1.18-NOTES.md

Release notes for kops 1.18 series

(The kops 1.18 release has not been released yet, this is a document to gather the notes prior to the release).

Significant changes

• containerd can now be selected as an alternate container runtime for Kubernetes. Use the --container-runtime containerd flag to create such a cluster.

• The default instance type for AWS is now t3.medium. This should provide better performance and reduced costs in clusters where the average CPU usage is low.

Breaking changes

• Terraform users on AWS may need to rename some resources in their state file in order to prepare for Terraform 0.12 support. See Required Actions below.

• Lyft CNI plugin default subnet tags changed from from Type: pod to KubernetesCluster: myclustername.mydns.io. Subnets intended for use by the plugin will need to be tagged with this new tag and additional tag filters may need to be added to the cluster spec in order to achieve the desired set of subnets.

• Support for Kubernetes versions prior to 1.9 has been removed.

• Kubernetes 1.9 users will need to enable the PodPriority feature gate. See Required Actions below.

• A controller is now used to apply labels to nodes. If you are not using AWS, GCE or OpenStack your (non-master) nodes may not have labels applied correctly.

• Please see the notes in the 1.15 release about the apiGroup changing from kops to kops.k8s.io

Required Actions

• Terraform users on AWS may need to rename resources in their terraform state file in order to prepare for future Terraform 0.12 support. Terraform 0.12 no longer supports resource names starting with digits. In Kops, both the default route and additional VPC CIDR associations are affected. See #7957 for more information.

  • The default route was named aws_route.0-0-0-0--0 and will now be named aws_route.route-0-0-0-0--0.
  • Additional CIDR blocks associated with a VPC were similarly named the hyphenated CIDR block with two hyphens for the /, for example aws_vpc_ipv4_cidr_block_association.10-1-0-0--16. These will now be prefixed with cidr-, for example aws_vpc_ipv4_cidr_block_association.cidr-10-1-0-0--16.

  To prevent downtime, follow these steps with the new version of Kops:

  kops update cluster --target terraform ...
  terraform plan
  # Observe any aws_route or aws_vpc_ipv4_cidr_block_association resources being destroyed and recreated
  # Run these commands as necessary. The exact names may differ; use what is outputted by terraform plan
  terraform state mv aws_route.0-0-0-0--0 aws_route.route-0-0-0-0--0
  terraform state mv aws_vpc_ipv4_cidr_block_association.10-1-0-0--16 aws_vpc_ipv4_cidr_block_association.cidr-10-1-0-0--16
  terraform plan
  # Ensure these resources are no longer being destroyed and recreated
  terraform apply
  

• Kubernetes 1.9 users will need to enable the PodPriority feature gate. This is required for newer versions of Kops.

  To enable the Pod priority feature, follow these steps:

  kops edit cluster
  # Add the following section
  spec:
    kubelet:
      featureGates:
        PodPriority: "true"
  

• If a custom Kops build was used on a cluster, a kops-controller Deployment may have been created that should get deleted. Run kubectl -n kube-system delete deployment kops-controller after upgrading to Kops 1.16.0-beta.1 or later.

Deprecations

• Support for Kubernetes version 1.10 is deprecated and will be removed in kops 1.19.

