provider to Cilium by @johngmyers in #14524
• Promote Ubuntu Version from Alpha to Stable by @moshevayner in #14525
• Can only request agent forwarding once per connection by @johngmyers in #14529
• Update dependencies by @github-actions in #14528
• Skip the SSH-to-nodes test in private topology by @johngmyers in #14530
• Fix a spot missed when changing default CNI to Cilium by @johngmyers in #14533
• Bump channels by @hakman in #14534
• Add --bastion-image flag to "kops create cluster" by @johngmyers in #14535
• Document that Flatcar can run Calico IPv6 by @johngmyers in #14536
• build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.0 by @dependabot in #14537
• Use local API server on control plane nodes for clusters without DNS by @hakman in #14538
• Use ARM instancetype for ARM images in tests by @johngmyers in #14539
• c7g.large doesn't exist in all regions yet by @johngmyers in #14542
• Clearer error messages around instance types not found by @justinsb in #14544
• Update Go to v1.19.3 by @hakman in #14549
• Update Calico and Canal to latest versions by @hakman in #14551
• Update containerd to v1.6.10 by @hakman in #14550
• Update topology.md by @johngmyers in #14543
• Add missing create tags permissions for cilium operator in ENI mode by @olemarkus in #14563
• Bump AWS Load Balancer Controller to 2.4.5 by @olemarkus in #14540
• Ensure IRSA is enabled when using Karpenter by @olemarkus in #14541
• use sprig join for template functions by @heybronson in #14564
• Remove dead code by @johngmyers in #14565
• Run some scenarios on ARM by @johngmyers in #14548
• Boot nodes without state store access by @hakman in #14501
• Allow using the price-capacity-optimized spot allocation strategy by @olemarkus in #14573
• Add "kops get all" command by @johngmyers in #14532
• aws: Fix SIGSEGV when using instance selector by @hakman in #14576
• Set IMDS max hop limit to 1 for control plane nodes if IRSA is enabled by @olemarkus in #14572
• Update dependencies by @github-actions in #14584
• Bump cilium to 1.11.11 by @olemarkus in #14586
• Update ko to v0.12.0 by @hakman in #14585
• Fix disabling StorageClass management by @olemarkus in #14589
• Switch to using k8s.io/cloud-provider-gcp by @hakman in #14587
• skip Loadbalancer UDP tests by @aojea in #14594
• Stop making MasterInternalName configurable by @johngmyers in #14507
• Add generics alternatives for fi.Bool/Float*/Int*/String*() by @hakman in #14595
• Re-add inadvertently-dropped deprecation notices by @johngmyers in #14596
• New IPv6 clusters now default to private topology by @johngmyers in #14531
• Use generics to refactor fi.Bool/Float*/Int*/String*() by @hakman in #14592
• Remove CloudFormation tests by @johngmyers in #14602
• Fix the keypair-rotation scenario test by @johngmyers in #14604
• Add option for setting Kubernetes feature gates by @hakman in #14577
• build(deps): bump actions/dependency-review-action from 3.0.0 to 3.0.1 by @dependabot in #14607
• v1alpha3: Move API-related settings under API by @johngmyers in #14504
• Update AMI used in many-addons scenarios by @johngmyers in #14610
• Load images before starting the kubelet service by @hakman in #14613
• Miscellaneous non-user-visible API changes by @johngmyers in #14609
• Remove support for IPv6 on Debian by @johngmyers in #14612
• Add minimum version for specifying an AMI through an SSM parameter by @hakman in #14614
• Scaleway cloud interface, model and tasks by @Mia-Cross in #14431
• Add best practices to getting started with GCE docs by @danielvegamyhre in #14569
• kubetest: dump poddisruptionbudgets and fieldManagers by @justinsb in #14624
• Don't use ptr for CAS expander field by @olemarkus in #14625
