Significant changes

Deferred deletion / pruning phase

Some infrastructure changes are potentially disruptive to the continued
operation of the cluster. For the most disruptive operations, particularly
those that break rolling-update of the cluster, we have started to use deferred
deletion to minimize the impact. For example, on AWS we create a second NLB
during the kops update phase when we cannot change the NLB directly.
kops update will report that a --prune is needed. To minimize disruption,
we recommend you perform this after a rolling-update, for example:

kops update $MYCLUSTER --yes --admin
kops rolling-update $MYCLUSTER --yes
kops update $MYCLUSTER --yes --admin --prune # NEW!

Deferred deletion is currently used to safely introduce security groups for NLBs on AWS,
and to move to an internal load balancer for kops-controller on GCP.

Initial OpenTelemetry Support

We are starting to add (experimental) support for OpenTelemetry,
in particular Tracing support. Setting OTEL_EXPORTER_OTLP_TRACES_FILE
will write a trace file which can then be read by the traceserver program.
More information and options are described in docs/opentelemetry.md.
The tracing data is not expected to be particularly useful for end-users in
this release; the (non-standard) recording approach is instead intended to
work well with our Prow end-to-end testing system so that developers can
optimize kOps.

Please note: this is not telemetry in the "phone-home" sense.
The kOps project does not collect data from your machine. As an
open-source project we do not even want to collect any of your data.
Currently the only OpenTelemetry backend supported is writing to a
filesystem (and it is opt-in). In future you will be able to configure
other OpenTelemetry backends, but this data will only be sent if
you enable OpenTelemetry, and only sent to where you configure.

AWS

Network Load Balancers in front of the Kubernetes API and bastion hosts now
have a security group attached. These security groups are used for security group rules
allowing incoming traffic to the NLBs as well as traffic between the NLBs and their target
instances.
Posts event data to URL upon instance interruption action in aws-node-termination-handler with WEBHOOK_URL.

GCP

As of Kubernetes version 1.29, credentials for private GCR/AR repositories will be handled by the out-of-tree credential provider. This is an additional binary that each instance downloads from the assets repository.
Two additional StorageClasses are created on GCP clusters. These are called balanced-csi and ssd-csi and utilize the GCP Balanced and SSD Persistent Disk volume types respectively.
Breaking Change - the default StorageClass has been changed from standard-csi to balanced-csi.
We now use a private load-balancer for in-cluster traffic on GCP, which allows us
to use network tags to restrict access only to the cluster nodes.

Breaking changes

Other breaking changes

kops toolbox dump limits the number of nodes dumped to 500 by default. Use --max-nodes to override.
Support for Kubernetes version 1.23 has been removed.

Known Issues

The Amazon VPC CNI is now compatible with Ubuntu 22.04. Fix applied via kubernetes/kops#16313.

Deprecations

Support for Kubernetes version 1.24 is deprecated and will be removed in kOps 1.30.
Support for Kubernetes version 1.25 is deprecated and will be removed in kOps 1.31.
Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.
All unmanaged addons (in addons/) are deprecated in favor of managed addons, including the metrics server addon and the autoscaler addon.