Full change list since 1.17.0 release

1.17.0-alpha.1 to 1.18.0-alpha.1

• Release notes for 1.17.0-alpha.1 @justinsb #8006
• Implementing audit dynamic configuration (#7392) @mmerrill3 #7424
• Set bazel version @mikesplain #7996
• Add verify-gomod and verify-goimports to Travis job @rifelpet #7952
• Alicloud: fix typo for listenerPort @bittopaz #8011
• Alicloud: only private subnets need SNAT rule @bittopaz #8015
• Alicloud: use ID of EIP to compare @bittopaz #8012
• Improve rolling update test coverage @johngmyers #7904
• Add download link for etcd-manager-ctl, clarify restarting etcd @dzoeteman #7506
• Run goimports in make ci @tioxy #8023
• Alicloud: fix comparison failure for scalinggroup @bittopaz #8029
• Alicloud: support internal api loadbalancer @bittopaz #8014
• Alicloud: fix comparison failures for SecurityGroupRule and SSHKey @bittopaz #8028
• Alicloud: add Encrypted field in Disk Find func @bittopaz #8026
• Add joshbranham to OWNERs as reviewer @joshbranham #8010
• Add CapacityOptimized to list of supported spot allocation strategies @gjtempleton #7406
• Alicloud: fix comparison failures for VPC and NATGateway @bittopaz #8027
• Alicloud: use Balance as MultiAZPolicy @bittopaz #8030
• Allow users to set kube controller manager's concurrent sync flags. @uruddarraju #7600
• Pass the cloud object to validator from caller @johngmyers #7925
• Rename to kops @justinsb #1
• Alicloud: allow use RAM role for OSS client @bittopaz #8025
• Fix Handling of LaunchTemplate Versions for MixedInstancePolicy @granular-ryanbonham #8038
• Additional leader election options @DerekHeldtWerle #8036
• Fix truncation of admission control plugins list @johngmyers #8033
• Add more verifications to Travis @johngmyers #8024
• Alicloud: fix comparison failures for LaunchConfiguration and LoadBalancerWhiteList @bittopaz #8042
• [Issue-7956] - [Digital Ocean] Minor fix to have proper indexing for digital ocean regions @srikiz #8002
• EBS Root Volume Termination @tioxy #7865
• Canal v3.10 manifest for k8s v1.15+ @KashifSaadat #7917
• Fix misleading message in "make ci" when imports formatted incorrectly @johngmyers #8045
• Increase validation test coverage @johngmyers #8039
• Update integration test to cover CloudFormation output of NAT gateways @rifelpet #8053
• Fix CloudFormation template tags for NatGateway @hakman #8051
• Alicloud: fix comparison failures for VSwitch and VSwitchSNAT @bittopaz #8044
• Alicloud: fix comparison failures for RAMRole and RAMPolicy @bittopaz #8043
• Bump cilium version to 1.6.4 @olemarkus #8022
• Add verify-generate to Travis and 'make ci' @johngmyers #8054
• Fix mounting Calico "flexvol-driver-host" in CoreOS @hakman #8062
• Complete support for Flatcar @mazzy89 #7545
• Cloud controller template function @DavidSie #7992
• put kubernetes 1.17.0 to channels @zetaab #8072
• remove unused functions and simplify return str @tanjunchen #7792
• Validate cluster after updating bastions @johngmyers #8074
• Add support for NFT with Calico and Canal @hakman #8076
• Docs: Fix some broken development links @gjtempleton #8075
• Docs: More List fixes @gjtempleton #8092
• Update documentation of go version requirement @johngmyers #8094
• add missing rbac rules @zetaab #8095
• test validateCluster twice to make sure it does not flap @zetaab #8088
• update metrics server image @nothinux #8046
• docs(advanced): fix broken links on doc @pshanoop #8102
• Add test for flapping cluster validation and improve its logging @johngmyers #8105
• some resources upgraded to google provider 3.0 @mccare #8103
• fix-pkg-staticcheck and remove the repeat code @tanjunchen #8035
• dev: hack/update-expected.sh should generate missing file @justinsb #8111
