Release notes for kOps 1.32 series

kOps 1.32 is a smaller release without significant additional features beyond updated support for kubernetes 1.32 and associated ecosystem updates. Significant kOps features will instead target kOps 1.33.

Significant changes

Kubernetes minor version upgrades to 1.31 or later should be performed using the `kops reconcile cluster command.

Kubernetes 1.31 introduced stricter checks around the version-skew policy. While kOps has always followed the version-skew policy, there was an edge case:
nodes that were added by an autoscaler during a rolling-update would not always follow the version-skew policy.
We recommend trying the new kops reconcile command, see docs/tutorial/upgrading-kubernetes.md for more details.
The kops reconcile functionality was introduced in kOps 1.32.
flannel is no longer planned to be removed and has been updated to v0.26.4.

Deprecations

Support for Kubernetes version 1.26 is deprecated and is removed in kOps 1.32.
Support for Kubernetes version 1.27 is deprecated and will be removed in kOps 1.33.

What's Changed

Don't require PriorityClassName to pass missing-static-pod checks by @johngmyers in #10049
Upgrade aws-iam-authenticator to 0.5.2 by @rifelpet in #10047
Recommend kops 1.18.1 for kops >= 1.15 in alpha channel by @johngmyers in #10051
upgrade-cluster: test that new image in stable or alpha channel will … by @nvanheuverzwijn in #10052
Release 1.19.0-alpha.5 by @hakman in #10054
Release notes for 1.19.0-alpha.5 by @hakman in #10055
Rewrite ssh user to ubuntu in bastions docs by @h3poteto in #10044
Updating alpha with October releases and latest Ubuntu AMI version by @moshevayner in #10062
Simplify node local dns by @olemarkus in #10059
Fix bug in MergeAddons and test by @nckturner in #10045
do not create egress rules when using vipacl octavia by @zetaab in #10061
Add some quick notes on how to get GPU opertor working by @olemarkus in #10067
Add some missing notes to the release notes by @olemarkus in #10056
Cleanup channels error output by @rifelpet in #10068
Add eBPF dataplane support for Calico CNI by @hakman in #10069
Upgrade aws sdk to 1.35.10 by @rifelpet in #10074
Use AWS SDK lists of enum values for API validation by @rifelpet in #10075
Allow more volume types by @olemarkus in #10073
Initial kubetest2 structure for e2e testing by @rifelpet in #10031
Hotfix/10015 cloud formation lint error by @binkkatal in #10066
Update docs for cutting new release branches by @rifelpet in #10084
Update security_groups.md by @yurrriq in #10078
Take node labels from cloud tags on AWS by @johngmyers in #9575
Update Office Hours Zoom link by @johngmyers in #10087
Update zoom links on the spanish README by @rdrgmnzs in #10088
Ignore changes to ForAPIServer field by @justinsb in #10086
Update Flannel CNI to v0.13.0 by @hakman in #10064
kubetest2 - Implement create/validate/delete cluster functionality by @rifelpet in #10083
Cert circular deps by @olemarkus in #10092
Fix cilium template by specifying boolean as a string for enable-metrics by @h3poteto in #10094
Release notes for 1.18.2 by @justinsb in #10097
Update Kops Go build supported versions 1.15 by @bmelbourne in #10099
Spotinst: Bump the Spot Cluster Controller to 1.0.68 by @liranp in #10103
Remove hack/workaround from etcd-manager certificate expiration advisory by @hakman in #10102
Install container runtime packages as assets by @hakman in #10048
Default to exporting a kubecfg, even without credentials by @justinsb in #10105
Remove dependency of TerraformJSON feature flag by @johngmyers in #10106
Makefile and hack script cleanup by @rifelpet in #10112
Update channels by @hakman in #10117
Update Calico config for eBPF mode by @hakman in #10115
Add random AWS zone logic + specify build stage location by @rifelpet in #10121
Update AWS VPC CNI to 1.7.5 by @moshevayner in #10124
Add nodeLocalDNSCache.kubeDnsOnly option by @javipolo in #10111
Align AWS VPC CNI manifest with upstream by @hakman in #10126
Fix release notes links to point to https://kops.sigs.k8s by @hakman in #10118
Add verify-cloudformation script by @rifelpet in #10130
Fix cloudformation lint errors by @rifelpet in #10131
Update shell style for CLI docs for better compatibility by @hakman in #10128
Prevent unintended resource updates to LB attatchments by @rdrgmnzs in #9794
Make verify-cloudformation job fail when issues are found by @rifelpet in #10133
Set minimum Terraform version to 0.12.26/0.13.0 by @bmelbourne in #10109
ELB/TargetGroup/ASG attachment fixes by @rifelpet in #10138
Prepare for version 1.20 by @johngmyers in #10101
Rebrand kops to kOps by @hakman in #10077
Remove code for no-longer-supported k8s releases by @johngmyers in #10141
allow reauth for openstack client by @zetaab in #10144
Simplify etcd options builder by @hakman in #10145
Update AWS Cloudmock for complex and externallb integration test clusters by @rifelpet in #10140
Deprecate field calico.majorVersion by @hakman in #10143
[Digital Ocean] Use Debian10 as default image by @srikiz in #10098
Implement API load balancer class with NLB and ELB support on AWS by @christianjoun in #9011
Fix NLB naming for terraform and cloudformation targets by @rifelpet in #10158
Move NLB's VPC CIDR security group rule logic into model by @rifelpet in #10161
Fix additionalSecurityGroups support for NLB by @rifelpet in #10162
Some typos by @zouy414 in #10160
Fix output for CF and TF by @hakman in #10164
Mount the whole /etc/ssl/certs directory for k8s-ec2-srcdst by @kitos9112 in #10169
Avoid waiting on validation during rolling update for inapplicable instance groups by @bharath-123 in #10065
OpenStack Reset deviceID status if needed by @zetaab in #10178
Remove unused bearer token field from kubeconfig builder by @rifelpet in #10181
Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically by @havulv in #10186
Consistent naming of security group rules by @olemarkus in #10179
Upgrade Hashicorp HCLv2 Go module v2.7.0 by @bmelbourne in #10189
Fix auto scaling group changes when using spot instances by @hakman in #10187
Upgrade sprig to v3 by @olemarkus in #10191
Upgrade helm to 2.17 and use the helm.sh reference by @olemarkus in #10192
Fix AWS NLB reconciliation by @hakman in #10199
Fix disabling spot instances when using launch templates by @hakman in #10198
Add ACM cert permalink by @rifelpet in #10156
Setup a second NLB listener when an AWS ACM certificate is used by @rifelpet in #10157
Update Go to v1.15.4 by @hakman in #10209
Upgrade docker client by @olemarkus in #10193
Spotinst: Configure Resource Limits in Ocean Auto Scaler by @liranp in #10190
Release notes 1.19.0-beta.1 by @hakman in #10213
Use LaunchTemplate versions instead of timestamped LaunchTemplates by @hakman in #10151
Update kOps version after 1.19.0-beta.1 release by @hakman in #10216
Remove components from cluster validation by @johngmyers in #10214
Allow to use custom csi plugin image and enable topology support by @zetaab in #10215
Update validate cluster cli docs by @johngmyers in #10219
Fix cluster autoscaler docs by @djablonski-moia in #10225
Make etcd-manager log verbosity configurable by @elblivion in #10194
Update k8s versions nov 2020 by @moshevayner in #10227
Update Ubuntu ami to latest version by @moshevayner in #10195
Fix various nits by @hakman in #10217
Switch ARM64 CI to Graviton2 CPU by @hakman in #10230
Update docs related to audit logging by @hakman in #10231
Don't install the misc packages for k8s 1.20+ by @johngmyers in #10222
Fix readme by @karancode in #10228
Update kops as kOps and remove extra spaces from .md files by @axpraka in #10235
Add default runtime and runtimes fields in the docker config by @bharath-123 in #10238
Fix cluster validation dependency on local kubeconfig by @eddycharly in #10221
Associate instance group to pod validation failures in cluster validation. by @bharath-123 in #10237
Add HPA Flags for horizontal-pod-autoscaler-initial-readiness-delay & horizontal-pod-autoscaler-cpu-initialization-period by @JoelBCarter in #10241
Remove more code specific to unsupported etcd v2 by @johngmyers in #10245
GCE: ignore (output-only) networkInterface.name by @justinsb in #10242
Make it possible to use OnDelete update strategy on addon daemonset by @olemarkus in #10167
Fix version of storage-aws addon manifest by @johngmyers in #10247
Fix cloudformation lint job by @rifelpet in #10256
Update etcd-manager to 3.0.20201117 by @justinsb in #10257
Use separate domain for kops-controller bootstrap by @johngmyers in #10239
Revert "Switch ARM64 CI to Graviton2 CPU" by @hakman in #10262
Update Bazel rules for Go to v0.24.7 by @hakman in #10240
Update k8s dependencies to 1.20.0-beta.2 by @rifelpet in #10266
Push multi-arch images by @hakman in #10265
alpha channel: update legacy images by @justinsb in #10269
Fix multi-arch image pushing by @hakman in #10270
Add sslPolicy for NLB to change listener's security policy by @FrankYang0529 in #9666
Optimize Bazel builds by os and arch by @hakman in #10267
Fix incorrect URLs in kops cluster documentation by @bycEEE in #10274
Use etcd v3.4.13 for k8s v1.19+ by @hakman in #10277
Parse TargetGroup names from ARNs by @hakman in #10276
Add Go code-generator v0.20.0-beta.2 crypto hash by @bmelbourne in #10285
Add ACM/NLB instructions to 1.19 release notes by @rifelpet in #10292
Release notes for 1.19.0-beta.2 by @hakman in #10293
Add more NLB release notes and documentation by @rifelpet in #10294
Can check cert expiry using openssl by @alok87 in #10282
[weave] Add support for default version override by @dntosas in #10273
Add support of Azure Blob storage to VFS by @kenji-cloudnatix in #10258