What's Changed

aws: Add option to provide multiple instance types on cluster creation by @hakman in #15854
Release 1.29.0-alpha.0 by @hakman in #15858
Fix warmpool to expose dependencies for dependency analysis by @justinsb in #15848
Remove support for Kubernetes 1.23 by @johngmyers in #15860
Only run one replica of controller pods on non-HA clusters by @justinsb in #15868
Default to 100.64.0.0/13 as IPv4 service cluster IP range by @hakman in #15866
Improve status printing when tasks are in progress by @justinsb in #15847
Clarify comment on nonMasqueradeCIDR field. by @justinsb in #15869
Use mixed instances for scale tests by @hakman in #15859
Remove dead code for in-tree CCM by @johngmyers in #15872
Legacy control-plane node labels are no longer used by @johngmyers in #15874
Allow setting additional flags for apiserver, kcm and scheduler by @hakman in #15877
Allow setting resource.Quantity from the command line by @hakman in #15876
Tune apiserver, kcm and scheduler flags for scale performance tests by @hakuna-matatah in #15875
Remove Docker config option by @hakman in #15871
Update ko to v0.14.1 by @hakman in #15879
Update Calico to v3.25.2 by @hakman in #15878
ENI Cleanup Improvements by @rifelpet in #15884
Release 1.29.0-alpha.1 by @johngmyers in #15889
Update dependencies by @github-actions in #15890
Update Go to v1.21.1 by @hakman in #15893
Remove metadata-proxy from GCE Clusters from 1.29+ onwards by @upodroid in #15885
Implement Cilium Ingress by @zadjadr in #15795
Bump actions/dependency-review-action from 3.0.8 to 3.1.0 by @dependabot in #15894
Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #15895
Handle 404 properly from Service Accounts API by @upodroid in #15902
Increase vpc cidrs to allocate more ip's for large scale k8s clusters by @hakuna-matatah in #15904
kops-controller: Increase client-side throttling limits by @hakman in #15906
Increase the etcd db size to accomodate large scale k8s cluster resources by @hakuna-matatah in #15908
Add Cognito permissions for AWS LBC by @danports in #15910
Fix COS image mounter URL by @upodroid in #15907
scale-test: Increase validation wait time to 45m by @hakman in #15915
Make --cloudonly sound less innocuous by @danports in #15911
Update dependencies by @github-actions in #15917
scale-test: Add few more cidrs to divide equally /16's by @hakuna-matatah in #15920
Update sync target for OWNERS by @johngmyers in #15921
Add SeccompDefault kubelet config by @colinhoglund in #15919
Optimize subnets asignment to IGs for clusters with multiple CIDRs by @hakman in #15923
fix a few log with percent w by @justinsb in #15926
Revert "WIP: Need to publish IPv4 DNS records" by @justinsb in #15928
fix some comments by @justinsb in #15927
scale-test: Need for separate etcd cluster for events by @hakuna-matatah in #15932
scale-test: Optimise node dumping for large clusters by @hakman in #15934
scale-test: Re-enable etcd metrics by @hakman in #15938
protokube: support writing AAAA records to /etc/hosts by @justinsb in #15931
Update dependencies by @github-actions in #15944
Cilium: Implement node encryption by @zadjadr in #15901
Fix e2e testing logic by @upodroid in #15900
aws: Fix minor typos for Karpenter setup by @junm-cloudnatix in #15935
aws: Configure Karpenter resources in the cluster spec by @danports in #15916
Update 1.28 release notes for release by @johngmyers in #15956
gce ipv6: we can use network tags with ipv6 addresses by @justinsb in #15955
Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #15960
Update Karpenter to v0.30.0 by @hakman in #15945
aws: Filter ENI list by VPC by @hakman in #15903
Add info for kOps 1.22-1.24 on audit logging path changes by @michalbolek in #15941
Update etcd-manager to v3.0.20230925 by @hakman in #15962
bump k8s releases and ubuntu ami versions in alpha channel by @moshevayner in #15967
bump gcp ccm image and dump more resources by @upodroid in #15968
Add missing rbac roles and don't run gkenetparams controller by @upodroid in #15971
Attempt to dump cluster info when encountering earlier errors by @rifelpet in #15975
Update dependencies by @github-actions in #15976