• dev: ignore kops-controller in hack/update-expected.sh @justinsb #8107
• Terraform GCE output: setting google provider to at least 3.0.0 @mccare #8108
• Add test for protokube builder @justinsb,@rifelpet #8112
• channels: bump k8s versions after dec. patch releases @idealhack #8123
• Fix doc(advanced) broken links @pshanoop #8125
• a little change @zehuaiWANG #8127
• fix 404 urls @yuxiaobo96 #8052
• pkg/model pkg/diff pkg/client/:simplify code and remove unused code @tanjunchen #8120
• Cleans up the create cluster CLI prompts @geojaz #8122
• Add kubeconfig flag to validate cluster command @vvbogdanov87 #8110
• Add inf1 isntances @mikesplain #8128
• util/pkg/ upup/tools/ : simplify code and remove unused code @tanjunchen #8121
• Bump COS version in alpha channel for k8s >= 1.16 @justinsb #8116
• Openstack: Fix cluster floating ips @mitch000001 #8115
• Update Calico to v3.10.2 @hakman #8104
• tests: increase timeout in rolling update tests @justinsb,@rifelpet #8139
• Automatically install dependencies with local packages @hakman #8020
• Add support for Containerd container runtime @hakman,@justinsb #7986
• Fix periodic e2e test for Ubuntu 16.04 @hakman #8160
• Latest bazel launcher seems to require a newline at end of .bazelversion @justinsb #8161
• Spotinst: Upgrade the Spotinst controller to version 1.0.50 @liranp #8080
• kops-change-main @zehuaiWANG #8132
• nodeup/pkg/model - fix static check @hakman #8155
• upup/pkg/fi/ upup/pkg/kutil : simplify code and remove code @tanjunchen #8118
• Update kubernetes versions used in integration tests @rifelpet #8173
• Run dns-controller and kops-controller as non-root user @johngmyers #8169
• Fix verify-staticcheck prow job @rifelpet #8182
• protokube/pkg - fix static check @hakman #8165
• Refactor: Add Region() method to fi.Cloud @justinsb #8180
• Remove make command from verify-staticcheck.sh @rifelpet #8189
• GCE: Fix Permission for the Storage Bucket @mccare #8157
• pkg/instancegroups - fix static check @johngmyers #8186
• pkg/resources/aws:simplify code and remove code @Aresforchina #8188
• Update links printed by Kops to use new docs site @rifelpet #8190
• dnsprovider/pkg/dnsprovider - fix static check @hakman #8149
• fix staticcheck failures in pkg/resources @Aresforchina #8191
• Add corresponding unit test to the function in subnet.go. @fenggw-fnst #8195
• Update gcr.io images @justinsb #8197
• pkg/resources-fix staticcheck @k8s-ci-robot,@Aresforchina #8192
• Update Weave Net to version 2.6.0 @bboreham #7898
• Guard External cloud controller manager with its feature flag @mitch000001 #7770
• Always consider spot instance node readiness in cluster validation @johngmyers #8159
• Update support for RHEL 8 @hakman #8164
• Fix upup/tools/generators/pkg/codegen staticcheck failures @johngmyers #8203
• containerd: Use containerd 1.2.4 with Docker 18.09.3 @hakman #8170
• util/pkg/vfs/:staticcheck @tanjunchen #8171
• containerd: Add --container-runtime cli flag @hakman #8172
• Add deprecation warning for older k8s versions @rifelpet #8176
• Add all flag to export cluster command @vvbogdanov87 #8179
• Alicloud: refine Alicloud RAM role policy @bittopaz #8194
• Fix cmd/kops staticcheck failures @johngmyers #8202
• /hack: improve shell script in hack @tanjunchen #8143
• dns-controller: allow it to run on CNI networking mode and remove dependency on kube-proxy @rochacon #8131
• replace TrimRight with TrimSuffix @tanjunchen #8041
• Fix typo in export kubeconfig @vvbogdanov87 #8211
• Fix typo in KubeProxy model @rifelpet #8210
• Fix link printed in k8s version deprecation message @rifelpet #8209
• cilium: don't try to mount sys/fs/bpf if already mounted @justinsb #7832
• Set shared field for volume resource on delete @vvbogdanov87 #8079