Update kOps version after 1.19.0-beta.2 release by @hakman in #10295
Remove support for using legacy ELB name by @hakman in #10296
Remove dead code by @hakman in #10297
Remove support for disabling manifest normalization by @johngmyers in #10298
Upgrade cloud-provider-openstack to 1.19.2 by @rifelpet in #10303
Fix a typo in an error message returned from buildAzureBlobPath by @kenji-cloudnatix in #10305
Allow setting CPU limit and Mem request / limit for kube API server by @rdrgmnzs in #10275
Optimize Bazel dev builds by arch by @hakman in #10309
Update Calico to v3.17.0 by @hakman in #10310
[Digital Ocean] Upgrade godo sdk to v1.54 by @srikiz in #10320
Tolerate missing detached EC2 instances by @hwoarang in #10319
Don't try to detach masters by @olemarkus in #10328
Remove copyright notice from nodeup scripts to reduce the user-data size. by @rdrgmnzs in #10333
Add docs for metrics server by @olemarkus in #10332
Push alpha to stable by @moshevayner in #10336
Add paramaeters related to Taint based Evictions in kube-apiserver by @h3poteto in #10339
Allow using gp3 for root volumes by @olemarkus in #10345
Update containerd and Docker versions by @hakman in #10341
Update aws-sdk-go to v1.36.0 by @hakman in #10347
Bump aws-vpc-cni version to 1.7.6 by @moshevayner in #10337
Update etcd-manager to 3.0.20201202 by @justinsb in #10351
Update DigitalOcean cloud-controller-manager to v0.1.30 by @timoreimann in #10352
Add aws-cloud-controller-manager config to addons by @nckturner in #9704
Allow attaching same external target group to multiple instance groups by @hakman in #10335
Add fuzzer and OSS-fuzz build script by @AdamKorcz in #10326
Set --service-account-issuer for k8s 1.20+ by @johngmyers in #10284
Promote addon docs to first level menu item by @olemarkus in #10355
[Digital Ocean] Promote to Beta by @srikiz in #10312
Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data by @rdrgmnzs in #10357
Add integration test for creating an HA cluster in shared zone by @hakman in #10365
Add minimal cert-manager addon by @olemarkus in #10318
Add option to reuse existing Elastic IPs for NAT gateways by @hakman in #10374
Remove resource limits from cluster autoscaler by @olemarkus in #10375
Remove dependency on TravisCI by @hakman in #10366
fix cluster-autoscaler README url from cluster_spec -> addons by @isaachui in #10373
Rename duplicate ci target to quick-ci by @hakman in #10378
Use custom-configured ServiceAccountIssuer when present by @johngmyers in #10364
Add option for setting the volume encryption key in AWS by @hakman in #10359
Add support for AWS IMDS v2 by @bharath-123 in #10324
Update k8s dependencies to v1.20.0 by @hakman in #10390
Update docs for CentOS 8 by @hakman in #10368
Move tools into separate hack go module by @rifelpet in #10308
Update etcd-manager to 20201209 by @justinsb in #10394
Mount /lib64 for Protokube only on AMD64 by @hakman in #10396
Explicitly specify http_endpoint in terraform launch template by @bharath-123 in #10398
Update alpha channel with December 2020 k8s releases and bump Ubuntu AMI version by @moshevayner in #10401
Hack script improvements by @rifelpet in #10407
hack/goimports - Replace mapfile with read by @rifelpet in #10410
Allow override of registry and tag for Calico images by @hakman in #10316
Update Calico to v3.17.1 by @hakman in #10408
Bump aws-cni to 1.7.7 by @moshevayner in #10416
Add support for containerd v1.4.3 ARM64 by @hakman in #10418
Add release note for terraform launch template migration by @rifelpet in #10423
Expose metrics port when PrometheusMetricsEnabled set to true in Calico by @avdhoot in #10414
Bump etcd client to 3.4.13. Use go modules by @olemarkus in #10425
Use the kubernetes-sigs version of yaml by @olemarkus in #10427
Bump heredoc to v2 by @olemarkus in #10429
Update container runtime service files by @hakman in #10428
Template functions for recommended kubernetes versions by @olemarkus in #10369
Make CoreDNS the default DNS server by @rajansandeep in #7919
Delay defaulting to CoreDNS to k8s v1.20 by @hakman in #10435
Bump go-bindata and use go module by @olemarkus in #10421
Bump sftp to 1.12 by @olemarkus in #10436
IAM ServiceAccount Roles: truncate name at 64 characters by @justinsb in #10437
Bump helm to v3 by @olemarkus in #10426
cloudmock - guard the VPC CIDR association calls with a mutex by @rifelpet in #10440
Upgrade mkdocs dependencies to latest by @rifelpet in #10433
Spotinst: Schedule Ocean Controller to Linux nodes only by @liranp in #10444
Bump AWS-CNI to version 1.7.8 by @moshevayner in #10447
protokube - query host by label when setting tags by @rdrgmnzs in #10413
Allow Calico to run on systems with loose reverse path forwarding by @hakman in #10442
Bump k8s versions on alpha and bump Ubuntu AMI version on stable by @moshevayner in #10464
Remove gjtempleton as reviewer by @gjtempleton in #10466
Calico: Allow operators to choose which encapsulation mode to use by @seh in #10404
Spotinst: Ignore volume type case sensitivity to prevent unnecessary updates by @liranp in #10450
Spotinst: Expose Ocean Headroom percentage and autoconfig labels by @liranp in #10449
Spotinst: Support for multiple subnets per zone by @liranp in #10452
Add new-pod-scale-up-delay in Cluster Autoscaler spec by @akshedu in #10471
Replace (some) deprecated ResourceHolder with Resource by @justinsb in #10472
Remove ResourceHolder: remove last usages and remove code by @justinsb in #10478
Refactor MirroredAsset into mirrors package by @justinsb in #10475
Refactor nodeUpConfigBuilder to be standalone by @justinsb in #10476
Avoid recursive type definitions in schema by @justinsb in #10482
Drop support for containerd 1.2 by @hakman in #10483
Update CNI plugins to v0.8.7 by @hakman in #10481
Add Azure support by @kenji-cloudnatix in #10114
Refactor GCE InstanceTemplate by @justinsb in #10477
Use Region method of fi.Cloud by @justinsb in #10474
Spotinst: Bump the Ocean Controller to 1.0.69 by @liranp in #10487
Added event-qps and event-burst flags to kubelet by @DOboznyi in #10486
Add config options for container runtime package URL and Hash by @hakman in #10473
Fix cluster setup when KOPS_ARCH is set by @hakman in #10496
Docs: Rename "Development" section to "Contributing" and add instructions to update the base AMI version of Ubuntu by @moshevayner in #10455
Release notes for 1.19.0-beta.3 by @hakman in #10497
Use containerd.sock for AmazonVPC CNI with containerd by @hakman in #10502
Remove support for Kubenet with containerd by @hakman in #10501
Add containerd option for registry mirrors by @hakman in #10507
Treat InvalidDhcpOptionsId.NotFound as already-deleted by @wongma7 in #10508
Add required toleration to gpu documentation by @silashansen in #10509
AWS IAM Role Tagging by @rifelpet in #10488
Update stable channel with recent k8s releases by @moshevayner in #10514
Run k/k's e2e suite via new kubetest2 make target by @rifelpet in #10504
Remove copyright YEAR from generated Go files by @bmelbourne in #10520
e2e - dump cluster manifests into artifacts and add --kubernetes-version by @rifelpet in #10522
kubetest2: Pass through some AWS env vars by @justinsb in #10525
kubetest2: add initial support for GCE by @justinsb in #10524
Add gp3 Volume Type to etcd by @msidwell in #10453
Only include API server additional security groups in InstanceGroups for masters by @seh in #10519
Update kube-router to v1.1.1 by @hakman in #10512
IRSA - continue adding route53 permisions to masters by @rifelpet in #10529
Add possibility to set volume throughput for gp3 volumes by @hakman in #10530
Prefix etcd cluster names with letters by @hakman in #10361
Recognize ubuntu 20.10 by @justinsb in #10278
Don't allow ebs volume TF resource names to begin with digit by @rifelpet in #10424
Add K8s Docker runtime support deprecation release note by @bmelbourne in #10371
Make it possible to change the etcd volume type and iops by @olemarkus in #10461
Promote Ole Markus to approvers list by @hakman in #10542
Add containerd config file to Flatcar based instances by @hakman in #10540
Add control-plane node role label to cp nodes by @olemarkus in #10397
Move bootstrapchannelbuilder to a dedicated package by @olemarkus in #10409
kubetest2: support specifying admin-access value by @justinsb in #10526
GCE: Don't warn about NVME by @justinsb in #10548
Simple upgrade test using kubetest2 framework by @justinsb in #10523
Refactor and centralize distribution logic by @justinsb in #10538
Fix to handle exit code of gazelle command in hack/verify-bazel.sh by @h3poteto in #10182
COS/GCE: exec on kubelet/flexvolume dirs by @justinsb in #10547
Fix typo in comment by @fenggw-fnst in #10541
Openstack: Prevent data race in servergroup member list by @justinsb in #10553
Updates GCE channels to use ubuntu over COS by @geojaz in #10554
Kubetest2 - use our own tester that wraps kubetest2's ginkgo tester by @rifelpet in #10549
Spotinst: Specify Spot percentage per Instance Group by @liranp in #10551
update gophercloud dependency by @zetaab in #10556
Upgrade Go v1.15.6 / Bazel v3.4.1 by @bmelbourne in #10550
Remove node-authorization by @olemarkus in #10439
[addons/CA] Add support for specifying resources and metrics by @dntosas in #10281
Spotinst: Iterate over metadata labels only once by @liranp in #10560
Default cgroup driver to systemd from k8s 1.20 by @bharath-123 in #10419
AWS CSI driver by @olemarkus in #10467
Upgrade cfn-lint to 0.44.3 by @rifelpet in #10565
Fix file not found error detection in fs:// by @rifelpet in #10566
Fix NLB listener -> target group association for TF & CF by @rifelpet in #10567
Spotinst: Bump the Ocean Controller to 1.0.70 by @liranp in #10573