scaleway: terraform support by @Mia-Cross in #15892
Promote alpha to stable by @moshevayner in #15979
aws: Don't add dependency on additional CIDR for shared VPC by @hakman in #15987
Allow setting map[string]string from the command line by @hakman in #15989
Add support for installing additional packages at cluster level by @hakman in #16001
Update Go to v1.21.2 by @hakman in #16003
Update DigitalOcean addons by @rifelpet in #16000
Create a temporary staging bucket for kops builds by @upodroid in #15981
Bump GCP CCM again by @upodroid in #15972
aws: Attach security groups to NLBs by @johngmyers in #15993
aws: Attach security group to NLBs for kops-controller by @hakman in #16006
Use dns=none for newly created clusters except for AWS and GCE by @hakman in #16005
Configure GCP Kubelet Credentials Provider by @upodroid in #15974
Update Go to v1.21.3 by @hakman in #16012
Update dependencies by @github-actions in #16014
Dump nodes even if controlplane is broken by @upodroid in #16010
Update dependencies by @github-actions in #16019
openstack: fix instance group validation if using serverGroupName annotation by @zetaab in #16022
Refactor: Add context.Context to more VFS methods by @justinsb in #16021
scale-test: Measure APIServer SLOs by @hakuna-matatah in #15963
Update dependencies by @github-actions in #16030
Bump alpha channel with October releases by @hakman in #16031
Add cloud-platform GCP VM scope by @sl1pm4t in #16013
containerd: introduce a new field to enable NRI by @fmuyassarov in #15994
Build Kubernetes from source by @upodroid in #16018
scaleway: IPAM integration by @Mia-Cross in #16016
Add support for --cluster-signing-duration KCM flag by @hakman in #16038
Promote alpha channel to stable by @hakman in #16041
Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #16042
Fix tests for multi-arch clusters by @hakman in #16045
Update containerd to v1.7.7 by @hakman in #16043
aws: Skip ASG cleanup on Karpenter managed IG deletion by @hakman in #16051
Update controller-gen to v0.13.0 by @hakman in #16058
Update codegen to v0.28.3 by @hakman in #16059
Limit sanitized URLs to 200 characters by @hakman in #16061
Add validation to help users move from experimentClusterSigningDuration by @justinsb in #16062
Support setting CAS skip-nodes-with-custom-controller-pods parameter by @shapirus in #16060
Bump to Cilium 1.14 by @zadjadr in #15705
Document breaking changes for serviceClusterIPRange and OpenStack with S3 state store by @ederst in #16028
Keep validating after timeout when cluster is healthy by @hakman in #16063
scale-test: Scrape APIServer only metrics by @hakuna-matatah in #16029
don't dump logs if the cluster doesn't exist by @upodroid in #16054
Add --node-instance-group flag to ginkgo by @upodroid in #16065
Update dependencies by @github-actions in #16068
Add option to provide additional config entries for containerd by @hakman in #16067
dump: include the various gateways on AWS by @justinsb in #16069
dump: actually dump the gateway objects by @justinsb in #16070
Fix vet errors by @hakman in #16076
Update dependencies by @github-actions in #16077
toolbox dump: include AWS route table objects by @justinsb in #16073
Document incompatability with Amazon VPC CNI and 22.04 by @rifelpet in #16083
fix: concurrent map write panic by @sl1pm4t in #16081
Update Go to v1.21.4 by @hakman in #16085
Thread context through some slower AWS tasks by @justinsb in #16037
Update dependencies by @github-actions in #16089
Fix Designate naming typo by @marcvorwerk in #16091
Release 1.29.0-alpha.2 by @hakman in #16095
Bump actions/dependency-review-action from 3.1.0 to 3.1.2 by @dependabot in #16097
Don't get cluster --full when attempting leak cleanup by @rifelpet in #16102
Update Calico to v3.26.4 by @hakman in #16107
Update dependencies by @github-actions in #16108
Experimental support for tracing by @justinsb in #16020
Check cluster information when filtering instances by @zetaab in #16112
Update kube-router to 1.6 by @aauren in #16110
allow local file VFS in asset copy by @zetaab in #16115
Bump actions/dependency-review-action from 3.1.2 to 3.1.3 by @dependabot in #16111
