Significant changes

  • The default instance type for AWS has been changed to t3.medium. This should provide better performance and reduced costs in clusters where the average CPU usage is low.

  • Support for has been added.

Breaking changes

  • Support for Docker versions 1.11, 1.12 and 1.13 has been removed because of the . Those affected must upgrade to a newer Docker version.

  • Terraform users on AWS may need to rename some resources in their state file in order to prepare for future Terraform 0.12 support. See Required Actions below.

  • Please see the notes in the 1.15 release about the apiGroup changing from kops to kops.k8s.io

Required Actions

  • Terraform users on AWS may need to rename resources in their terraform state file in order to prepare for future Terraform 0.12 support. Terraform 0.12 . In kOps, both the default route and additional VPC CIDR associations are affected. See #7957 for more information.
  • The default route was named and will now be named aws_route.route-0-0-0-0--0.
  • Additional CIDR blocks associated with a VPC were similarly named the hyphenated CIDR block with two hyphens for the /, for example aws_vpc_ipv4_cidr_block_association.10-1-0-0--16. These will now be prefixed with cidr-, for example aws_vpc_ipv4_cidr_block_association.cidr-10-1-0-0--16.

To prevent downtime, follow these steps with the new version of kOps:

  • Kubernetes 1.9 users will need to enable the PodPriority feature gate. This is required for newer versions of kOps.

To enable the Pod priority feature, follow these steps:

  1. kops edit cluster
  2. # Add the following section
  4.   kubelet:
  5.     featureGates:
  6.       PodPriority: "true"
  • If either a kOps 1.17 alpha release or a custom kOps build was used on a cluster, a kops-controller Deployment may have been created that should get deleted because it has been replaced with a DaemonSet. Run kubectl -n kube-system delete deployment kops-controller after upgrading to kOps 1.17.0-alpha.2 or later.

Deprecations

  • Support for Kubernetes releases prior to 1.9 is deprecated and will be removed in kops 1.18.

  • The kops/v1alpha1 API is deprecated and will be removed in kops 1.18. Users of kops replace will need to supply v1alpha2 resources.

  • Support for Ubuntu 16.04 (Xenial) has been deprecated and will be removed in future versions of kOps.

  • Support for CoreOS has been deprecated and will be removed in future versions of kOps. Those affected should consider using Flatcar as a replacement.

  • Support for the “Legacy” etcd provider has been deprecated. It will not be supported for Kubernetes 1.18 or later. To migrate to the default “Manager” etcd provider see the .

  • The default StorageClass gp2 prior to kOps 1.17.0 is no longer the default, replaced by StorageClass .

Known Issues

  • kOps 1.17.0-beta.1 included an update for AWS IAM Authenticator to 0.5.0. This version fails to use the volume mounted ConfigMap causing API authentication issues for clients with aws-iam-authenticator credentials. Any cluster with spec.authentication.aws defined according to the without overriding the spec.authentication.aws.image is affected. The workaround is to specify the old 0.4.0 image with spec.authentication.aws.image=602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-iam-authenticator:v0.4.0. For the 1.17.0 release, this change was rolled back, and the AWS IAM authenticator defaults to version 0.4.0

  • kOps 1.17.0 includes a new StorageClass kops-ssd-1-17 which is set as the default via the annotation "storageclass.beta.kubernetes.io/is-default-class":"true". If you have modified the previous gp2 StorageClass, it could conflict with the defaulting behavior. To resolve, patch the gp2 StorageClass to have the annotation , which aligns with a patch to kOps 1.17.1 as well. kubectl patch storageclass.storage.k8s.io/gp2 --patch '{"metadata": {"annotations": {"storageclass.beta.kubernetes.io/is-default-class": "false"}}}'