Spotinst: Specify whether scale-down activities should be restricted by @liranp in #10561
[OpenStack] Use new hash format in instance names by @zetaab in #10557
kubetest2 - Add manifest template support by @rifelpet in #10559
Updates to Alpha versions - k8s & kOps by @moshevayner in #10576
Use Bazel 3.4.1 for postsubmit jobs by @hakman in #10578
Give kubetest2 its own makefile by @rifelpet in #10577
Use consistent naming for the remaining SGRs part two by @olemarkus in #10188
[DigitalOcean] add e2e tests by @srikiz in #10575
Allow nodeup (and others) to replace in-use files by @justinsb in #10581
Dial-down logging on flagbuilder by @justinsb in #10582
Fix default make target by @rifelpet in #10584
containerd: Add /etc/crictl config to enable crictl by @justinsb in #10585
Add CF integration test for gp3 volumes by @hakman in #10569
Release 1.20.0-alpha.1 by @hakman in #10591
Release notes for 1.20.0-alpha.1 by @hakman in #10592
Make cluster proportional autoscaler image configurable. by @bjhaid in #10564
Set default container runtime to containerd by @bmelbourne in #10370
Fix minor docs typos by @JamesJJ in #10598
Validate cluster cloud labels by @olemarkus in #10599
Exclude terraform.lock.hcl files from Git repo by @bmelbourne in #10597
Provide required --kubernetes-version flags to kubetest2-kops --up by @rifelpet in #10600
Kubetest - add networking support + misc fixes by @rifelpet in #10601
Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage by @justinsb in #10602
Add troubleshooting documentation by @olemarkus in #10594
Fix menu link to troubleshooting by @olemarkus in #10607
Use kops binary built by kubetest2-kops in upgrade script by @rifelpet in #10613
Warn if cilium encryption is enabled, but no secret has been set by @olemarkus in #10608
kubetest2 upgrade script - PATH needs to be a directory by @rifelpet in #10617
Add support for container-log-max-size/files with kubelet by @hakman in #10612
Add network and router availability zone hints to OpenStack by @ottosulin in #10616
Increase CoreDNS default ttl by @johanneswuerbach in #10610
Update Go to v1.15.7 by @hakman in #10614
kubetest2 - Add support for specifying a kubernetes version marker file by @rifelpet in #10620
kubetest 2 - fix parsing of k8s version semver values by @rifelpet in #10621
Update Weave to v2.8.0 by @hakman in #10604
Update AWS instances defaults by @hakman in #10624
kubetest2 - update the skip regex for the upgrade scenario by @rifelpet in #10626
Install dbus if needed for protokube with containerd by @justinsb in #10583
Ensure SpecOverrideFlag is set in upgrade test by @rifelpet in #10628
Fix unbound variable in upgrade scenario script by @rifelpet in #10631
kubetest2 - increase validation timeout for the upgrade scenario by @hakman in #10632
Add startup probe for calico-kube-controllers by @hakman in #10633
Remove coredns dnsprovider by @olemarkus in #10629
Spotinst: Avoid unnecessary duplication of tasks by @liranp in #10630
enableRemoteNodeIdentity actually defaults to true by @olemarkus in #10635
Replace gopkg yaml with k8s-sigs yaml by @olemarkus in #10634
protokube: Remove unused ExecuteTemplate function by @justinsb in #10637
Fix phony make target for setting up kubetest2 by @rifelpet in #10636
[Digital Ocean] Add SFO3 region. Also update e2e tests to use full list of supported zones by @srikiz in #10622
etcd-manager: Update to 3.0.20210122 by @justinsb in #10638
Update k8s versions in stable channel and bump ubuntu ami version in alpha channel by @moshevayner in #10639
Update kubetest2 library by @rifelpet in #10646
feat: implement azure get api ingress status fn by @ngalantowicz in #10609
Use the same package marker for kubectl as for e2e binary by @rifelpet in #10649
Reword 'what is kOps' by @olemarkus in #10570
Add back support for kubenet style networking with containerd by @hakman in #10651
Add set instancegroup command by @gabrieljackson in #10593
Add minimum version info for External Policies by @prashantkalkar in #10589
Set the tcp_rmem sysctl in bootstrap script by @justinsb in #10654
Add --create-args kubetest2 flag by @rifelpet in #10658
Fix cluster_spec.md indentation by @trondhindenes in #10660
Allow attaching same external load balancer to multiple instance groups by @hakman in #10666
Fix typo by @adrianmoisey in #10667
Update kops e2e testing docs by @bmelbourne in #10652
Create default loadbalancer when SSL certificate is specified by @rudeigerc in #10665
Bump Ubuntu images for AWS and GCE by @hakman in #10670
Release notes for 1.18.3 by @justinsb in #10673
Remove taints from spotinst ocean terraform resource by @rifelpet in #10674
Allow SSH user to be overridden for toolbox dump by @rifelpet in #10675
kubetest2 - Use --ssh-user to dump logs by @rifelpet in #10676
Update AWS etcd-manager volumes defaults by @hakman in #10661
Update aws-sdk-go to 1.37.0 by @rifelpet in #10682
Release notes for 1.19.0 by @justinsb in #10683
Update release compatibility matrix by @johngmyers in #10684
Default IMDSv2 to "optional" for AWS by @hakman in #10655
Add link to 1.19 by @olemarkus in #10686
Fix header indentation in addons.md by @olemarkus in #10685
Documentation update: Corrected externalPolicy AWS ARN formatting by @timothyclarke in #10680
Remove 'not released' notice from 1.19 notes by @olemarkus in #10688
Fix bug preventing tasks using gp2 by @olemarkus in #10694
Have channels create PKI for addons by @olemarkus in #10545
Add template function returning the latest image by @olemarkus in #10689
Update Weave to v2.8.1 by @hakman in #10698
Increase IMDSv2 hop limit on control plane nodes by @olemarkus in #10702
Kubetest2 - refactor how kops create cluster arguments are set by @rifelpet in #10701
Update upgrade test to use 1.18->1.19 by @rifelpet in #10710
Fix create args for upgrade test by @rifelpet in #10711
Docs: Fix ServiceAccountVolume proposed configuration for Istio by @dntosas in #10712
Update the skipped tests in the upgrade job to help the test stage pass by @rifelpet in #10713
Remove unused instanceGroup parameter from setClusterFields by @bharath-123 in #10690
Update code reference links in docs by @bharath-123 in #10696
Fix rendering issue created by #10414 by @avdhoot in #10700
Fix panic when exporting kubecfg for AWS cluster without load balancer by @rifelpet in #10720
Cleanup kops-controller Route53 record during cluster deletion by @rifelpet in #10721
Revert making imdsv2 default by @olemarkus in #10729
Throw error if path being set by kops set is not present in struct by @bharath-123 in #10692
Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed by @h3poteto in #10742
Fix ineffassign issues by @zhijianli88 in #10739
Deprecate aliyun by @olemarkus in #10746
alpha channel: Update older images by @justinsb in #10748
Fix docs build failure by @bharath-123 in #10750
add user agent to openstack api requests by @zetaab in #10732
Add support for cilium 1.9 by @olemarkus in #10695
Use EnsureTask instead of prepending IG names to external ELB tasks by @rifelpet in #10754
nodeup file: Set owner & group when we write the file. by @justinsb in #10757
Always generate kops-controller certs by @hakman in #10758
Release 1.20.0-alpha.2 by @hakman in #10765
Release notes for 1.20.0-alpha.2 by @hakman in #10768
Add troubleshooting of corrupted api server leases by @olemarkus in #10764
Boot nodes without state store access by @justinsb in #10469
Update GCE zones by @bharath-123 in #10771
Kubetest2 - Use a shell lexer for passing extra args to create cluster by @rifelpet in #10772
Use the kubeApiServerConfig clientCAFile field by @slu2011 in #10707
Kubetest2 - Fix splitting of --create-args by @rifelpet in #10775
Logging: don't suggest we are pre-creating DNS records unless we are by @justinsb in #10782
Add missing versions to channels by @olemarkus in #10781
fix: asset task copy docker image by @johanneswuerbach in #10767
Add support for creating world-readable managedFiles by @olemarkus in #10778
Update kubectl documentation with new flags by @rpadovani in #10779
Add overrides testing in lifecycle integration tests by @rifelpet in #10752
Add AWS LoadBalancerController by @olemarkus in #10489
Update Calico to v3.17.2 by @hakman in #10787
Enable CSIMigrationAWS if CSI EBS driver is installed by @olemarkus in #10791
Fill Role names in kops-controller-config instead of instance profile names when it is specified by @h3poteto in #10728
Storage: Allow disabling of kOps's management of StorageClasses by @seh in #10733
kubetest2 - Dump all pod logs in addition to host logs by @rifelpet in #10799
Update Docker to v19.03.15 by @hakman in #10802
Fix LaunchSpec TF output by @hakman in #10806
Make protokube CP label setting consistent with kops-controller by @olemarkus in #10780
Add deprecation notice for launch templates. by @bharath-123 in #10809
add azure support for internal loadbalancer to k8s api by @collin-woodruff-t1cg in #10744
Allow managed images for Azure instance groups by @NickSchleicher in #10797
kubenet containerd: match upstream by @justinsb in #10759
kubetest2: Add --host argument by @justinsb in #10814
iptables: Use the lock when checking for existing rules by @justinsb in #10812
Spotinst: Replace corev1.Taint to fix HCL2 serialization by @liranp in #10819
Spotinst: Bump the Ocean Controller to 1.0.72 by @liranp in #10820
Allow to control which subnets and IPs get used for the API loadbalancer by @codablock in #10741
kubetest2: Call Test, not Execute by @justinsb in #10824
Fix kdi 'must specify' error by @olemarkus in #10825
Update aws-sdk-go by @rifelpet in #10830
Use correct tag when creating node labels from azure cloud tags by @NickSchleicher in #10619
Precreate the kops-controller DNS name by @rifelpet in #10833