Replace * in IAM tags when IRSA namespace has wildcard by @h3poteto in #16113
Upgrade AWS EBS CSI Driver by @rifelpet in #16119
bump k8s and ubuntu ami versions in alpha by @moshevayner in #16120
Support volume modification in EBS CSI Driver by @rifelpet in #16121
Fix parsing of newer kubernetes version URLs by @rifelpet in #16123
Spotinst: Feature/add multi arch in VNG and resource tag specification by @yehielnetapp in #16099
Improve kops edit command by @prashantrewar in #16109
Update dependencies by @github-actions in #16129
kops: Support quotes in --set flags by @justinsb in #16128
skip file remapping if same host by @zetaab in #16117
Enable containerd test-handler runtimeclass for k/k e2e tests by @upodroid in #16056
Promote alpha to stable by @moshevayner in #16131
limit jobname value to 80 by @upodroid in #16136
Only set containerd plugins on kops versions that include quote fixes by @rifelpet in #16133
Thread context through kubectl-auth by @justinsb in #16137
build: add script for rapid development of kops-controller by @justinsb in #16138
feat: Support multiple token verifiers in kops-controller by @justinsb in #16140
Update OpenStack documentation to replace deprecated arguments by @marcvorwerk in #16135
Skip hostname test in DigitalOcean by @rifelpet in #16144
Update dependencies by @github-actions in #16146
Support bootstrapping nodes using Public Key authentication by @justinsb in #16141
docs: Remove Docker config section by @hakman in #16145
gce: Support additional StorageClasses by @sl1pm4t in #16103
kube-router: skip 1.28 tests that fail consistently by @aauren in #16149
gce: Add support for publishing Service Account Issuer documents to GCS by @sl1pm4t in #16050
feat: "enroll" command to add nodes to a bare-metal cluster by @justinsb in #16147
Bump actions/dependency-review-action from 3.1.3 to 3.1.4 by @dependabot in #16150
fix the gce info shown in kops get cmd and set node-tag ginkgo flag by @upodroid in #16096
Don't set LimitNoFile for containerd systemd unit file by @upodroid in #16151
Order instances in terms of cost by @hakuna-matatah in #16156
Upgrade AWS Load Balancer Controller to v2.6.2 by @rifelpet in #16155
Reduce disk volume size to reduce cost by @hakuna-matatah in #16157
Add --max-nodes flag to toolbox dump, default to 500 by @rifelpet in #16160
Allow EKS Pod identity env variables by @ameukam in #16162
Upgrade Karpenter to 0.31.3 by @rifelpet in #16163
Update dependencies by @github-actions in #16164
Remove duplicate m5.large from scalability test by @rifelpet in #16166
chore: Bump go to 1.21.5 by @justinsb in #16168
Ignore HPA status when applying addons by @rifelpet in #16167
Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #16171
aws: Add KMS to EBS CSI Driver and control plane by @hakman in #16173
Bump metrics-server to 0.6.4 by @bohrasd in #16174
bump cert-manager to 1.12.7 by @bohrasd in #16177
Ignore cert-manager in LBC's webhooks by @rifelpet in #16179
Enable pagination on GCE Instance Groups by @rifelpet in #16184
Release 1.29.0-alpha.3 by @justinsb in #16183
kops validate cluster improvements by @upodroid in #16187
gce: Remove custom resolver by @hakman in #16189
skip_regex.go: kube-router add back in service afinity test by @aauren in #16188
chore(channels): bump k8s and ubuntu ami versions in alpha channel by @moshevayner in #16190
Update Calico to v3.27.0 by @hakman in #16192
Disable Statefulsets provisioning from CL2 Load Tests by @hakuna-matatah in #16172
Add cert-manager resource types to kubetest2-kops artifacts by @rifelpet in #16193
Parallelize k8s resource dumps with kops toolbox dump by @rifelpet in #16196
Include pod logs in toolbox dump by @rifelpet in #16198
Update k8s.io/* to v0.29.0 by @hakman in #16199
Update dependencies by @github-actions in #16201
test: Print the create cluster command by @hakman in #16202
scale-test: Add feature flag for creating a single nodes instance group by @hakman in #16203
Dump previous and current container logs separately by @hakman in #16200
aws: Set AWS_REGION env var for ebs-csi-node and ebs-csi-driver by @hakman in #16206