• clean up buildDiffLines @zehuaiWANG #8144
• Fix cloudmock/aws/mockelbv2 staticcheck failures @johngmyers #8218
• Fix node-authorizer/pkg/authorizers/aws staticcheck failure @johngmyers #8222
• Fix pkg/resources/openstack staticcheck failure @johngmyers #8223
• Add code simplifications for staticheck @hakman #8232
• util/pkg/slice: Add slice test @q384566678 #8219
• pkg/apis/ pkg/commands/ pkg/model/ staticcheck @tanjunchen #8229
• dnsprovider staticcheck @tanjunchen #8233
• upup/pkg/fi/cloudup/apply_cluster staticcheck @tanjunchen #8231
• staticcheck:remove duplicate import packages @yuxiaobo96 #8225
• cmd/kops/ staticcheck and remove one mom @tanjunchen #8230
• nodeup/pkg/ pkg/ staticcheck: Fix ST1005 @tanjunchen #8234
• upup/pkg/fi/cloudup/ staticcheck: Fix ST1005 @tanjunchen #8236
• Update copyrights for 2020 @johngmyers #8241
• Run Travis verifications in a separate parallel job @johngmyers #8254
• Adding ability to configure resources for weave (#8113) @mmerrill3 #8216
• containerd: Fix tiny nits @hakman #8217
• Custom sysctl Parameters @ripta #7730
• Update mock kops version in integration tests @rifelpet #8258
• Fix protokube osx build @mikesplain #8263
• Fix aws-china.md to download SHA-256 checksums for kops assets @johngmyers #8243
• Fix broken link @johngmyers #8266
• Exclude one Travis osx job @johngmyers #8262
• Support tainting all nodes needing update during rolling update @johngmyers #8021
• Fix RollingUpdate behaviour when using LaunchTemplates for both kops & terraform spec updates @KashifSaadat #8261
• Refactor rolling update tests @johngmyers #8268
• Simplify code for rolling updates of nodes @johngmyers #8239
• Move nodeup to /opt/kops/bin @hakman #8212
• For dev, don't preload docker images on nodes @justinsb #8196
• fixed yum proxy configuration @zadowsmash #7772
• Use non-experimental version of encryption provider config flag in 1.13+ @zacblazic #7900
• Remove DrainAndValidateRollingUpdate feature flag @johngmyers #7909
• staticcheck:modify the import package alias @yuxiaobo96 #8253
• Remove forcing disabled cgos Darwin @joshbranham #7914
• Make /opt/kops writeable on COS @justinsb #8269
• Remove duplicated words @longkb #8277
• nodeup: Add some dependencies for Service @justinsb #8270
• Set CLUSTER_NAME env var on amazon-vpc-cni pods @rifelpet #8274
• containerd: Set a default version even with Kubernetes 1.17 @hakman #8283
• small documentation typo fixes @stratusjerry #8285
• Enable host logging for kops-controller @rifelpet #8204
• Fix unit name for memory request for weave @hakman #8303
• Add wget and nfs-utils deps needed for e2e tests @hakman #8286
• Some Calico doc updates @tmjd #8302
• Remove "pigz" containerd dependency for RHEL/CentOS 7 @hakman #8307
• Replace kubernetes mount code with utils @justinsb #8056
• Stabilize sequence of "export xx=xxx" statements @bittopaz #8247
• upup/pkg/fi-fix staticcheck @Aresforchina #8193
• Build dns-controller using bazel @justinsb #8315
• Don't output empty sections in the manifests @justinsb #8317
• Remove support for Kubernetes 1.8 and earlier @johngmyers #8208
• Improve CIDR validation @johngmyers #8284
• Remove kops-controller deployment @rifelpet #8273
• Remove traces of kops-server @rifelpet #7824
• Add release notes for deleting the kops-controller deployment @rifelpet #8321
• Don't share /etc/hosts when using etcd-manager @justinsb #8322
• Use /opt/cni/bin on all distros (including COS) @justinsb #7833
• Add unit test for func RenderInstanceGroupSubnets in instancegroup.go @fenggw-fnst #8245
• upup/pkg/fi/cloudup/awstasks/ staticcheck @tanjunchen #8235
• Allow CoreDNS to be specified by create cluster overrides @rifelpet #8334