containerd installation: always configure, even if we don't install by @justinsb in #10813
Release binaries for protokube and channels by @hakman in #10840
Release 1.21.0-alpha.1 by @hakman in #10841
Release notes for 1.21.0-alpha.1 by @hakman in #10844
Update mock to v1.21.0-alpha.1 by @hakman in #10845
Kubetest2 - terraform support by @rifelpet in #10697
Actually enable systemd cgroup for containerd by @codablock in #10846
Update Go to v1.15.8 by @hakman in #10853
Add liveness probe for calico-kube-controllers by @hakman in #10856
Fix OpenStack delete functions by @ottosulin in #10849
Add support for CAS 1.20 + support for disabling CAS for a given IG by @olemarkus in #10857
Bump aws node termination handler to 1.12.0 by @bharath-123 in #10863
Kubetest2 - add ginkgo node debug logs by @rifelpet in #10866
K8s Version Updates February 2021 by @moshevayner in #10865
Add note about remote identities by @olemarkus in #10868
Bump metrics-server to 0.4.2 by @olemarkus in #10858
kubetest2 - support terraform with kops create cluster by @rifelpet in #10867
Add validation for instanceType and ami architecture by @bharath-123 in #10747
Upgrade k8s 1.20 to latest patch version by @moshevayner in #10875
Update AWS CNI to latest patch version by @moshevayner in #10876
Fixes for 1.21 e2e tests by @olemarkus in #10879
Release notes for 1.19.1 by @justinsb in #10883
Improve machine type and image validation by @hakman in #10884
fix loadBalancerID null pointer by @collin-woodruff-t1cg in #10886
Update Openstack Cloud Go module to v1.20.1 by @bmelbourne in #10896
Enforce 1.14 deprecation by @olemarkus in #10897
add usage of subnet and routetable shared resources in azure by @ngalantowicz in #10900
Update Calico to v3.18.0 by @hakman in #10904
Adding Elastic IP Allocations to NLB API by @timothyclarke in #10872
Release notes for 1.20.0-beta.1 by @hakman in #10909
Update Google Cloud Go module to v0.77.0 by @bmelbourne in #10894
Add Tagging to Instance Profiles and OIDC Providers by @rifelpet in #10832
AWS LB controller is as of 1.20, not 1.19 by @olemarkus in #10919
Spotinst: Prevent instance groups with the same suffix from being deleted by @liranp in #10918
add support for azure public loadbalancer by @collin-woodruff-t1cg in #10915
Fix nil pointer deference for image ID with spotinst by @hakman in #10924
Update SSH documentation for ubuntu by @jpugliesi in #10931
Fix no-schedule issue by @christian-schlichtherle in #10928
Update Controller Runtime Go module to v0.8.2 by @bmelbourne in #10914
Sort external policies when checking for changes by @hakman in #10940
Instruct GH to collapse BUILD.bazel diffs by default by @rifelpet in #10912
Further improve cloudLabel validation by @olemarkus in #10910
Add a standardised set of labels on all resources by @olemarkus in #10796
Bump external-dns to 0.7.6 by @olemarkus in #10946
Update etcd-manager to 3.0.20210228 by @justinsb in #10949
gce doesn't suffix the IG names with ClusterName by @olemarkus in #10944
Add AWS Transit Gateway support by @rifelpet in #10948
Fix node label conversion in Azure by @kenji-cloudnatix in #10935
Allow multi-CNI setups to set usesSecondaryIP by @ravens in #10828
Spotinst: Bump the Ocean Controller to 1.0.73 by @liranp in #10960
Spotinst: Don't skip LB attachments when SpotinstHybrid is enabled by @liranp in #10961
Add explicit RBAC permissions for finalizers subresources by @olemarkus in #10966
Fix typos in docs/getting_started by @roim in #10921
Add support for CPU Credits on AWS t2 and t3 instance families by @rifelpet in #10934
Add support for enable-cadvisor-json-endpoints with Kubelet by @adrianmoisey in #10957
Exclude CP nodes from load balancers by @olemarkus in #10945
Update k8s.io Go modules to v0.20.4 by @bmelbourne in #10965
Update Go to v1.16 by @bmelbourne in #10892
Add a note about informal office hours by @olemarkus in #10650
Removing duplicate local and output values in terraform(#10786) by @mmerrill3 in #10978
Add CloudLabels as --extra-tags to aws-ebs-csi driver by @codablock in #10976
Use internal api url for jwks by @olemarkus in #10888
Disable Calico Prometheus metrics by default by @hakman in #10982
Add etcd-manager discoveryPollInterval option by @ottosulin in #10975
Remove manually added labels from addons by @hakman in #10987
Fix kops-controller rbac due to leader election change by @olemarkus in #10988
Various cleanups around apply_cluster and awsmodel by @olemarkus in #10579
Fix very minor formatting typos in docs/manifests_and_customizing_via_api by @vitaliyf in #10990
Run protokube as a systemd service by @bharath-123 in #10574
kubetest2 - don't overwrite create args that use equals signs by @rifelpet in #10994
Remove support for launch configurations by @bharath-123 in #10937
Use exponential backoff for DNS updates by @hakman in #10996
Storage: Amend default choice for StorageClass management to honor a specified OpenStack-related value by @seh in #11002
Add to 1.21 release notes by @bharath-123 in #11004
Kubetest2 - Add support for publishing the kops version marker by @rifelpet in #11006
Kubetest2 - Fix kops' --kubernetes-version with k8s version markers by @rifelpet in #11007
Don't build kops during periodic upgrade tests by @rifelpet in #11005
Remove extraneous field from integration test by @rifelpet in #11010
Remove trailing newline from kubernetes version marker by @rifelpet in #11011
aws: Graceful handling of EC2 detach errors by @hwoarang in #10740
Kubetest2 - use same kops binary for all commands in upgrade scenario by @rifelpet in #11017
Update Calico to v3.18.1 by @hakman in #11018
Increase route53 retry count from 3 to 5 by @rifelpet in #11020
Spotinst: Add support for block device mappings in Ocean Launch Spec by @liranp in #11009
Allow cilium 1.10 by @olemarkus in #11026
Fix rendering of multiple Docker insecure registries by @hakman in #11027
azure: fix null pointer when updating in place cluster by @collin-woodruff-t1cg in #11015
Release notes for 1.20.0-beta.2 by @hakman in #11034
Update k8s dependencies to v1.21.0-beta.1 by @hakman in #11013
Trim space on kops version markers by @rifelpet in #11037
Honor OS update policy at InstanceGroup level too by @seh in #10913
Update Go to v1.16.2 by @hakman in #11039
Create an environment file for kops-configuration systemd process by @bharath-123 in #11042
Improve instance type validation error message by @bharath-123 in #11043
Revert upgrade script to build kops by @rifelpet in #11044
cluster validation - allow flapping of validation errors by @rifelpet in #11049
Update Terraform to v0.14.8 by @bmelbourne in #11051
Cleanup some nodeup & protokube logging by @rifelpet in #11052
Update Go modules to latest versions by @bmelbourne in #11047
Add channels entries for image architecture by @hakman in #11046
fix CNI bin path in troubleshoot.md by @adrianmester in #11061
Kubetest2 - Add GCE default SSH key values from prow jobs by @rifelpet in #11065
correct a word for readme by @yojay11717 in #11066
Update Bazel to v3.5.0 by @hakman in #11041
Install bazelisk before pushing images by @hakman in #11067
Kubetest2 - Add boskos for GCE support by @rifelpet in #11070
Download kubectl to /opt/kops/bin on Flatcar OS by @rifelpet in #11054
Kubetest2 - initialize boskos heartbeat channel by @rifelpet in #11073
Instance roles for service accounts (IRSA) contd by @olemarkus in #10756
Kubetest2 - add more validation time for --target terraform by @rifelpet in #11077
Fix GCE channels version constraints by @rifelpet in #11076
Update k8s versions with March 2021 releases by @moshevayner in #11075
Upgrade AWS CNI to version 1.7.10 by @moshevayner in #11078
Improve error messages around PublicJWKS by @justinsb in #11085
Don't add control-plane DNS permissions with UseServiceAccountIAM by @justinsb in #11086
Ensure a publicdatastore exists for jwks and that it can only be s3 by @olemarkus in #11081
Apiserver nodes by @olemarkus in #10722
fix(docs): cpuCFSQuotaPeriod needs a feature gate by @danmx in #11071
Update Ubuntu 20.04 to latest AMI by @bmelbourne in #11083
Re-add integration tests for jwks by @justinsb in #11087
Replace go-bindata with go:embed by @rifelpet in #11089
Dns controller fixes by @olemarkus in #11069
Remove unused RoleLabelName16 by @justinsb in #11097
Add additional IOPS validation for AWS EBS gp3 volumes by @lichuan0620 in #10843
Update google SDK libraries by @justinsb in #11096
Add values page by @justinsb in #11094
Deeper validation in dns controller tests by @justinsb in #11095
Ensure protokube can connect to kube-apiserver before starting the sync loop by @olemarkus in #11093
Remove dbus dependency by @bharath-123 in #11082
Have nodeup retry kops-controller bootstrapping sooner if DNS isn't setup by @rifelpet in #11101
Update AWS zones used by e2e tests by @rifelpet in #11103
Add docs about dedicated apiserver ndoes by @olemarkus in #11090
Put awslbcontroller on the control-plane by @olemarkus in #11091
Release 1.21.0 alpha.2 by @hakman in #11109
Release notes for 1.21.0-alpha.2 by @hakman in #11111
Update release process docs by @hakman in #11112
Use "tag on create" for EIPs, NLBs, and TargetGroups by @rifelpet in #11107
Load env vars from file for kops-configuration service by @hakman in #11114
Update containerd to v1.3.10/v1.4.4 by @bmelbourne in #11084
[DigitalOcean] Fix DO Tag issue by @srikiz in #11102
Kubetest2 - Setup SSH keys for GCE by @rifelpet in #11123
Validate that kube-apiserver has the necessary authz modes set by @olemarkus in #11127
Remove instance-selector label by @bharath-123 in #11048
Kubetest2 - fix temp directory created for GCE SSH keys by @rifelpet in #11133