aws: Add option for setting QPS and Burst for EBS CSI Driver by @hakman in #16207
Spotinst: Bump controller version to 1.0.97 by @yehielnetapp in #16208
feat: add us-west zone for hetzner by @finzzz in #16209
Check if kubeconfig exists before dumping resources by @hakman in #16205
Promote alpha to stable by @moshevayner in #16210
aws: Use instance metadata to get warm pool state by @rifelpet in #16213
Dump and redact secrets by @rifelpet in #16211
Update to Cilium 1.14.5 by @hakman in #16214
Allow override of the DNS domain used by the tests. by @ameukam in #16217
aws: Retrieve instance info only when max pods is not set by @hakman in #16216
Add permission needed for service-linked role creation by @ameukam in #16219
Remove kube-system cert-manager webhook exclusion by @rifelpet in #16221
Jaeger tracing visualizer improvements by @rifelpet in #16220
Update dependencies by @github-actions in #16224
aws: Set provider ID when starting kubelet by @hakman in #16223
scale-test: Reduce validation count and interval by @hakman in #16225
aws: Update EBS CSI driver to v1.26.0 by @hakman in #16227
Add option for setting CCM ConcurrentNodeSyncs by @hakman in #16228
aws: Skip deleting ASG instances without volumes by @hakman in #16229
Make cluster deletion configurable by @hakman in #16231
Bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in #16232
scale-test: Use single nodes instance group for AWS by @hakman in #16204
Bump kubetest2 by @ameukam in #16234
test: Improve cluster deletion defaults by @hakman in #16236
Replace k8s.io/utils/strings/slices with golang.org/x/exp/slices by @hakman in #16238
aws: Update EBS CSI driver by @hakman in #16239
aws: Use domain instead of vpc when rendering aws_eip by @hakman in #16237
Bump GCP terraform provider to latest by @rifelpet in #16242
docs: fix broken example command by @markusleh in #16243
Update dependencies by @github-actions in #16244
Revert "aws: Skip deleting ASG instances without volumes" by @hakman in #16246
Update Go to v1.21.6 by @hakman in #16245
Prefer external endpoints when building kubeconfig by @justinsb in #16248
aws: Terminate ASG instances in batches of 100 instances by @hakman in #16251
aws: Ignore InvalidRouteTableID.NotFound errors during cluster deletion by @hakman in #16252
aws: fix maxPods when cilium ipam=eni is used by @argusua in #16253
Update containerd to v1.7.12 by @hakman in #16257
Switch to GCS url for upgrades tests by @ameukam in #16258
Use dns=none for newly created clusters including for AWS and GCE by @hakman in #16262
Update aws-sdk-go to v1.49.24 by @ameukam in #16263
test: Set num-nodes flag by @upodroid in #16176
Refactor: Replace ForAPIServer with WellKnownServices by @justinsb in #15829
gce: fix nlb firewall rules, operations and alias network subnets by @upodroid in #16265
build(deps): bump actions/dependency-review-action from 3.1.5 to 4.0.0 by @dependabot in #16267
openstack: Include kube-apiserver controlplane ports in dns=none by @zetaab in #16271
Increase CCM workers to speed up node bootstrap process by @hakuna-matatah in #16256
Add 1.28 release notes to docs menu by @yurrriq in #16275
Add support to configure HPA Controller concurrent syncs flag in HPA/KCM Controller by @hakuna-matatah in #16277
Add support to configure Job Controller concurrent syncs flag in Job… by @hakuna-matatah in #16280
Refactor: Plumb context through GCE firewallRule methods by @justinsb in #16281
Fix dumping logs for GCE scale tests by @upodroid in #16266
Add boskos-resource-type flag to use different GCE projects for scale/gpu testing by @upodroid in #16268
OpenStack: update CSI images by @zetaab in #16283
toolbox dump: output correct type for target groups by @justinsb in #16285
chore(channels): bump k8s and ubuntu ami versions in alpha channel by @moshevayner in #16284
Fix: support comparison of int types in dry-run by @justinsb in #16290
refactor: NetworkLoadBalancer Name should match Name tag by @justinsb in #16288
tweak: Set Scheme on NLB tasks for public load balancers by @justinsb in #16289
refactor: Introduce runTests helper method into aws tests by @justinsb in #16292