• Switch IPv6 integration tests to private topology by @johngmyers in #14620
• aws: Add capacityRebalance flag for ASGs by @heybronson in #14583
• Don't serve config from kops-controller for APIServer nodes by @hakman in #14608
• Change the control-plane IG role to "ControlPlane" in v1alpha3 API by @johngmyers in #14545
• Remove CloudFormation support by @johngmyers in #14599
• hetzner: Update CSI driver to v2.0.0 by @hakman in #14632
• Fix missing locking in mock ModifySubnetAttribute() by @johngmyers in #14634
• Add SELinuxMount feature gate by @jsafrane in #14628
• Create new clusters with updated control plane IG names by @johngmyers in #14633
• Add networking flag option for cilium in eni mode by @olemarkus in #14622
• Add a create cluster integration test for openstack by @olemarkus in #14630
• Set AssignIPv6AddressOnCreation on subnets by @johngmyers in #14635
• Write Terraform vpc_cidr_block output for shared VPCs by @johngmyers in #14631
• Additional control-plane terminology changes by @johngmyers in #14643
• Even more control-plane terminology fixes by @johngmyers in #14645
• hetzner: Set default image to ubuntu-20.04 by @hakman in #14647
• Implement subnet "/64#N" notation in Terraform by @johngmyers in #14621
• aws: Limit the number of target groups updated per operation by @hakman in #14648
• gce: Allow Cilium to connect to its etcd cluster by @hakman in #14655
• e2e: always upload to a versioned directory by @justinsb in #14640
• Declare IPv6 on AWS beta by @johngmyers in #14658
• Refactor rendering Terraform functions into constructor by @johngmyers in #14659
• Update dependencies by @github-actions in #14663
• aws: Add ec2:DescribeAvailabilityZones to the AWS CCM permissions list by @lobziik in #14650
• Release 1.26.0-alpha.2 by @johngmyers in #14665
• Disallow use of admissionControl as of k8s 1.26 by @johngmyers in #14670
• We no longer release an images.tar.gz by @johngmyers in #14667
• Update release process by @hakman in #14675
• Update Calico documentation and validation by @johngmyers in #14671
• Don't disable AWS src/dst checks in Calico IPv6 by @johngmyers in #14672
• Remove obsolete document by @johngmyers in #14678
• Bump peter-evans/create-pull-request from 4.2.0 to 4.2.2 by @dependabot in #14681
• Apply: Migration from CSA to SSA; set operation and merge by @justinsb in #14626
• aws: remove obsolete workaround code by @johngmyers in #14684
• Refactor terraformWriter.Literal by @johngmyers in #14680
• Refactor IPv6 use of terraformWriter.Literal by @johngmyers in #14686
• Add id_ed25519 to auto-loaded ssh keys by @Mia-Cross in #14638
• Revert "Calico: Work around host port/conntrack problem" by @johngmyers in #14685
• v1alpha3: document field name changes by @johngmyers in #14688
• v1alpha3: use new terminology for kubelet config by @johngmyers in #14669
• v1alpha3: fix miscellaneous capitalization by @johngmyers in #14689
• Remove support for using Vault as state store by @hakman in #14692
• Use newer terminology in validation by @johngmyers in #14697
• Fix edit.HasExtraFields() by @johngmyers in #14696
• Stop trying to populate arbitrary cluster fields from the channel by @johngmyers in #14691
• Fix Cilium ENI ipam by @olemarkus in #14694
• Refactor writing of terraform block by @johngmyers in #14698
• Update dependencies by @github-actions in #14705
• aws: Skip Route53 cleanup for clusters without DNS by @hakman in #14707
• Update OWNERS files by @hakman in #14704
• gce: Add integration tests for clusters with many addons by @hakman in #14712
• metrics-server: Set preferred address type to InternalIP when non AWS by @hakman in #14709
• Bump actions/setup-go from 3.3.1 to 3.4.0 by @dependabot in #14716