replace hard coded aws region checks with aws sdk calls by @guydog28 in #11119
kubetest2 - Specify GCE network name by @rifelpet in #11139
Update protokube systemd unit docs link by @rifelpet in #11138
Add scaleDownDelayAfterAdd to clusterAutoscaler spec by @jurriaanpro in #11140
Update cluster_spec.md by @igor-loncarevic in #11142
minor protokube code clean up by @bharath-123 in #11143
Pass ctx to drain helper by @olemarkus in #11146
Change registrable domains to placeholders by @lukehinds in #11147
Add tags to instance profile and OIDC provider terraform resources by @rifelpet in #11149
Clarify release notes around exporting kubeconfig by @justinsb in #11154
Expand flag help on --user flags by @justinsb in #11153
Update Getting Started AWS guide by @allir in #11150
fix the mistake link in addons.md by @maoyangLiu in #11151
cloudbuild: capture some hashes by @justinsb in #11159
Only update kops-controller pods on deletion by @olemarkus in #10871
Side load images also on apiserver by @olemarkus in #11156
Add an option to skip NTP installation by @kenji-cloudnatix in #11160
kubetest2 - Pass GOPATH when building kops by @rifelpet in #11167
Filter kOps NatGateways from route table by @zetaab in #11169
Bump k8s deps to 1.21-rc.0 by @olemarkus in #11168
Allow setting dedicated apiserver node count from create cluster cmd by @olemarkus in #11152
Update Go to v1.16.3 by @bmelbourne in #11174
Add integration test for aws lb controller by @olemarkus in #11175
Enable use of irsa for aws load balancer controller by @olemarkus in #11088
Increase timeout and update images for postsubmit job by @rifelpet in #11177
Update Go modules to latest versions by @bmelbourne in #11176
Kubetest2 - Add flag to expose cluster validation wait time by @rifelpet in #11178
Spotinst: Use BDM to configure the root volume size at VNG level by @liranp in #11179
Spotinst: Configure headroom resources only at the VNG level by @liranp in #11181
Update k8s dependencies to v1.21.0 by @hakman in #11188
Release notes for 1.19.2 by @justinsb in #11193
Update node local dns cache by @zetaab in #11057
Update cilium.md by @recollir in #11189
Release notes for 1.20.0 by @justinsb in #11196
Docs: Remove 'prerelease' warning from 1.20 by @justinsb in #11198
Kubetest2 - Create project-specific state store buckets in GCP by @rifelpet in #11200
Update release compatibility matrix by @johngmyers in #11201
Update integration tests to k8s v1.21.0 by @bmelbourne in #11206
Kubetest2 - Set KOPS_BASE_URL to --build's stage location by @rifelpet in #11210
Update Docker to v20.10.5 by @bmelbourne in #11195
Rename the service account key by @johngmyers in #11207
Update go deps by @zetaab in #11208
Kubetest2 - detect errors creating GCS bucket by @rifelpet in #11212
Kubetest2 - Ensure the bucket path is the final gsutil arg by @rifelpet in #11215
Update IG tutorial for per-AZ node groups by @rifelpet in #11218
Use "string" for architecture type in ChannelRecommendedImage by @hakman in #11220
Always secure api -> kubelet communication by @olemarkus in #11185
Fix etcd volume validation logic by @hakman in #11225
Replace k8s.io/utils/mount with k8s.io/mount-utils by @hakman in #11229
Release 1.21.0-alpha.3 by @hakman in #11231
fix a typo by @yojay11717 in #11232
Release notes for 1.21.0-alpha.3 by @hakman in #11233
Remove validations for EBS from cluster validation by @h3poteto in #11228
Add support for Docker v20.10.6 by @hakman in #11236
Don't start kubelet if instance is entering the warm pool by @olemarkus in #11216
Correct typos by @hakman in #11238
'sv' may have 'nil' or other unexpected value by @Akiros001 in #11161
Logging cleanup by @rifelpet in #11080
Update kops_create_secret_dockerconfig.md by @integrii in #11186
Remove BLM banner by @hakman in #10672
Run tests only in zones with increased limits by @hakman in #11240
Give kOps CLI knowledge about ASG warm pools by @olemarkus in #11227
Fix golint issue caused by typo by @fenggw-fnst in #11239
Remove unused constants by @johngmyers in #11241
Bump k8s versions with April 2021 releases in Alpha channel by @moshevayner in #11245
Update kOps recommended versions and images by @hakman in #11247
Kubetest2 - Cleanup leaked resources from previous clusters by @rifelpet in #11250
Run tests in all regions with increased limits by @hakman in #11249
Don't set NeedUpdate on first addon install by @olemarkus in #11257
Make it possible to detect field changes when mixedInstancePolicy is removed by @h3poteto in #11255
Update rolling update documentation by @johngmyers in #11263
Pre-pull cilium and kube-proxy in warming mode by @olemarkus in #11258
[cilium] Add support for choosing resources by @dntosas in #11248
Add install section to kubelet unit by @olemarkus in #11264
Update terraform and cloudformation lint versions by @rifelpet in #11266
Fix cilium template scoping typo by @javipolo in #11270
Add Azure image to alpha/stable channel by @kenji-cloudnatix in #11271
Exclude nodes from load balancers upon cordoning by @johngmyers in #11273
Make it possible to enable/configure warm pool by @olemarkus in #11235
If one tries to use eip with a public ip that doesn't exist, fail by @olemarkus in #11276
Spotinst: Update spotinst/ocean-controller to v1.0.74 by @liranp in #11286
Add NTH Queue Processor Mode by @haugenj in #10995
Apiserver fixes by @olemarkus in #11293
Spotinst: Prevent nil pointer dereference by @liranp in #11289
fix: create.go doesnt add --name flag to the prompt: kops update cluster by @ebarped in #11296
Make warm pool no ASG found error retryable by @olemarkus in #11285
Document the newly required SQS permissions for NTH by @rifelpet in #11300
fix permissions required for NTH Queue Processor by @haugenj in #11303
bump NTH to 1.13.0 by @haugenj in #11301
Add GCE Router task by @kenji-cloudnatix in #11184
Add ability to set a default Issuer in certManager addon by @javipolo in #11281
Make nodeup able to complete the warming life cycle hook by @olemarkus in #11259
update deps by @zetaab in #11306
Filter servers using cluster name in tags by @zetaab in #11305
Add warm pool docs and release notes by @olemarkus in #11307
Use the full operator instead of the generic one by @olemarkus in #11312
Improve warm pool documentation by @johngmyers in #11313
Disallow negative warmpool sizes by @johngmyers in #11317
Promote channel alpha to stable by @hakman in #11318
[metrics-server] Bump manifest to latest stable by @dntosas in #11319
Allow disabling warm pool by setting WarmPool.MaxSize to 0 by @johngmyers in #11316
Fix typo by @johngmyers in #11321
[csi/aws] Bump templates + add support for warm pools by @dntosas in #11304
Add a lifecycle test for GCE by @kenji-cloudnatix in #11291
Add cluster-level warmPool settings by @johngmyers in #11322
Fix arguments to csi-provisioner after bump to v2.2.0 by @codablock in #11326
kubetest2: Infer the provider and zones from the kops cluster by @justinsb in #10847
Add support for configuring Cilium enable-host-reachable-services. by @bjhaid in #11333
Fix lifecycle hook naming by @olemarkus in #11335
Recognize Ubuntu 21.04 by @hakman in #11327
Add enable-host-reachable-services to 1.8 and generic cilium. by @bjhaid in #11337
Don't try to delete warm pool when creating the cluster by @olemarkus in #11331
Update Calico to v3.18.2 by @hakman in #11339
Fix SQS resource flapping by @olemarkus in #11336
Update controller-runtime to v0.9.0-beta.0 by @hakman in #11342
Set SAN for addon CAs by @olemarkus in #11328
Update kubetest2 dependency and fix install method for upgrade scenario by @rifelpet in #11338
Bump cilium to 1.9.6 by @olemarkus in #11344
Fix upgrade scenario kubetest2 install by @rifelpet in #11350
Fix kubetest2 panic inheriting env vars by @rifelpet in #11351
Mount /run inside etcd-manager pods for systemd mounts by @hakman in #11352
Update deps by @zetaab in #11357
Ignore detached nodes when doing validate cluster by @rajatjindal in #11349
Move firewall, iam, network and sshkey to awsmodel by @hakman in #11358
[addons/nth] Add capability to define resources by @dntosas in #11360
Split oidc_provider by @olemarkus in #11359
Expose hubble agent when hubble is enabled by @olemarkus in #11314
Configure aws oidc provider by @olemarkus in #11361
Use VFS as service account issuer if configured by @olemarkus in #11362
Allow cert-manager to be provisioned externally by @codablock in #11354
Mark control-plane node for update when etcd volume size changes by @hakman in #11365
Mark control-plane node for update when etcd manager config changes by @hakman in #11369
user-configurable IAM roles for ServiceAccounts by @olemarkus in #11016
add permission to create sa tokens by @zetaab in #11373
Add more support for cilium 1.10 by @olemarkus in #11374
Update Calico to v3.19.0 by @hakman in #11372
Refactor terraform writing by @johngmyers in #11371
Remove unused k8s version parsing by @rifelpet in #11375
Fix upgrade of service-account key by @johngmyers in #11376
Don't try to mount hubble TLS on the agent if we don't use hubble by @olemarkus in #11378
Kubetest2 - Update k8s upgrade test + add kops upgrade test by @rifelpet in #11382
Kubetest2 - Fix GNU mktemp syntax by @rifelpet in #11384
Kubetest2 - fix wget flag in kops download by @rifelpet in #11385
kubetest2 - remove unnecessary flags from upgrade scripts by @rifelpet in #11386
Don't use PublicJWKS in TestAWSLBController by @johngmyers in #11391
Don't add IRSA env vars if feature flag is not enabled by @olemarkus in #11392
Recognize the ServiceAccountIssuerDiscovery featue gate by @johngmyers in #11395
Quote grep patterns in docs/rotate-secrets.md by @keithlayne in #10656
Documentation and release note for IRSA by @johngmyers in #11398