Refactor: Move NLB listing function into awsup by @justinsb in #16295
chore(networking): bump aws cni to 1.16.2 by @moshevayner in #16297
Revert "Don't set LimitNoFile for containerd systemd unit file" by @zetaab in #16300
Update runc & containerd by @zetaab in #16302
chore(channels): promote alpha to stable by @moshevayner in #16306
refactor: wait for load balancer readiness using a private field by @justinsb in #16294
Add GCE scale testing on kops by @upodroid in #16181
fix(nodeup): set MACAddressPolicy=none when using AWS VPC CNI by @moshevayner in #16313
Upgrade AWS Load Balancer Controller to v2.7.0 by @yurrriq in #16316
Update to cilium 1.15 by @zadjadr in #16315
feat: added image minimum and maximum gc age by @Lerentis in #16318
build(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 by @dependabot in #16322
Update dependencies by @hakman in #16323
Skip gen-cli-docs on depup by @hakman in #16321
Refactor: Split out NLB Listener into its own task by @justinsb in #16299
refactor: Drop TargetGroups from NetworkLoadBalancer task by @justinsb in #16324
Dont set -num-nodes on karpenter-managed clusters by @rifelpet in #16325
docs: Remove warning about Amazon VPC CNI not being compatible with Ubuntu 22.04 by @moshevayner in #16326
Set LimitNOFILE to 1048576 instead of infinity by @dims in #16329
azure: Migrate to the new SDK version by @hakman in #16286
Update dependencies by @github-actions in #16331
Set KUBECONFIG for LBC's ginkgo tests by @rifelpet in #16334
Docs: fix typos in office hours page by @justinsb in #16337
clockmock: Add more methods that take a context by @justinsb in #16338
Move DNS topology setup earlier in cluster creation by @rifelpet in #16342
deletion: tolerate concurrent SQS queue deletion by @justinsb in #16341
Cleanup import of the same package in tests by @justinsb in #16343
validation: Allow overlap of pod/node CIDR and service CIDR by @justinsb in #16344
Include /etc/hosts coredns mounts for dns=none clusters by @rifelpet in #16347
azure: Replace lb.ForAPIServer with lb.WellKnownServices by @hakman in #16348
Add support for AL2023 AMI to use Amazon VPC CNI by @dims in #16350
aws: Post event data to URL upon instance interruption action by @voriol in #16009
Refactor IAM Policy Builder by @rifelpet in #16351
create command: remove example docs say is not implemented yet. by @jrabbit in #16308
target group: refactor discovery into awsup by @justinsb in #16339
Use IAM Policy Builder for SQS Queue Policy by @rifelpet in #16353
refactor: Introduce DeletionProcessingMode by @justinsb in #16293
Update Go to v1.22.0 by @hakman in #16346
Update dependencies by @github-actions in #16357
azure: Avoid spurious changes in VirtualNetwork by @hakman in #16358
Generate revisions of NLB objects, and introduce cleanup phase by @justinsb in #16356
gce: Update GCE storage service scope to DevstorageFullControlScope to resolve permission error. by @sl1pm4t in #16355
add support for devcontainer by @remyleone in #16186
azure: Mark a few tasks as implementing HasAddress by @justinsb in #16359
Set --dns=none on upgrade tests from older kops versions by @rifelpet in #16360
build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @dependabot in #16361
Update Cilium to v1.15.1 by @hakman in #16362
Fix bash conditional pattern matching in upgrade script by @rifelpet in #16364
devcontainer: update go version, use features by @justinsb in #16365
Skip known-failing test on most e2e jobs by @rifelpet in #16368
aws: Update EBS CSI driver to v1.28.0 by @hakman in #16369
doc/aws: Add space before the k8s slack url by @tungbq in #16370
Skip hostname test for all aws jobs by default by @rifelpet in #16373
Migrate many-addons e2e template to dns=none by @rifelpet in #16374
Update dependencies by @github-actions in #16375
gce: match IP addresses including subnet where relevant by @justinsb in #16380
chore: update dependencies in submodules by @justinsb in #16372
GCE: Use internal load balancer for node to control-plane traffic by @justinsb in #16379
Skip hostname e2e test on digitalocean by @rifelpet in #16381