• Bump peter-evans/create-pull-request from 4.2.2 to 4.2.3 by @dependabot in #14717
• Use AWS CCM 1.26.0-alpha.1 for k8s 1.26 clusters by @olemarkus in #14718
• Refactor writing of Terraform data sources by @johngmyers in #14713
• Expose channels through CLI by @olemarkus in #14072
• A couple of static checks cleanups by @olemarkus in #14719
• gce: Set AUTOSCALER_ENV_VARS in instance template metadata by @hakman in #14703
• upgrade authentication.aws to v0.5.12 by @nnmin-aws in #14720
• Upgrade Node Termination Handler to 1.18.1 and fix some issues by @johngmyers in #14715
• gce: Update default instance types by @hakman in #14701
• gce: Allow metrics-server to access kubelet API by @hakman in #14722
• Scaleway create cluster by @Mia-Cross in #14641
• gce: Update cluster-autoscaler config by @hakman in #14700
• Refactor ListResources to not require passing the Cluster object by @hakman in #14724
• Update documentation and validation for Cilium by @johngmyers in #14676
• Refactor writing Terraform resources by @johngmyers in #14723
• v1alpha3: move networking fields under networking by @johngmyers in #14706
• Change default for NTH Queue Processor mode to enabled by @johngmyers in #14721
• Allow cluster-autoscaler to run on spot if nothing else is available by @johngmyers in #14593
• scaleway: migrate account API to IAM API by @Mia-Cross in #14733
• Update etcd to v3.5.6 by @hakman in #14734
• aws: Use EnsureTask to reference shared target groups by @hakman in #14737
• Make curl fail on 404 in scenario tests by @olemarkus in #14740
• aws: Add support for managing target group attributes by @hakman in #14738
• OpenStack: Refactor Load Balancer builder by @olemarkus in #14742
• kops-controller: increase verbosity level on logs in gossip controller by @olemarkus in #14745
• bump k8s versions and ubuntu ami version in alpha channel by @moshevayner in #14747
• Overflow wrap the content column so content doesn't go under right sidebar and not be readable by @NorseGaud in #14746
• Enable NTH Scheduled Event Draining by default by @johngmyers in #14750
• trying to fix the broken list items for ECR permissions by @NorseGaud in #14748
• Bump kOps versions in alpha and stable channels by @hakman in #14751
• Update etcd-manager to v3.0.20221209 by @hakman in #14752
• Promote alpha channel to stable by @hakman in #14754
• Refactor writing Terraform providers by @johngmyers in #14730
• Update dependencies by @hakman in #14762
• Refactor writing Terraform outputs, etc. by @johngmyers in #14763
• Bump cilium version to 1.12.4 by @olemarkus in #14732
• Bump EBS CSI driver to 1.13.0 by @olemarkus in #14770
• Rename field from ManagedFile.Public to ManagedFile.PublicACL by @hakman in #14775
• Update Go to v1.19.4 by @hakman in #14779
• Update containerd to v1.6.12 by @hakman in #14782
• Introduce context.Context into some of our "Context" objects by @justinsb in #14778
• scaleway : nodeidentity by @Mia-Cross in #14736
• Guess cloud provider from state store path by @hakman in #14768
• Get AWS zones list from AWS SDK by @johngmyers in #14683
• Calico: Don't try to upgrade IPAM in IPv6 clusters by @johngmyers in #14773
• OpenStack: allow no lbclient when checking for vipacl by @olemarkus in #14743
• Update GCE integration tests by @hakman in #14786
• gce: Add support for clusters without DNS by @hakman in #14769
• Update containerd to v1.6.13 by @hakman in #14789
• scaleway: list and delete resources by @Mia-Cross in #14731
• Update dependencies by @github-actions in #14793
• Always use load balancer address in kubeconfig by @hakman in #14729
• Upgrade AWS CCM to v1.26.0 by @johngmyers in #14794
• Don't drain on rebalance recommendations in SQS mode unless configured by @johngmyers in #14771
