Significant changes

- Docker version 19.03.11 - CVE-2020-13401 (optional)
- CNI plugins 0.8.6 -
- Calico 3.9.6 - CVE-2020-13597
- Weave Net 2.6.5 -
If upgrading from 1.11 or earlier, please see the notes in previous releases about upgrading through kubernetes 1.12, with the etcd3 upgrade.
A new component runs on the master nodes now: kops-controller. kops-controller currently labels nodes, but will likely perform additional functionality in future releases.

Breaking changes

Please see the notes in the 1.15 release about the apiGroup changing from kops to kops.k8s.io
A controller is now used to apply labels to nodes. If you are not using AWS, GCE or OpenStack your (non-master) nodes may not have labels applied correctly.

Required Actions

Kubernetes 1.9 users will need to enable the PodPriority feature gate. This is required for newer versions of kOps.

To enable the Pod priority feature, follow these steps:

Deprecations

The API is deprecated and will be removed in kops 1.18. Users of will need to supply v1alpha2 resources.

Full change list since 1.15.0 release

1.15.0-alpha.1 to 1.16.0-alpha.1

Update release notes for 1.15.0-alpha.1 #7535
When fast-building, copy a newer version of utils.tar.gz #7536
Bootstrap: protokube labels its own node with node-role label #7537
Update copyright notices #7542
Add a few docs comments on gomod and bazel #7541
Calico update and typha ,@mikesplain
“Force” k8s 1.11.10 @justinsb
Log more sensibly when we can’t get sha256 @justinsb
[Feature] CoreDNS: External CoreFile option @gjtempleton, #7376
Fix gomod errors #7571
Add horizontalPodAutoscalerDownscaleStabilization #7573
Associate subnets to port within OpenStack #7578
Fix kops for us-gov-east-1 #7564 #7565
Promote 1.13 AMI from alpha to stable #7590
Add myself @rifelpet as a reviewer #7587
Fix mkdocs #7591
Add missing OpenStack reference #7567
Fix Dropped Errors in upup #7586
Promote 2019-08-16 AMIs from alpha -> stable #7594
hack/update-expected.sh: mask development env vars #7595
“Force” k8s 1.11.10 in stable channel #7596
add cilium in error message #7601
Clean security groups if api/ssh ips are removed from config #7561
[DO-7442] Digital Ocean add consistent volume and droplet tags for multi master feature #7566
Expose API Server flags needed for AWS pod identities #7610
Add logrotate for etcd/etcd-events.log #7614
Updated container-selinux url to point to the right path ,@mikesplain
Check the HTTP response code when downloading URLs @rifelpet
Update rules_go with some fixes @mikesplain
Change Cilium templates to standalone version @nebril, #7474
Skip Docker install #6957
Add —wait argument to kops validate #7371
Fixed “NeedsUpdate” status of nodes in mixedinstancegroups after rolling update #7445
fix instance name #7641
Use without external router (OpenStack) #7644
Openstack: value if spec does not associate public ips #7649
Updating master IAM policies. #7580
Machine types g4dn #7653
OpenStack: Additional security groups for instances #7581
Add arg min-port=1024 to dnsmasq container in kube-dns #7020
Release notes for 1.13.1 #7666
Pull centos.org packages from the vault #7674
fix-typo #7669
Align AWS and kops validation for spot allocation strategy #7660
Add relnotes for 1.13.2 #7681
Fix some bugs reported by staticcheck #7663
Bump k8s versions in alpha channel #7647
Misleading description for KubeProxy MetricsBindAddress #7672
Fix for tarball image names after 1.16 #7686
Cilium standalone continuation #7646
Limit calico cpu request to 100m #7688
fix-up some spelling mistakes in /pkg #7684
kops-controller #7496
OpenStack: use InstanceGroup zones to populate availability zone #7690
alpha channel: image for 1.15 and general update #7665
Calico: upgrade pod2daemon (only) #7689
Add verify-staticcheck script #7687
Create tools/sha1 and sha256 helpers, simply Makefile #7702
kops-controller version should match version of kops #7700
Publish kops-controller container dump to S3/GCS #7701
Change from float -> resource.Quantity #7708
More staticcheck bugfixes and cleanup #7696
Correct word misspelling #7705
fix-up some spelling mistakes #7704
Add calico 3.9.1 #7694