Full change list since 1.16.0 release

1.16.0-alpha.1 to 1.17.0-alpha.1

  • Add release notes for 1.16.0-alpha.1 @justinsb
  • stable channel: promote kubernetes 1.13.12, 1.14.8 etc @justinsb
  • Don’t update first node in instancegroup if cluster fails validation @johngmyers, #7872
  • add missing priorityClassName to flannel DaemonSet #7842
  • fix broken links #7901
  • Fix rendering of the Node Authorizer template #7916
  • Fix fork bomb in Makefile #7935
  • Unhide docs make logging #7936
  • Upgrade AWS VPC CNI to 1.5.5 #7938
  • Correct spelling mistakes #7922
  • Fix flannel CNI version to use 0.2.0 #7924
  • Update vendoring documentation for go modules #7937
  • Remove duplication and update release details #7939
  • Updated documentation on how to move from single to multi master #7439
  • Create PodDisruptionBudget for kube-dns in kube-system namespace #7856
  • Add support for newer Docker versions #7860
  • Machine types updates #7947
  • fix 404 urls in docs #7943
  • Fix generation of documentation /sitemap.xml file #7949
  • kOps site link #7950
  • Fix netlify mixed content #7953
  • Fix goimports errors #7955
  • Upate Lyft CNI to v0.5.1 #7402
  • Add relnotes for 1.16.0-alpha.2 #7962
  • Bump version of alpha #7963
  • Add relnotes for 1.15.0 #7964
  • Update feature flag documentation #7969
  • Bazel upgrade #7933
  • Upgrade AWS SDK #7972
  • Fix panic when ssh key not exists on digitalocean #7941
  • Upgrade go to 1.13 #7973
  • Put kubernetes 1.17.0-beta.2 into channels #7982
  • Update compatibility matrix #7984
  • Promote peter & ryan & zetaab to approvers #7983
  • upgrade the time api #7910
  • sysctls.go: Fix some comments #7923
  • Ignore devcontainer for vscode remote-containers #7987
  • Dont run travis with Go 1.11 #7988
  • Change doc cross-references from absolute to relative links #7907
  • Correct link error:404 #7954
  • Update apiVersion in docs and tests #7906
  • [aws-iam-authenticator] Docs - Steps to disable DaemonSet Temporarily #7926
  • Add indent template function and use it to fix KubeDNS.ExternalCoreFile rendering #7979
  • fix golint failures #7894
  • [Issue-7870] kops controller support for digital ocean #7961
  • cleanup whitespace in root.go #7997
  • Run goimports from locked version in go.mod #7998
  • Remove note about 1.15 not being released #8000
  • fix(openstack): fix additional security groups on instance groups #8004
  • DOCS: fix simple typo in readme #8005
  • Spotinst: Upgrade the Spotinst SDK to version 1.36 #8003
  • Release 1.17.0-alpha.1 #7985

1.17.0-alpha.1 to 1.17.0-alpha.2

  • Fix mounting Calico “flexvol-driver-host” in CoreOS @hakman
  • Cherry-pick #8074 to release-1.17 @johngmyers
  • Bump cilium version to 1.6.4 @olemarkus
  • Complete support for Flatcar @mazzy89
  • Canal v3.10 manifest for k8s v1.15+ @KashifSaadat, #7917
  • Cherry pick #8095 #8096
  • test validateCluster twice to make sure it does not flap ,@johngmyers
  • Add inf1 isntances @mikesplain
  • Add CapacityOptimized to list of supported spot allocation strategies @gjtempleton
  • Update Calico to v3.10.2 @hakman
  • Openstack: Fix cluster floating ips @mitch000001
  • cilium: don’t try to mount sys/fs/bpf if already mounted @justinsb
  • Update copyrights for 2020 @johngmyers
  • Fix protokube osx build @mikesplain
  • Set CLUSTER_NAME env var on amazon-vpc-cni pods @rifelpet
  • Add deprecation warning for older k8s versions @rifelpet
  • Remove kops-controller deployment @rifelpet
  • Don’t output empty sections in the manifests @justinsb
  • Cloud controller template function @DavidSie
  • Configuration to specify no SSH key @austinmoore-
  • tests: increase timeout in rolling update tests @justinsb
  • Fix crossbuild-nodeup-in-docker @johngmyers
  • update gophercloud dependency @zetaab
  • Update Terraform resource names to be 0.12 compatible. @rifelpet
  • Allow local filesystem state stores (to aid CI pull-request workflows) @ari-becker, #6465
  • Fix issues with older versions of k8s for basic clusters #8248
  • Use IAMPrefix() for hostedzone #8366
  • Fix scheduler policy configmap args #8386
  • Add Cilium.EnablePolicy back into templates #8379
  • Bump etcd-manager to 3.0.20200116 (#8310) #8399
  • CoreDNS default image bump to 1.6.6 to resolve CVE #8333
  • Don’t load nonexistent calico-client cert when CNI is Cilium #8338
  • kOps releases - prefix git tags with v #8373
  • EBS Root Volume Termination #7865
  • Alicloud: etcd-manager support #8016
  • Add missing priorityClassName for critical pods #8200
  • Alicloud: allow use RAM role for OSS client #8025
  • Update coredns to 1.6.7 #8452
  • Fix Github download url for nodeup ,@justinsb