• Upgrade older AWS CCM minor versions by @johngmyers in #14795
• NTH: add API validation against unsupported option configurations by @johngmyers in #14796
• Support public buckets for serviceAccountIssuers on S3 by @johngmyers in #14799
• Always include load balancer domain in APIServer certificate by @johngmyers in #14800
• NTH: Remove unnecessary configuration in Queue Processor mode by @johngmyers in #14792
• Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #14803
• Bump actions/setup-go from 3.4.0 to 3.5.0 by @dependabot in #14802
• Bump actions/dependency-review-action from 3.0.1 to 3.0.2 by @dependabot in #14801
• Bump metrics-server to 0.6.2 by @johngmyers in #14805
• Base OpenStack API resources on cluster name if public name is not set by @olemarkus in #14806
• Add call for experimental-CNI maintainers by @johngmyers in #14804
• Refactor Context into separate cloudup and nodeup types by @johngmyers in #14444
• v1alpha3: move AWS-specific fields to AWSSpec by @johngmyers in #14664
• v1alpha3: Move AWS EBS CSI spec under CloudProvider.AWS by @johngmyers in #14810
• Trim some fields from fi.Context by @johngmyers in #14809
• Move kops-controller client into its own package by @justinsb in #14727
• Update containerd to v1.6.14 by @hakman in #14815
• Upgrade k8s-dns-node-cache to 1.22.15 by @johngmyers in #14818
• Upgrade coredns to v1.10.0 by @johngmyers in #14823
• v1alpha3: Move some GCE-specific fields to CloudProvider.GCE by @johngmyers in #14813
• Separate out a fi.InstallContext by @johngmyers in #14814
• Remove nodeup's unused cloudinit target by @johngmyers in #14822
• Update cert-manager to v1.10.1 by @hakman in #14824
• Move Cluster into CloudupSubContext by @johngmyers in #14825
• Update AWS test scenarios by @hakman in #14826
• Use cluster autoscaler 1.26 on k8s 1.26 clusters by @olemarkus in #14828
• vfs: avoid early initialization of GCS client by @justinsb in #14831
• Cleanup double-license header in file by @justinsb in #14833
• Move more state out of the shared fi.Context by @johngmyers in #14830
• Use OnDelete update strategy for node local dns cache by @olemarkus in #14835
• vfs: add context to s3 functions by @justinsb in #14832
• Fix logspam on debian by @justinsb in #14836
• Use --set instead of deprecated --override flag by @hakman in #14838
• Bump EBS CSI driver to 1.14.0 by @olemarkus in #14829
• Update resource tracking test scenario by @hakman in #14840
• Fix logging of the generated e2e cluster name by @hakman in #14842
• Bump cilium to 1.12.5 by @olemarkus in #14841
• Update resource tracking test scenario, again by @hakman in #14844
• VFS: Add context to internals of Openstack Swift client by @justinsb in #14843
• openstack: Refactor DNS client initialization by @hakman in #14847
• Validate control-plane IG size by @hakman in #14848
• vfs: cleanup of SSH code by @justinsb in #14853
• vfs: azure client support for context and defer client construction by @justinsb in #14851
• vfs: wire context into SSHPath by @justinsb in #14852
• Context threading: more wiring by @justinsb in #14797
• AWS: Use pagination for DescribeImages call by @johngmyers in #14854
• Upgrade external-dns to 0.13.1 by @johngmyers in #14855
• Allow migration from Gossip DNS to no DNS by @hakman in #14846
• Validate external-dns not being used for IPv6 clusters by @johngmyers in #14856
• Update dependencies by @github-actions in #14857
• Automated cherry pick of #14888: Fix ingress status for loadbalancers that does not have by @zetaab in #14890
• Automated cherry pick of #14880: Use short service name with discovery labels by @johngmyers in #14892
• Automated cherry pick of #14897: Include SSHCredentials in create cluster dryrun output by @johngmyers in #14900