build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @dependabot in #16384
gce: Limit health check names to 63 chars by @hakman in #16385
gce: Limit backend names to 63 chars by @hakman in #16386
Update NVIDIA Container Toolkit URL by @elezar in #16387
Install nerdctl and crictl on nodes by @h3poteto in #16383
Continue attemps to dump artifacts in toolbox dump by @rifelpet in #16389
chore: update boilerplate.py to recognize new build tags by @justinsb in #16390
Add validation to help users move from usePolicyConfigMap by @hakman in #16391
Experimental limited support for cluster-api by @justinsb in #15522
Update dependencies by @github-actions in #16392
build(deps): bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 by @dependabot in #16393
e2e tests: When upgrading, wait for the new configuration by @justinsb in #16395
Fix shellcheck warnings for bootstrap script by @hakman in #16394
Update dependencies by @github-actions in #16397
Use github.com/go-viper/mapstructure/v2 by @ameukam in #16402
docs: Update relnotes for 1.29 for deferred deletion by @justinsb in #16404
aws: Expose port 8443 when using NLB with a custom certificate by @justinsb in #16403
gce: Change default storage class to balanced-csi by @sl1pm4t in #16269
gce: Set node IP Alias range to match NodeCIDRMaskSize by @sl1pm4t in #16272
Release 1.29.0-beta.1 by @justinsb in #16406
Automated cherry pick of #16410: upgraded cert-manager to 1.12.9 by @idealhack in #16413
Automated cherry pick of #16412: aws/cert-manager: Tighten IAM permissions for cert-manager by @hakman in #16414
Automated cherry pick of #16440: Update kube-router to v2.1.0 by @hakman in #16445
Automated cherry pick of #16363: Update Calico to v3.27.3 by @hakman in #16449
Automated cherry pick of #16469: azure: Use lowercase for node names by @hakman in #16470
Automated cherry pick of #16467: k8s-1.12.yaml.template: update kube-router init container by @hakman in #16472
Automated cherry pick of #16497: Support multiple service-account-issuer flags by @hakman in #16511
Automated cherry pick of #16513: aws: Update components before release by @hakman in #16517
Automated cherry pick of #16515: Update Cilium to v1.15.4 by @hakman in #16516
Automated cherry pick of #16518: Update metrics-server to v0.7.1 by @hakman in #16519
Automated cherry pick of #16520: cert-manager: Add option to set feature gates by @hakman in #16521
Automated cherry pick of #16525: dns: Update components before release by @hakman in #16526
Automated cherry pick of #16527: Update etcd to v3.5.13 by @hakman in #16528
Automated cherry pick of #16530: Update cluster-autoscaler to v1.30.0
#16531: Update containerd to v1.7.16 by @hakman in #16535
Automated cherry pick of #16495: check /run/systemd/resolve/resolv.conf inside by @hakman in #16538
Automated cherry pick of #16542: Initial support for Ubuntu 24.04 (Noble Numbat) by @hakman in #16543
Update dependencies before release for v1.29 by @hakman in #16553
Automated cherry pick of #16556: cluster-autoscaler: Fix priority expander config by @hakman in #16558
Release 1.29.0 by @justinsb in #16564

New Contributors

@upodroid made their first contribution in #15885
@colinhoglund made their first contribution in #15919
@junm-cloudnatix made their first contribution in #15935
@michalbolek made their first contribution in #15941
@sl1pm4t made their first contribution in #16013
@fmuyassarov made their first contribution in #15994
@shapirus made their first contribution in #16060
@marcvorwerk made their first contribution in #16091
@prashantrewar made their first contribution in #16109
@ameukam made their first contribution in #16162
@bohrasd made their first contribution in #16174
@finzzz made their first contribution in #16209
@markusleh made their first contribution in #16243
@argusua made their first contribution in #16253
@Lerentis made their first contribution in #16318
@voriol made their first contribution in #16009
@jrabbit made their first contribution in #16308
@tungbq made their first contribution in #16370

Full Changelog since 1.28.0: v1.28.0...v1.29.0

kubernetes/kops v1.29.0 on GitHub