1.17.0-alpha.3 to 1.17.0-alpha.4

  • Cilium - Add missing Identity Allocation Mode to Operator Template #8445
  • Revert “Update coredns to 1.6.7” #8502
  • GCS: Don’t try to set ACLs if bucket-policy only is set #8493
  • Make it possible to enable Prometheus metrics for Cilium #8433
  • Update cilium to 1.6.6 #8484

1.17.0-alpha.4 to 1.17.0-beta.1

  • Stabilize sequence of “export xx=xxx” statements @bittopaz
  • Add events RBAC permissions to kops-controller @rifelpet
  • Fix DNS loop on Ubuntu 18.04 (Bionic) @hakman
  • Update AWS IAM Authenticator to 0.5.0 @rifelpet
  • Update amazon-vpc-cni-k8s to v1.6.0 @hakman
  • Update IAM permissions for amazon-vpc-cni-k8s 1.6.0 @rifelpet
  • Switch AWS IAM Authenticator to use non-scratch image @rifelpet
  • add s3 region @zetaab
  • Update coredns to 1.6.7 @maruina
  • Cilium fix bpffs check @olemarkus
  • Fix periodic e2e test for Ubuntu 16.04 @hakman
  • Bump Cilium to 1.7 for k8s 1.12+ @olemarkus
  • Custom sysctl Parameters @ripta
  • Automatically install dependencies with local packages @hakman
  • Add support for custom env vars in amazon-vpc-cni @rifelpet
  • Update Calico and Canal to v3.12.0 @hakman
  • Revert AWS IAM Authenticator Update in release-1.17 @rifelpet
  • Update default instance types for AWS @hakman
  • Implementing audit dynamic configuration (#7392) @mmerrill3
  • amazon-vpc-routed-eni env variable config @mikesplain
  • Fix uploading of file assets @johngmyers
  • Create New Default StorageClass: kops-ssd-1-17 @joshbranham
  • Set kube-proxy-replacement to partial @olemarkus
  • Allow configuration of enable-remote-node-identity @olemarkus
  • Make cilium operator health check go against localhost IP @olemarkus
  • Tag EBS volumes when using launch templates with AWS API target @johngmyers, #8462
  • Update lyft CNI to 0.6.0 #8757
  • Fix Handling of LaunchTemplate Versions for MixedInstancePolicy ,@KashifSaadat, #8038
  • Enable stamping on bazel image builds #8835
  • Add support for Docker 19.03.8 in kOps 1.17 #8845
  • Remove support for Docker 1.11, 1.12 and 1.13 #8855
  • Fix kuberouter for k8s 1.16+ ,@hakman
  • Fix tests for obsolete Docker versions in 1.17 @hakman
  • Add CloudLabels tags to additional AWS resources @rifelpet
  • Canal v3.13.1 @KashifSaadat, #8795
  • Add support for Ubuntu 20.04 (Focal) #8727
  • Fix CloudFormation template tags for NatGateway #8051
  • Remove irrelevant TODO comment from userdata #8936
  • Load the correct certificate before deleting #8945
  • Enabling JSON output for Terraform instead of writing the HCL syntax … #8145
  • Use non-experimental version of encryption provider config flag in 1.13+ #7900
  • feat(openstack): propagate cloud labels to machines #8999
  • cherry pick of #8967 upstream release 1.17 #8979
  • Update Calico and Canal to latest patch versions #8961
  • Upgrade AWS SDK ,@MoShitrit
  • Bump cilium to 1.7.2 @olemarkus
  • Back-port well known owner aliases and SSH users to 1.17 @hakman
  • Use Ubuntu 18.04 Docker packages for Ubuntu 20.04 setups @hakman
  • Update to etcd-manager 3.0.20200429 @justinsb
  • Bump cilium to 1.7.3 @olemarkus
  • Adding ability to configure resources for weave (#8113) @mmerrill3, #8216
  • Update Weave Net to version 2.6.0 ,@hakman