• Automated cherry pick of #14902: etcd domains are now under .internal. by @johngmyers in #14903
• Automated cherry pick of #14887: set loadbalancer configs before initializing the OS by @zetaab in #14889
• Automated cherry pick of #14907: APIServer nodes also need apiserverAdditionalIPs by @johngmyers in #14908
• Don't expose v1alpha3 API by @johngmyers in #14893
• Automated cherry pick of #14937: Improve error message when trying to use IPv6 with amazonvpc by @johngmyers in #14938
• Automated cherry pick of #14923: Do not include tags when searching existing volumes in by @zetaab in #14924
• Automated cherry pick of #14929: Prune admission webhooks by @johngmyers in #14940
• Automated cherry pick of #14941: Don't tag public subnets for internal LBs in IPv6 clusters by @johngmyers in #14942
• Automated cherry pick of #14966: Bump EBS CSI driver to 1.14.1 by @johngmyers in #14967
• Automated cherry pick of #14951: Upgrade k8s-dns-node-cache to 1.22.16 by @johngmyers in #14968
• Automated cherry pick of #14194: Add a flag to rolling update to fail immediately on IG by @olemarkus in #14970
• Automated cherry pick of #14974: Update containerd to v1.6.15 by @hakman in #14975
• Automated cherry pick of #14913: Run pods needing control-plane instance credentials on by @johngmyers in #14977
• Automated cherry pick of #14978: Update Go to v1.19.5 by @hakman in #14979
• Update dependencies for kOps 1.26 by @hakman in #14982
• Automated cherry pick of #14983: Use state store for nodeup.Config in Gossip clusters by @hakman in #14984
• Automated cherry pick of #14920: Populate cluster with default values in kops replace by @hakman in #14985
• Automated cherry pick of #14519: feat(cluster-autoscaler): autogenerate priority-expander by @olemarkus in #14971
• Automated cherry pick of #14986: Infer the dns suffix from the cluster name for by @hakman in #14987
• Automated cherry pick of #14930: no dns for OpenStack by @hakman in #14989
• Release 1.26.0-beta.2 by @johngmyers in #14992
• Automated cherry pick of #14993: Rename version.go to kops-version.go by @johngmyers in #14995
• Automated cherry pick of #15002: Run kops-controller server on non-leaders as well by @hakman in #15009
• Automated cherry pick of #15011: Upgrade AWS CCM to 1.25.2 by @johngmyers in #15012
• Automated cherry pick of #15006: update OpenStack node identifier to use Identifier instead of by @hakman in #15014
• Automated cherry pick of #14959: move openstack cloud config to k8s secrets
  #15001: Use kops-controller to boostrap nodes in OpenStack by @hakman in #15017
• Automated cherry pick of #15000: support multiple ConfigServers by @hakman in #15018
• Automated cherry pick of #15020: Upgrade Node Termination Handler to 1.18.3 by @johngmyers in #15023
• Automated cherry pick of #15024: make openstack kops-controller boostrap auth better by @zetaab in #15048
• Automated cherry pick of #15055: remove condition path exists by @zetaab in #15056
• Automated cherry pick of #15054: Always disable the reboot manager for Flatcar by @hakman in #15058
• Automated cherry pick of #15072: Update containerd to v1.6.16 by @hakman in #15073
• Automated cherry pick of #15078: disable kops-configuration.service after successful execution by @zetaab in #15085
• Automated cherry pick of #15083: Allow setting 'ignore-volume-microversion' for OCCP by @zetaab in #15086
• Automated cherry pick of #15081: azure: Use Basic SKU for the API LB by @hakman in #15082
• Update etcd to v3.5.7 by @hakman in #15088
• Automated cherry pick of #15091: add k8s node labels by @zetaab in #15092
• Automated cherry pick of #15096: Use ubuntu18.04 repos for nvidia-container-toolkit by @zetaab in #15100