Allow to use custom rootCAs #7643
cleanup code to cancel some staticcheck warnings #7661
Use helpers to move gzip & sha from makefile to bazel #7703
Update etcd-manager with OpenStack fixes #7710
Update DigitalOcean CCM to v0.1.20 #7714
ineffectual assignment to #7560
remove duplicated entry in notes #7715
docs: fix spelling mistakes #7709
Docs: Adding a doc on how to propose a cherry-pick #7717
relnotes for 1.14.0 #7725
bazel: fix hashes rule to generate outputs #7724
remove the repeat word in docs/authentication.md b/docs/authentication.md #7729
Rollback alpha channels 1.14.7 #7734
Openstack block device mapping support #7652
Update controller-tools and CRDs #7634
Upgrade bazel’s rules_go and rules_docker #7727
simplfy code #7745
fix-up some staticcheck error #7744
nodeup download: try to use compression #7751
Add optional RBE support for kops #7756
Update readme for 1.14 #7757
Add a BAZEL_CONFIG Makefile arg to bazel commands #7758
Memberlist gossip implementation #7521
bazel: comment out shallow_since as fails to build with bazel 1.0 #7771
kOps controller support for OpenStack #7692
Upgrade Amazon VPC CNI plugin to 1.5.4 #7398
Add documentation for updating CRDs when making API changes #7728
Kubelet configuration: Maximum pods flag is miscalculated when using Amazon VPC CNI #7539
Add event ttl flag #7487
docs: document state store configuration #7750
Add artifacts.k8s.io to mirror list #7378
fix-up gosimple check error #7754
fix-up staticcheck error #7755
remove the unnecessary newline and unused vars #7760
Upload dns-controller archive, use in KOPS_BASE_URL #7777
Move kops-controller to use a yaml configuration file #7774
fix(apiserver): allow multiple service-account-key-file #7781
Move kops-controller to daemonset #7783
Change default port for memberlist from 3997 #7778
bazel: remove deprecated stamp attribute from container building #7779
Promote alpha to stable, bump alpha #7795
Fix network changed in openstack ports #7807
Upgrade go version to 1.12.11 #7811
Rename upload command variable in Makefile #7798
fix-up bug in nodeup/pkg/model #7793
fix string trim func in main #7801
Alicloud: add OSS as upload dest #7802
Alicloud: fix status discovery #7804
Alicloud: add hostname override #7803
Alicloud: fix error msg when check hostname #7814
replace slice loop with append for simple and clear #7759
dnsprovider,nodeup: fix static check #7818
pkg: fix static check #7819
Add relnotes for 1.15.0-beta.1 #7797
Docs cleanup / mkdocs migration #7593
Allow for override of CoreDNS version #7794
Add netlify config #7823
Update etcd-manager to 3.0.20191025 #7822
Document eventTTL #7826
use existing network and subnet in OpenStack #7699
fix static check #7831
fix firewalls for OpenStack #7829
Set default image for OpenStack CCM #7773
Add protocol rules to master as well #7834
Fix permalink #7836
Remove extraneous document separator causing failures applying addons #7857
docs(addons): fix broken links #7846
Fix extraneous whitespace in warning message #7869
Revert “Upgrade Amazon VPC CNI plugin to 1.5.4” #7847
mark weavenet-pod as system-critical #7874
increase retry count #7881
awsup: fix shadowed var when looking for etcd cluster name #7868
Add back calico metrics options #7885
Fix kops upgrade cluster link #7887
Fix doc linkages to addons ,@justinsb
Alicloud: remove unnecessary if when evaluateHostnameOverride @bittopaz
Alicloud: split ProviderID with “.” @bittopaz
Fix behavior of mock DescribeAutoScalingGroups when no names supplied @johngmyers
Update “Guide” links for DigitalOcean & OpenStack @jcodybaker
Add ci postsubmit script for pushing images to staging @justinsb
remove the unnecessary break @tanjunchen
[DO-7442] Add gossip cluster implementation for Digital Ocean cloud provider @srikiz
fix-up static-check @tanjunchen
remove myself from OWNERS @andrewsykim
Cleanup make targets @rifelpet
fix golint failures @FayerZhang
Recommend kops 1.11.1 @justinsb
fix-up staticcheck problems @tanjunchen
Add hint how to determine mount path of etcd data @FuriKuri
stable channel: promote default AMIs from alpha -> stable @justinsb
Release notes for 1.14.1 @justinsb