1.17.0-beta.2 to 1.17.0

  • Allow cluster maintenance when channel is unavailable #9053
  • Added support for configuring disable-attach-detach-reconcile-sync in… ,@hakman
  • Revert “Automated cherry pick of #8999: feat(openstack): propagate cloud labels to machines” @zetaab
  • manual cherry-pick #8994 into 1.17. @michalschott
  • Disable TX checksum offload for Flannel VXLAN @hakman
  • Use Ubuntu 18.04 Docker 19.03.8 packages for Ubuntu 20.04 @hakman
  • kube-apiserver: healthcheck via sidecar container @justinsb
  • Reduce the number of TravisCI jobs for release branch @hakman
  • EnsureFileOwner: cleanup logic @justinsb
  • kube-apiserver-healthcheck: actually enable on 1.17 @justinsb
  • Fix zsh completion @olemarkus
  • Add EC2 Instance LifeCycle label @atmosx
  • Upgrade amazon vpc cni to 1.6.1 @rifelpet
  • Cherrypick 8402 release 1.17 @rdrgmnzs
  • Revert “Add EC2 instance lifecycle label to nodes” @johngmyers
  • [Issue-7956] - [Digital Ocean] Minor fix to have proper indexing for digital ocean regions @srikiz
  • [DigitalOcean] Add load balancer support for master HA @srikiz
  • Use systemd-timesyncd for Ubuntu 20.04 @hakman
  • Update etcd-manager to 3.0.20200527 @justinsb
  • Update DigitalOcean cloud-controller-manager to v0.1.24 @timoreimann
  • Use debian as default image for DO images @srikiz
  • Refactor: Add Region() method to fi.Cloud @justinsb, #8180
  • Remove all versions of a file form the S3 bucket #9171
  • Allow listing versions for objects in the S3 bucket #9205

1.17.0 to 1.17.1

  • Update etcd-manager to 3.0.20200531 @hakman
  • [Digital Ocean] Update RBAC for DO CCM @srikiz
  • Update Calico and Canal for CVE-2020-13597 @hakman
  • Update Weave for CVE-2020-13597 @hakman
  • Use CNI 0.8.6 for Kubernetes 1.15+ @hakman
  • Use Docker 19.03.11 for Kubernetes 1.17+ @hakman
  • Update Weave Net to 2.6.5 @hakman
  • Update default users for kubeconfig with supported distros @hakman, #8798
  • Bump cilium to 1.7.5 #9367
  • Bug: Explicitly set default StorageClass to support upgrades #9337
  • Add support for c5a aws ec2 instance types #9386
  • Fix: dns-controller: 3999 port address already in use #9404
  • Use fixed UID for etcd user and restrict to legacy provider #9581
  • fixes(openstack): auth problem for kops-controller #9659