• Automated cherry pick of #15105: aws: Remove S3 region validation by @hakman in #15106
• Automated cherry pick of #15111: Switch contained config file path to by @hakman in #15113
• Automated cherry pick of #15052: bump aws-cni to 1.12.1 and re-order some manifests for a
  #15109: bump aws cni to v1.12.2 by @hakman in #15123
• Revert "Automated cherry pick of #15078: disable kops-configuration.service after successful execution" by @hakman in #15130
• Automated cherry pick of #15134: Use registry.k8s.io for legacy addons by @hakman in #15136
• Automated cherry pick of #15139: add clustername to ccm opts by @zetaab in #15142
• Automated cherry pick of #15145: remove s3 access from nodes if using none dns by @hakman in #15146
• Automated cherry pick of #15147: remove cadvisor and etcd client fw rule by @zetaab in #15148
• Automated cherry pick of #15141: hetzner: add dependency logic to deletion by @hakman in #15149
• Automated cherry pick of #15131: Update containerd to v1.6.17 by @hakman in #15132
• Update dependencies by @hakman in #15097
• Automated cherry pick of #15095: Pass actual cluster name to cinder-csi-plugin by @ederst in #15152
• Automated cherry pick of #15153: Add terraform target support for configuring Warm Pool by @hakman in #15154
• Automated cherry pick of #15160: Update Go to v1.19.6 by @hakman in #15161
• Automated cherry pick of #15169: update openstack csi & ccm versions by @zetaab in #15170
• Automated cherry pick of #15159: Update containerd to v1.6.18 by @hakman in #15163
• Automated cherry pick of #15069: openstack verifier: support IPv6
  #15138: exit gracefully if server already exists in k8s by @hakman in #15178
• Automated cherry pick of #15180: set node status update freq to 60min in OpenStack by @zetaab in #15182
• Automated cherry pick of #15183: nodelocaldns: Add possibility to set ExternalCoreFile by @hakman in #15185
• Automated cherry pick of #15040: gce: When using network native pod IPs, open firewall to by @hakman in #15188
• Automated cherry pick of #15186: gce: Don't reconcile routes when running with "gce" by @hakman in #15201
• Automated cherry pick of #15198: Update Go to v1.19.7 by @hakman in #15199
• Release 1.26.0 by @hakman in #15203
• Automated cherry pick of #15121 release 1.26 by @justinsb in #15207
• Update dependencies for kOps 1.26 by @hakman in #15209
• Release 1.26.1 by @hakman in #15210
• Automated cherry pick of #15035: Set the nonMasqueradeCIDR for GCE networking
  by @justinsb in #15212
• Automated cherry pick of #14962: gce: KCM should not allocate IPs when CCM is in use.
  by @justinsb in #15214
• Cherry pick: gce cloud-controller-manager: Add nodes/patch permission by @justinsb in #15216
• Automated cherry pick of #15110: gce: Always apply the metadata-proxy-ready node label
  by @justinsb in #15215
• Release 1.26.2 by @justinsb in #15217

New Contributors

• @dcfranca made their first contribution in #14236
• @akkina2107 made their first contribution in #13853
• @noony made their first contribution in #14317
• @ilyasotkov made their first contribution in #14332
• @jjinno made their first contribution in #14382
• @2solt made their first contribution in #14389
• @TwoStone made their first contribution in #14413
• @pacoxu made their first contribution in #14459
• @slb235 made their first contribution in #14486
• @swagftw made their first contribution in #14487
• @danielvegamyhre made their first contribution in #14569
• @jsafrane made their first contribution in #14628
• @lobziik made their first contribution in #14650
• @nnmin-aws made their first contribution in #14720
• @NorseGaud made their first contribution in #14746

Full Changelog: v1.25.0-beta.1...v1.26.2