1.16.0-alpha.1 to 1.16.0-alpha.2

Add release notes for 1.16.0-alpha.1 #7896
stable channel: promote kubernetes 1.13.12, 1.14.8 etc #7891
Don’t update first node in instancegroup if cluster fails validation ,@justinsb
add missing priorityClassName to flannel DaemonSet @EladDolev
fix broken links @dj80hd
Fix rendering of the Node Authorizer template @KashifSaadat
Fix fork bomb in Makefile @johngmyers
Unhide docs make logging @mikesplain
Upgrade AWS VPC CNI to 1.5.5 @rifelpet
Correct spelling mistakes @yuxiaobo96
Update vendoring documentation for go modules @rifelpet
Remove duplication and update release details @mikesplain
Updated documentation on how to move from single to multi master @mccare
Create PodDisruptionBudget for kube-dns in kube-system namespace @hakman
Add support for newer Docker versions @hakman
Machine types updates @mikesplain
fix 404 urls in docs @tanjunchen
Fix generation of documentation /sitemap.xml file @aledbf
kOps site link @mikesplain
Fix netlify mixed content @mikesplain
Fix goimports errors @rifelpet
Upate Lyft CNI to v0.5.1 @maruina

Complete support for Flatcar @mazzy89
Fix mounting Calico “flexvol-driver-host” in CoreOS @hakman
fix(openstack): fix additional security groups on instance groups @mitch000001
Cloud controller template function @DavidSie
Add CapacityOptimized to list of supported spot allocation strategies @gjtempleton
Add inf1 isntances @mikesplain
Openstack: Fix cluster floating ips @mitch000001
[Issue-7870] kops controller support for digital ocean @srikiz
Fix Handling of LaunchTemplate Versions for MixedInstancePolicy @granular-ryanbonham
Bump cilium version to 1.6.4 @olemarkus
Update copyrights for 2020 @johngmyers
cilium: don’t try to mount sys/fs/bpf if already mounted @justinsb
Fix protokube osx build @mikesplain
Add deprecation warning for older k8s versions @rifelpet
Remove kops-controller deployment @rifelpet
Promote peter & ryan & zetaab to approvers @justinsb
Fix crossbuild-nodeup-in-docker @johngmyers
Add release notes for deleting the kops-controller deployment @rifelpet
Configuration to specify no SSH key @austinmoore-
Set CLUSTER_NAME env var on amazon-vpc-cni pods @rifelpet
Don’t output empty sections in the manifests @justinsb
Fix issues with older versions of k8s for basic clusters @hakman, #8248
Backport the k8s 1.9 required action release note #8378
Fix scheduler policy configmap args #8386
Use IAMPrefix() for hostedzone #8366
Add Cilium.EnablePolicy back into templates #8379
CoreDNS default image bump to 1.6.6 to resolve CVE #8333
Don’t load nonexistent calico-client cert when CNI is Cilium #8338
kOps releases - prefix git tags with v #8373
EBS Root Volume Termination #7865
Announce impending removal of v1alpha1 API #8064
Add missing priorityClassName for critical pods #8200