• Allow removed of additionalUserData on bastion @nvanheuverzwijn #8331
• docs(docs/operations) Adding more steps to etcd-manager restore operation to work properly @phspagiari #8337
• Configuration to specify no SSH key @austinmoore- #7096
• Remove code for unsupported Kubernetes versions @johngmyers #8327
• Securing http link to https link @truongnh1992 #8345
• fix author nickName @LinshanYu #8205
• Fix crossbuild-nodeup-in-docker @johngmyers #8343
• Update CentOS 7 AMI @rifelpet #8350
• update gophercloud dependency @zetaab #8346
• Fix DNS loop on Ubuntu 18.04 (Bionic) @hakman #8353
• Add support for weave.npcExtraArgs @ReillyProcentive #8265
• Make /opt/cni/bin writeable on COS @justinsb #8354
• Add shellcheck verification @rifelpet #8328
• Update Terraform resource names to be 0.12 compatible. @rifelpet #7957
• Update dependencies to kubernetes 1.16 @justinsb #8055
• Add unit test for pkg/edit/edit.go @tiendc #8349
• Test package versions as well as hashes @justinsb #8360
• Publish update AMIs into the alpha channel @justinsb #8361
• Allow local filesystem state stores (to aid CI pull-request workflows) @ari-becker #6465
• Add release notes for terraform resource renaming @rifelpet #8364
• Add a warning when using file:// state store @rifelpet #8368
• Update default instance types for AWS @hakman #8282
• update docs: updating kops @nothinux #8358
• Update lyft CNI to v0.5.3 @maruina #8367
• Fix issues with older versions of k8s for basic clusters @hakman #8248
• Backport the k8s 1.9 required action release note @johngmyers #8378
• Change the deleted user to ghost @LinshanYu #8380
• Add Cilium.EnablePolicy back into templates @olemarkus #8379
• Use IAMPrefix() for hostedzone @lazzarello #8366
• Fix scheduler policy configmap args @vvbogdanov87 #8386
• Bump k8s versions in alpha and stable channels @olemarkus #8392
• Enabling JSON output for Terraform instead of writing the HCL syntax … @mccare #8145
• containerd: Add support for tar.gz package @hakman #8199
• CoreDNS default image bump to 1.6.6 to resolve CVE @gjtempleton #8333
• Bump etcd-manager to 3.0.20200116 (#8310) @mmerrill3 #8399
• Remove addons only applicable to unsupported versions of Kubernetes @johngmyers #8318
• Don't load nonexistent calico-client cert when CNI is Cilium @johngmyers #8338
• Edit author name @LinshanYu #8374
• Kops releases - prefix git tags with v @rifelpet #8373
• Support additional kube-scheduler config parameters via config file @rralcala #8407
• Option to increase concurrency of rolling update within instancegroup @johngmyers #8271
• Fix template clusterName behavior @lcrisci #7319
• Update support for Amazon Linux 2 @hakman #8425
• Announce impending removal of v1alpha1 API @johngmyers,@justinsb #8064
• Alicloud: etcd-manager support @bittopaz #8016
• Fixes regression in e2e tests @rralcala #8430
• Release notes for 1.17.0-alpha.2 @justinsb #8438
• Add missing priorityClassName for critical pods @johngmyers #8200
• Release notes for 1.16.0-beta.1 @justinsb #8441
• Release notes for 1.15.1 @justinsb #8442
• Fix typo in comment @longkb #8444

1.18.0-alpha.1 to 1.18.0-alpha.2

• Add an EnvVar type to the API @rifelpet #8455
• Update coredns to 1.6.7 @maruina #8452
• Update godoc.org references to use pkg.go.dev @rifelpet #8460
• docs: trivial fix some typos @truongnh1992 #8450
• Tag EBS volumes when using launch templates with AWS API target @johngmyers #8462
• [DigitalOcean] Add load balancer support for master HA @srikiz #8237
• Cilium - Add missing Identity Allocation Mode to Operator Template @daviddyball #8445
• Stop logging to /var/log/kops-controller.log @justinsb #8467
• Fix typos in cluster_spec.md @hase1128 #8474
• Fix Github download url for nodeup @adri,@justinsb #8468