Remove the PublicJWKS feature flag by @johngmyers in #11396
Don't publish OIDC discovery if DiscoveryStore not set by @johngmyers in #11397
Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller by @olemarkus in #11393
Add another update cluster dryrun to upgrade tests by @rifelpet in #11401
Update default volumes types in Cluster Documentation by @allir in #11405
Create upgrade_ab e2e scenario for complex upgrades by @justinsb in #11403
Release 1.22.0-alpha.1 by @johngmyers in #11407
e2e upgrade-ab: fix a few errors by @justinsb in #11409
Verify all versions are set correctly by @johngmyers in #11413
Use etcd-manager built from etcdadm repo by @justinsb in #11098
Remove code for no-longer-supported k8s versions by @johngmyers in #11412
Update the release process documentation by @johngmyers in #11419
[addons/awscsidriver] Bump to GA release by @dntosas in #11418
[Digital Ocean] Add an e2e job for DO by @srikiz in #10963
Fix references to v1.20 in v1.21 release notes by @hakman in #11427
Release notes for 1.21.0-beta.1 by @johngmyers in #11426
e2e: only get ExternalIPRange if we need it by @justinsb in #11431
e2e upgrade-ab: a few more fixes and notes on how to run locally by @justinsb in #11432
Create new clusters without forcing a container runtime by @hakman in #11428
Update verify-terraform to use 0.15.3 by @rifelpet in #11433
Carry forward 1.20 deprecations to 1.21 release notes by @johngmyers in #11438
Start release notes for 1.22 by @johngmyers in #11439
Sort --extra-tags of ebs-csi-driver by @codablock in #11444
Fix typo in 1.22 release notes by @johngmyers in #11448
Add test scenario for aws ebs csi driver by @olemarkus in #11449
Always install the latest plugin versions for Terraform tests by @hakman in #11447
Set the output base for fitask by @hakman in #11411
Simplify buildLaunchTemplateTask() part one by @johngmyers in #11452
Add missing carryover items from 1.21 release notes by @johngmyers in #11451
Add support for CAS 1.21.0 by @olemarkus in #11462
Allow AWS instance types with multiple architectures by @hakman in #11463
Fix KCM livenessProbe to use secure port by @rifelpet in #11454
Simplify buildLaunchTemplateTask() part two by @johngmyers in #11461
Use kubernetes.default for OIDC discovery in gossip clusters by @rifelpet in #11470
Add instructions for updating the k8s versions periodic jobs by @rifelpet in #11473
Release notes for 1.20.1 by @justinsb in #11475
Release notes for 1.19.3 by @justinsb in #11474
Update alpha channel with K8s releases from May-12 2021 by @moshevayner in #11476
upup: gcetasks: fix diffs in instance template and router by @nicktrav in #11460
Discover what zone the cluster is in for the aws-ebs-csi driver tests by @olemarkus in #11472
Use ginkgo to run the tests so we can run things in parallel by @olemarkus in #11479
Kubetest2 - Increase validation time for DO jobs by @rifelpet in #11481
upup: gcetasks: force send AutoCreateSubnetworks field when set to false by @nicktrav in #11457
Add kOps and k8s 1.21 to alpha channel by @moshevayner in #11482
Reduce kOps supported version range by @johngmyers in #11485
More release process documentation improvements by @johngmyers in #11434
Set the test cluster-tag by @olemarkus in #11487
Set canonical location for downloads to artifacts.k8s.io by @hakman in #11486
[AWS CCM] Permission to create SA token by @nckturner in #11368
Add link to release notes on first beta release by @johngmyers in #11488
Remove etcd-manager certificate expiration advisory by @hakman in #11480
Adjust deprecation announcements by @johngmyers in #11489
Update cert-manager by @olemarkus in #11493
Set priorityClassName on critical addons by @olemarkus in #11495
fix(coredns/rbac): add permission to list and watch endpointslices by @nettoclaudio in #11459
bump aws lb controller to 2.2.0 by @olemarkus in #11502
Aws lb scenario fix flags by @olemarkus in #11506
AWS LB controller requires multiple subnets to work by @olemarkus in #11507
Cleanup some of the scenario scripts by @rifelpet in #11508
Include new pipeline job in the release branch process by @rifelpet in #11509
Spotinst: Update spotinst/ocean-controller to v1.0.75 by @liranp in #11512
Subsume StatusStore into fi.Cloud by @johngmyers in #11498
Split genkgo in two by @olemarkus in #11519
[DigitalOcean] [WIP] Increase droplet size for e2e tests by @srikiz in #11520
Add initial support for configuring IPv6 with AWS by @hakman in #11442
Add default tags to LB controller and cilium eni resources by @olemarkus in #11517
Remove dead code in bootstrap script by @johngmyers in #11521
Set default fstype for ebs volumes to ext4 by @olemarkus in #11525
Skip feature tests for ebs csi e2e by @olemarkus in #11530
Update etcd_backup_restore_encryption.md by @aberenshtein in #11533
Don't download nodeup if already in the AMI by @johngmyers in #11524
[addons/networking.cilium.io] enable prometheus scraping by @ulfox in #11514
feat(openstack): enable configuration of servergroup affinities by @mitch000001 in #11531
Update containerd to v1.4.6 by @hakman in #11535
Cleanup orphaned IAM service account roles in direct render by @johngmyers in #11497
Support terraform 0.12+'s filebase64() in json output by @rifelpet in #11540
Release images bundle instead of separate images by @hakman in #11522
Bump CoreDNS manifests to latest stable version 1.8.3 by @dntosas in #11500
Run the tests requiring snapshotcontroller again by @olemarkus in #11544
Update CAS manifest by @olemarkus in #11491
Make events etcd cluster optional by @codablock in #11330
Add support for arbitrary terraform functions by @rifelpet in #11542
Add snapshot-controller by @olemarkus in #10730
Add etcd-server related tests by @hakman in #11552
Bump default cilium to 1.9.7 by @olemarkus in #11554
Document updating conformance is first stable minor release only by @johngmyers in #11556
Add hubble documentation by @olemarkus in #11557
Allow using insecure TLS for metrics-server with Kubernetes 1.19+ by @hakman in #11559
Add snapshot-controller by @olemarkus in #11561
Fix deletion of IAM roles and policies by @johngmyers in #11558
Allow Spotinst to use comma separated instance types by @hakman in #11560
Release notes for 1.21.0-beta.2 by @johngmyers in #11570
Set flags on AWS CCM mimicking KCM by @olemarkus in #11566
Enable cert-manager in the ebs csi e2e test by @olemarkus in #11569
Only allow deletion of snapshots owned by the cluster by @olemarkus in #11571
Avoid error when first creating VPC with IPv6 by @justinsb in #11575
Improve some small issues with the release process by @hakman in #11572
Cleanup InstanceProfile only that have ownership tags in delete cluster by @h3poteto in #11568
Don't set the master address for aws ccm by @olemarkus in #11582
Enable reading shared config when possibly from CLI by @johngmyers in #11387
Only update kubeconfig user when we have user info by @justinsb in #11584
Add release note for AWS shared config by @johngmyers in #11585
Use latest CI build instead of building in the test by @olemarkus in #11588
Remove unused files by @johngmyers in #11591
Use the downloaded kops version for awslbc test by @olemarkus in #11593
Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet by @johngmyers in #11590
Update Calico to v3.19.1 by @hakman in #11594
Cleanup Docs by @hakman in #11595
First addon operator integration: CoreDNS by @justinsb in #9374
Add a note about NTH Queue Process mode by @olemarkus in #11600
Enable AWS EBS CSI driver by default by @olemarkus in #11605
Add documentation about snapshot-controller by @olemarkus in #11606
Convert all indents to spaces in node bootstrap script by @hakman in #11611
Use version marker for kops upgrade scenario by @olemarkus in #11612
Add init image field for Amazon VPC CNI by @ryan-dyer-sp in #11602
Add to release process documentation by @johngmyers in #11581
Change toolbox template flag for consistency by @johngmyers in #11616
Fix duplicate CopyFile tasks by @johngmyers in #11619
Don't stage kops as file assets by @johngmyers in #11620
Dump all CP node logs to artifacts by @olemarkus in #11615
Simplify release steps by @johngmyers in #11624
Remove debug code and copy kops to PATH by @olemarkus in #11625
Update Go to v1.16.4 by @hakman in #11626
Add "kops get assets" command by @johngmyers in #11617
Set lifecycle on WarmPool task by @johngmyers in #11618
Label issue types in issue templates by @johngmyers in #11637
Remove fallback support for legacy IAM by @johngmyers in #11641
Rename CopyDockerImage to CopyImage by @johngmyers in #11640
Update the service account issuer discovery documentation by @olemarkus in #11642
Require all HasLifecycle tasks to have lifecycle set by @johngmyers in #11650
Consolidate CSI livenessprobe images for multi-arch support by @rifelpet in #11652
Protokube needs dns-controller IAM permissions by @johngmyers in #11645
Remove docs on static addons by @olemarkus in #11653
Skip some steps if not doing cluster lifecycle by @johngmyers in #11657
Fix detection of virtual-hosted-style S3 urls in us-east-1 by @johngmyers in #11655
Promote channel alpha to stable by @johngmyers in #11658
Bump default cilium to 1.10 by @olemarkus in #11659
[Digital Ocean] Code cleanup with no functional modifications by @srikiz in #11592
Fix jwks object path in S3 for IRSA by @h3poteto in #11649
Use version marker for kops ab scenario by @olemarkus in #11648
Kubetest2 scenario script cleanup by @rifelpet in #11664
Add more lifecycles to HasLifecycle tasks by @rifelpet in #11666
Set lifecycle on Droplet task by @johngmyers in #11665
Don't describe CloudLabels as being AWS-specific by @johngmyers in #11667
Move common stuff in e2e scenarios to common.sh by @olemarkus in #11668