1.16.0-beta.1 to 1.16.0-beta.2

Fix Github download url for nodeup @adri, #8468
GCS: Don’t try to set ACLs if bucket-policy only is set #8493
Alicloud: allow use RAM role for OSS client #8025
Cilium - Add missing Identity Allocation Mode to Operator Template #8445
Make it possible to enable Prometheus metrics for Cilium #8433
Update cilium to 1.6.6 #8484

1.16.0-beta.2 to 1.16.0

Stabilize sequence of “export xx=xxx” statements @bittopaz
Add events RBAC permissions to kops-controller @rifelpet
Update AWS IAM Authenticator to 0.5.0 @rifelpet
Update IAM permissions for amazon-vpc-cni-k8s 1.6.0 @rifelpet
Update amazon-vpc-cni-k8s to v1.6.0 @hakman
Switch AWS IAM Authenticator to use non-scratch image @rifelpet
Fix DNS loop on Ubuntu 18.04 (Bionic) @hakman
Revert update of AWS IAM Authenticator to 0.5.0 for 1.16 @rifelpet
add s3 region @zetaab
Update coredns to 1.6.7 @maruina
Cilium fix bpffs check @olemarkus
Fix periodic e2e test for Ubuntu 16.04 @hakman

Add indent template function and use it to fix KubeDNS.ExternalCoreFile rendering @rochacon
Bump Cilium to 1.7 for k8s 1.12+ @olemarkus
Implementing audit dynamic configuration (#7392) @mmerrill3
Revert “Automated cherry pick of #8589: Bump Cilium to 1.7 for k8s 1.12+ #8591: Fix typo in the cilium default version” @olemarkus
Use latest patch release for Calico, Canal and Cilium @hakman
Fix uploading of file assets @johngmyers
Tag EBS volumes when using launch templates with AWS API target @johngmyers, #8462
Fix RollingUpdate behaviour when using LaunchTemplates for both kops & terraform spec updates ,@qqshfox
Enable stamping on bazel image builds @rifelpet
Update lyft CNI to 0.6.0 @maruina
Remove support for Docker 1.11, 1.12 and 1.13 @hakman
Fix kuberouter for k8s 1.16+ @UnderMyBed, #8697
Fix tests for obsolete Docker versions in 1.16 #8890
Load the correct certificate before deleting #8945
Use non-experimental version of encryption provider config flag in 1.13+ #7900

1.16.1 to 1.16.2

Add support for Ubuntu 20.04 (Focal) @hakman
feat(openstack): propagate cloud labels to machines @mitch000001
Back-port well known owner aliases and SSH users to 1.16 @hakman
Use Ubuntu 18.04 Docker packages for Ubuntu 20.04 setups @hakman
Make cilium operator health check go against localhost IP @olemarkus
Update to etcd-manager 3.0.20200428 @justinsb

1.16.2 to 1.16.3

Revert “Automated cherry pick of #8999: feat(openstack): propagate cloud labels to machines” #9089
Reduce the number of TravisCI jobs for release branch #9081
Fix zsh completion #9108
Allow cluster maintenance when channel is unavailable #9053
Upgrade amazon vpc cni to 1.6.1 #9020
Use systemd-timesyncd for Ubuntu 20.04 #9182
Remove all versions of a file from the S3 bucket #9171
Allow listing versions for objects in the S3 bucket #9205

Update etcd-manager to 3.0.20200531 #9237
Use CNI 0.8.6 for Kubernetes 1.15+ #9256
Use Docker 19.03.11 for Kubernetes 1.17+ #9314
Fix missing changes in Weave manifest #8965
Update Weave Net to 2.6.5 #9330
Update Calico for CVE-2020-13597 #9331