Fix kubetest2 upgrade scripts by @rifelpet in #11670
Clean up straggling autogenerated code by @johngmyers in #11671
Remove dead code by @johngmyers in #11672
Explicitly set kubeconfig flag where we want to use it by @olemarkus in #11676
Add support for Docker v20.10.7 by @hakman in #11674
Use release markers instead of releases by @olemarkus in #11679
Drop trailing slash from oidc issuer by @olemarkus in #11682
Make Lifecycle field non-pointer by @johngmyers in #11673
Update Go to v1.16.5 by @hakman in #11686
Fix set-version leaving backup files with "-e" suffix by @johngmyers in #11691
Release notes for 1.21.0-beta.3 by @johngmyers in #11694
Update release process documentation by @johngmyers in #11695
Set IMDSv2 on by default for nodes and apiservers by @olemarkus in #11329
Deprecate old OS versions by @johngmyers in #11696
Fix panic in dryrun report by @johngmyers in #11698
Add options for configuring IPv4 and IPv6 support with Calico by @hakman in #11688
add e2e scenario script for testing cilium connectivity by @olemarkus in #11697
Fix copying of images from docker.io by @johngmyers in #11656
Fix the CSI EBS DS CRB. by @olemarkus in #11701
Use v1 certificate for LB controller by @olemarkus in #11703
Move asset copying out of apply_cluster by @johngmyers in #11700
Remove documentation of legacy IAM permissions by @johngmyers in #11706
Add some tests around channel adding needs-update annotation by @olemarkus in #11598
Update kube-router to v1.2.3 by @hakman in #11124
Create document on asset repositories by @johngmyers in #11654
Make relnotes match the new max hop limit IMDS behaviour by @olemarkus in #11702
Add proxy envs to calico to make possible usage of AWS source destination check by @DOboznyi in #11709
Update controller-runtime to v0.9.0 by @hakman in #11713
Generate AWSEBSCSIDriver model only when using AWS by @hakman in #11716
Make AWS EBS CSI Driver default as of k8s 1.22 by @olemarkus in #11721
Use quay images for cilium by @olemarkus in #11722
Allow master to touch volumes tagged with kubernetes.io/cluster/:owned by @wongma7 in #11729
Update release branch docs with kubetest2 presubmit job by @rifelpet in #11732
Perform ClusterCIDR and ServiceClusterIPRange assignments for IPv6 by @johngmyers in #11724
Spotinst: Support for API Load Balancer with AWS/NLB by @liranp in #11604
Add support for setting latest k8s in ab scenario by @olemarkus in #11735
Deprecate CloudFormation support by @johngmyers in #11630
Calculate IPv6 subnet CIDR based on cluster CIDR by @hakman in #11523
Only warm-pull images used by the CSI DS by @olemarkus in #11734
Remove k8s-upgrade script as upgrade-ab is now used instead by @olemarkus in #11738
Add small note about rotating cluster after backup restore by @olemarkus in #11733
Make forwardToKubeDNS work in the NodeLocal DNSCache template by @ederst in #11743
Add test scenario for if channels is able to delete dangling resources by @olemarkus in #11739
Remove InstanceGroup from NodeupModelContext by @johngmyers in #9294
Refactor keypair code in preparation for secret rotation by @johngmyers in #11219
Remove unused field by @johngmyers in #11749
Hyperlink Sprig reference by @OutdatedVersion in #11730
Compare OpenStack security groups deterministically by @ederst in #11741
Don't set Subnet dependency on AmazonIPv6CIDR for shared VPCs by @hakman in #11752
Set BindAddress appropriately when in IPv6-only mode by @johngmyers in #11737
Add --ipv6 experimental cli flag by @hakman in #11629
Don't restrict nodeup download to IPv4 by @johngmyers in #11755
Cilium: disable masquerade by default when in ENI IPAM mode by @johngmyers in #11753
Set default ClusterCIDR through the PodCIDR by @johngmyers in #11756
Enable IPv6 support for Cilium by @johngmyers in #11754
Allow unsetting fields from the command line by @johngmyers in #11745
Adjustments to SpecOverride by @johngmyers in #11761
Make the AdminAccess default inclusive of IPv6 by @johngmyers in #11763
Default the NodeCIDRMaskSize appropriately for IPv6 by @johngmyers in #11762
Simplify Calico IPv6 configuration by @johngmyers in #11725
Fix typo in IRSA docs by @yurrriq in #11770
Fix typo in populate_instancegroup_spec.go by @yurrriq in #11769
fix enable default SC when EBS driver is not installed by @olemarkus in #11771
Set containerd config on nodeup.Config instead of clusterspec by @olemarkus in #11750
Make it easy to run scenarios with irsa enabled by @olemarkus in #11758
Trim unnecessary paths from worker node IAM by @johngmyers in #11775
Allocate smaller IPv6 PodCIDRs by default by @johngmyers in #11772
Update github.com/spf13/viper to v1.8.0 by @hakman in #11777
[cni/cilium] Add support for additional config options by @dntosas in #11678
Bump the cas addon version. by @olemarkus in #11780
Also set haveUserInfo=true in case --user was provided in "kops export kubecfg" by @codablock in #11778
Don't try to build etcd-manager secrets for cilium twice by @olemarkus in #11764
[addons] Introduce NodeProblemDetector by @dntosas in #11381
Enable ability to use IRSA for cluster autoscaler by @olemarkus in #11748
Allow using IRSA for EBS CSI Driver by @olemarkus in #11747
Delete all files in the provided discoveryStore on cluster deletion by @olemarkus in #11791
Release notes for 1.20.2 by @justinsb in #11804
Update alpha channel k8s versions and ec2 ami base image by @moshevayner in #11803
Seed the random number generator on AWS by @johngmyers in #11789
Upgrade AWS CNI to latest release 1.8.0 by @moshevayner in #11805
bump the version of gophercloud by @cardoe in #11788
Allow "kops create keypair" to stage next CA cert by @johngmyers in #11252
Reduce policy size by @olemarkus in #11814
Fix lbc permissions by @olemarkus in #11815
doc: remove brew switch ref and simplify version bump by @chenrui333 in #11817
brew: remove kops.rb by @chenrui333 in #11819
Split out get, describe, and delete keypairs commands by @johngmyers in #11820
Include multiple cluster CAs in trust stores by @johngmyers in #11809
Fix validating presence of AWS EBS CSI by @olemarkus in #11795
Pre-pull all container images used by components and addons by @hakman in #11717
skip flaking ebs csi flakes by @olemarkus in #11821
Set EnableExternalCloudController to true by default by @hakman in #11825
Put versioned API of cluster into state store by @johngmyers in #9229
Support creating new service-account keypairs by @johngmyers in #11822
Add support for logging-format option (text/json) by @dntosas in #11583
Add back createvolume to master + bump ebs driver by @olemarkus in #11811
Improve the output of 'kops get keypairs' by @johngmyers in #11823
Fix kOps version for managed flag on cert-manager by @djablonski-moia in #11828
Run scenarios as presubmit tests by @olemarkus in #11801
Include multiple CA certs in exported kubeconfigs by @johngmyers in #11831
Remove support for importing and converting kubeup clusters by @johngmyers in #11824
Ignore failing tests in upgrade scenario by @rifelpet in #11832
Set priority class for AWS CCM addon by @hakman in #11834
Limit concurrency of asset copy tasks by @johngmyers in #11708
Add 'kops promote keypair' command by @johngmyers in #11835
Kubetest2 fix periodic end to end tests by @olemarkus in #11838
Kubetest2 - Add --skip-regex logic by @rifelpet in #11841
Fix skip regex for ebs csi test by @olemarkus in #11840
Mark nodes NeedsUpdate when keys they use change by @johngmyers in #11833
Completely remove EnableExternalCloudController feature flag by @hakman in #11839
Only set default --skip-regex if it hasn't been set by @rifelpet in #11842
Clarify the limitations of Azure DNS support by @kenji-cloudnatix in #11844
Refactor kube-controller-manager secrets by @johngmyers in #11847
Escape --skip-regex pattern by @rifelpet in #11851
Make aws-cni config more flexible and generalized by @moshevayner in #11816
Weaken some interfaces by @johngmyers in #11837
Handle containerExec hooks when using containerd by @hakman in #11852
Improve image copying by @johngmyers in #11854
Update helm to v3.6.1 by @olemarkus in #11860
Update CNI plugins to v0.9.1 by @hakman in #11846
Don't include irrelevant bootstrap addons by @johngmyers in #11861
Remove obsolete Spotinst manifest by @johngmyers in #11862
Enable cross-subnet mode with Calico by default by @hakman in #11810
Fix dryrun cluster creation by @johngmyers in #11863
Push alpha channel to stable by @moshevayner in #11864
Add a note about running update-expected when updating base AMI by @moshevayner in #11865
Make it simpler to spot missing files in integration tests by @olemarkus in #11866
fix: broken link by @choeffer in #11793
Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem by @hakman in #11868
Remove version from addons by @hakman in #11867
Move most nodeup.Config data to config store by @johngmyers in #11869
Don't reconcile roles and policies if a profile is provided by @olemarkus in #11836
Use DualStack API NLB for IPv6 by @hakman in #11870
Simplify config server protocol by @johngmyers in #11871
Refactor etcd-client-cilium secrets by @johngmyers in #11848
Retain deleted keypairs by @johngmyers in #11845
Write config as ManagedFile by @johngmyers in #11796
Improve "kops distrust keypair" command by @johngmyers in #11876
Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring by @hakman in #11873
Kubetest2 - set node-os-arch flag instead of skipping kubectl test on arm64 by @rifelpet in #11879
Improve completion for kops root command by @johngmyers in #11880
Spotinst: Update spotinst/ocean-controller to v1.0.76 by @liranp in #11885
support large/slow downloads by @aojea in #11884
Add support for darwin/arm64 on the client-side by @hakman in #11883
Refactor nodeup APIServer builder, part one by @johngmyers in #11872
Allow rotation of etcd-clients-ca-cilium by @johngmyers in #11877
[DigitalOcean] Increase droplet size for e2e tests by @srikiz in #11887
Set download timeout to 3 minutes by @hakman in #11886
Implement completion for "kops create keypair" by @johngmyers in #11888
Render managed files with Terraform by @johngmyers in #9621
Implement completion for "kops promote keypair" by @johngmyers in #11892
Fix nil-pointer dereference on dryrun by @johngmyers in #11894
Implement completion for "kops distrust keypair" by @johngmyers in #11899
Refactor etcd-clients-ca keyset for api-server by @johngmyers in #11897
Allow overriding the ServiceAccountIssuer for IRSA by @johngmyers in #11853
Remove unnecessary parameters from terraform finish methods by @rifelpet in #11900
Include GCP Project in terraform HCL2 output by @rifelpet in #11901
Use Cobra's built-in completion command by @johngmyers in #11905
Refactor apiserver-aggregator-ca by @johngmyers in #11906
Add support for IPv6 addresses to dns-controller by @hakman in #11907
Improve "kops get keypairs" by @johngmyers in #11904
Release notes for 1.21.0 by @justinsb in #11910
Update pause image to 3.5 by @rifelpet in #11909
Upgrade Cobra to 1.2.1 by @johngmyers in #11912
Capture logs from the containerd service by @hakman in #11914
Do not set both CIDR and IPv6CIDR on sg rules by @olemarkus in #11915
Remove unused test files from legacy IAM by @rifelpet in #11918
Reduce policy size further by @olemarkus in #11843
Set KOPS_RUN_TOO_NEW_VERSION in scenario scripts by @rifelpet in #11923
Update version support matrix for 1.21 by @johngmyers in #11922
Rename the "ca" keyset to "kubernetes-ca" by @johngmyers in #11921
Allow fsstore to be used for mock s3 rules by @olemarkus in #11916
Implement completion for "kops rolling-update cluster" by @johngmyers in #11924
Implement completion for "kops update cluster" by @johngmyers in #11926
Update the status of cloud providers by @johngmyers in #11930
Remove obsolete files by @johngmyers in #11932
Implement completion for validate and upgrade by @johngmyers in #11927
Continue if a single addon fails to be applied by @olemarkus in #11933
Remove unused golden files from manyaddons test by @olemarkus in #11935
Schedule certmanager webhook on control plane by @olemarkus in #11934
[Digital Ocean] Remove PrivateNetworking option in droplet since it's deprecated by @srikiz in #11936
Run cert-manager cainjector on CP nodes as well by @olemarkus in #11938
Fix various CCM issues by @olemarkus in #11939
Add podPidsLimit / --pod-max-pids support by @uthark in #11898
Add log rotation for etcd-cilium.log by @hakman in #11943
[Digital Ocean] Modify error message when multiple zones are specified by @srikiz in #11944
Fix bullet point rendering in state doc by @rothgar in #11948
Implement some completion for "kops create cluster" by @johngmyers in #11940
check if the instance is under an asg by @olivierpilotte in #11958
Use etcd v3.5.0 for Kubernetes 1.22+ by @hakman in #11941
Unconditionally reenable KMS and Volume Limit tests by @rifelpet in #11966
Suppress usage for errors returned from RunE by @johngmyers in #11969
Implement completion for "kops create instancegroup" by @johngmyers in #11957
Refactor keysets for etcd-manager by @johngmyers in #11964
Cilium etcd fixes by @olemarkus in #11961
Refactor service-account signing key by @johngmyers in #11974
Add "all" variants of key rotation commands by @johngmyers in #11971
Add documentation for keypair rotation by @johngmyers in #11972
Implement completion for delete commands by @johngmyers in #11970
Issue certs using CA KeypairID in NodeupConfig by @johngmyers in #11975
Stop writing the certificate-only keyset.yaml by @johngmyers in #11977
Provide more information on rotating secrets by @johngmyers in #11978
Spotinst: Update spotinst/ocean-controller to v1.0.77 by @liranp in #11981
[Digital Ocean] Fix sporadic volume detach error when volume is already detached by @srikiz in #11963
Fix broken link to contributing by @moshevayner in #11979
Add "kops trust keypair" command by @johngmyers in #11973
Implement completion for "kops edit" commands by @johngmyers in #11980
Add missing IAM permissions to the NTH docs by @olemarkus in #11984
Implement completion for "kops export kubeconfig" by @johngmyers in #11983
Cobra cleanups by @johngmyers in #11985
Fix "kops export kubeconfig" by @johngmyers in #11988
Add region to aws lbc by @olemarkus in #11990
Move containerd config from cloudup to nodeup by @olemarkus in #11986
Change set and unset commands into flags on "kops edit cluster" by @johngmyers in #11987
Remove dead code by @johngmyers in #11993
Implement completion for "kops toolbox", part one by @johngmyers in #11992
hack/upload: avoid ACLs for GCS buckets with UBLA enabled by @spiffxp in #11994
Azure - support VMSS availability zones by @rifelpet in #11962
Upgrade aws-sdk-go by @rifelpet in #11996
remove references to kubernetes-release-dev by @spiffxp in #11997
Clean up extra spaces by @jayonlau in #11989
Verify CA keypair IDs for kops-controller-issued certs by @johngmyers in #11982
Use keypair IDs for non-kops-controller-issued worker node certs by @johngmyers in #11998
Update alpha channel with July k8s releases and bump Ubuntu EC2 AMI version by @moshevayner in #12000
Dedicated function for ccm permissons by @olemarkus in #11991
Add keypair rotation test scenario by @rifelpet in #12001
Fix file permissions on new keypair rotation test scenario by @rifelpet in #12005
Implement completion for "kops toolbox", part two by @johngmyers in #11999
Issue kubelet cert on apiserver nodes for k8s before 1.19 by @johngmyers in #12002
Refactor more kube-apiserver credentials by @johngmyers in #12003
Accommodate older destination kops versions in upgrade-ab scenario by @johngmyers in #12008
Fix kops binary references in keypair rotation scenario by @rifelpet in #12009
Don't provision SSH key by default on AWS by @johngmyers in #12011
Deprecate the Lyft CNI by @johngmyers in #12010
Remove apiserver's access to controller-manager secrets by @johngmyers in #12006
Release 1.22.0-alpha.2 by @hakman in #12012
Fix keypair rotation scenario kops binary by @rifelpet in #12013
Keypair rotation scenario - create report directory by @rifelpet in #12015
Release notes for 1.22.0-alpha.2 by @hakman in #12014
Clarify how cloud labels are used in getting started docs by @rifelpet in #12017
Add azure support for specifying a shared vpc by @rifelpet in #12018
Report unknown feature flags as such by @johngmyers in #12020
Promote AWS VPC CNI to stable by @johngmyers in #12021
keypair rotation scenario - fix base64 decoding by @rifelpet in #12022
Set vpc-id on aws lbc by @olemarkus in #12023
Add irsa support for node termination handler by @olemarkus in #12024
Return a clearer error when terraform is used on an unsupported provider by @rifelpet in #11953
Remove redundant call to addSnapshotPermissions by @olemarkus in #12025
Remove addons that no longer works by @olemarkus in #12027
Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers by @johngmyers in #12019
Assert the correct number of kubeconfig CAs during keypair rotation by @rifelpet in #12029
keypair rotation - export new credentials between promote and distruts by @rifelpet in #12032
Update mkdocs dependencies to latest versions by @rifelpet in #12031
Implement completion for "kops get", part one by @johngmyers in #12028
Use kubeconfig for authentication and authorization as well by @johngmyers in #12036
Implement completion for "kops get", part two by @johngmyers in #12039
Remove unnecessary IAM permission by @johngmyers in #12044
Replace "kops describe keypair" with "kops get keypair -oyaml" by @johngmyers in #12040
Provision TLS server certs for controller-manager and scheduler by @johngmyers in #12030
Recommend kops 1.21.0 in alpha channel by @johngmyers in #12051
Promote channel alpha to stable by @johngmyers in #12050
Pull sshpubkey subcommands out of secrets by @johngmyers in #12045
Clean up "create secret" subcommands by @johngmyers in #12055
Clean up remaining secrets subcommands by @johngmyers in #12056
Use regional STS endpoint by @johngmyers in #12043
Use static pattern rules to reduce duplication by @johngmyers in #12046
Update aws-sdk-go to v1.40.10 by @hakman in #12060
Update controller-runtime to v0.9.5 by @hakman in #12061
Update containerd to v1.4.8 by @hakman in #12059
Cobra cleanups by @johngmyers in #12063
Update AWS CNI to v1.9.0 by @moshevayner in #12065
Update core-dns to v1.8.4 by @hakman in #12062
Cleanup various references to LaunchConfigurations by @rifelpet in #12072
Update containerd to v1.4.9 by @hakman in #12073
Fix cluster list action by @justinsb in #12075
GCE: TargetPool should ignore Lifecycle field by @justinsb in #12079
Update Ubuntu images to v20210720 by @hakman in #12080
Use SHA-256 for manifest hashes by @johngmyers in #12087
Update Calico to v3.20.0 by @hakman in #12088
Temporarily skip MetricsGrabber test by @rifelpet in #12090
Kubetest2 scenarios - provide absolute path to kops binary by @rifelpet in #12091
Add nth rebalance recommendation configs by @cheyilin in #12083
Also skip MetricsGrabber tests on 1.23 version marker by @rifelpet in #12093
Update Docker to v20.10.8 by @hakman in #12096
Update README.md by @youvegotmoxie in

kubernetes/kops v1.32.0 on GitHub

Release notes for kOps 1.32 series

Significant changes

Kubernetes minor version upgrades to 1.31 or later should be performed using the `kops reconcile cluster command.

Deprecations

What's Changed

kubernetes/kops v1.32.0
on GitHub