Significant changes

New features

Support for kubernetes 1.11
Support using existing/shared AWS Security Groups
Support for more AWS instance types (r5, r5d, z1d, t3, f1.4xlarge, p3dn.24xlarge)
Addon updates (weave, dashboard, heapster, cluster-autoscaler, canal, coredns, cilium, aws-vpc-cni, lyft-vpc-cni, calico, kopeio-networking)
Allow users to opt-in to etcd-manager
More secure default settings when running kubernetes >= 1.11 (e.g. kubelet anonymous auth disabled)
Improved GCE & OpenStack support, experimental support for SpotInst

Required Actions

Full change list since 1.10.0 release

Move alpha channels to stable and update alpha #5493
Update stable channel to recommend latest kubernetes #5500
Put new kops versions into channels #5501
Add authentication-token-webhook-cache-ttl flag to kubelet config #5508
Add ssh user to kops toolbox dump #5511
makefile: tweaks to push & run targets #5515
kops set: fix example #5516
Docker installation from tar.gz #5517
Add new instance types r5, r5d, z1d #5529
add wider tolerations to the kube-router daemonset #5525
Some tweaks around IAM additional policies #5536
Add HACK_UPDATE_EXPECTED_IN_PLACE for cloudformation output #5535
Fix typo in comment #5534
Check errors when parsing JSON on IAM policies #5533
amazon-vpc-routed-eni cloudprovider check #5540
Add error handling for failed deletion of tempfiles #5543
Validate IAM additionalPolicies #5541
Add missing error handling when reading stdin #5542
Add error handling (logging) when we fail to close a file #5544
Fix api-gen-docs dependencies #5507
Parallel bazel crossbuild kops #5523
Load client-auth plugins #5513
one word change to docs grammar tense issue ran -> run #5546
Spell Fix: Fixing spelling of “Kubernetes” in doc #5550
Remove GetAsgForInstance IAM permission #5566
Don’t set kube-proxy cluster-cidr with aws-vpc-cni #5579
Move CloudProviderID consts into a block
Fix cpu unit measurement @asosso
Node Authorizer Prometheus Metrics @gambol99
Add AWS IAM permission to check for volume resize @KashifSaadat
Add amazon.com image owner alias and Amazon Linux 2 documentation @Pharb
make dep-ensure checks that mercurial is installed @justinsb
Ability to configure --node-cidr-mask-size into @robermorales
fix typo @fqsghostcloud
Update install.md @fqsghostcloud
Don’t assume that we only have one subnet per AZ @justinsb
Fix additional security groups changes on api lb @mikesplain
fix name of demo-app-v2 @fqsghostcloud
Enable weave network encryption for k8s 1.6 @Andrey9kin
Bump Weave Net to v2.4.0 #5552
Create ExperimentalClusterDNS feature flag #5610
weave: bump version for 2.3.0 #5618
Validate that require-kubeconfig is not passed after 1.10 #5621
Docs for policy to do cross account state store in s3 #5622
DigitalOcean: don’t try to set SSE #5625
Remove _kubernetes_master tag #5623
Update CoreDNS deployment #5608
Add DEBUGGABLE option to Makefile to compile debuggable bins
Add changelog to release notes for 1.10 @justinsb
Update README.md @wangxy518
Fix build: prevent verify-misspelling failing on releases @Mikulas
Update readme compatibility matrix for 1.10 @mikesplain
Bump channels for 1.10.0 @mikesplain
Upgrade DigitalOcean CCM to v0.1.7 @andrewsykim
add kube-proxy hostname override @andrewsykim
Create getting started with OpenStack doc #5637
Update route53api.go #5648
AWS VPC Daemonset Correctly Tolerate Node Taints #5654
Added // restore // guide to single-to-multi-master.md #5580
Update alpha channel with images for foreshadow #5657
Basic validation for imagetype for NVME enabled instances #5660
Apply cloud labels into ELB #5593
Cherry-pick release 1.10.0 commit #5665
Promote kubernetes versions from alpha -> stable #5663
Fix codegen make target
Push latest k8s versions to alpha channel @justinsb
Added myself to SECURITY_CONTACTS @geojaz
Fixes go vet complain in package upup/pkg/fi/cloudup/awstasks @wingyplus
Update machine_types.go to support T3 family @wanghanlin
Change vendored weave mesh to use hash keys by default @justinsb
Add etcd volumeSize docs @mikesplain
Fix a typo: ectd->etcd @AdamDang
add flag +ExperimentalClusterDNS in docs @rekcah78
Adding kubernetes/dashboard v1.10.0 for K8S >=1.10.0 @schweizerbolzonello
updated image versions and deployment instructions for the nginx-ingress addon @kanolato
Update CoreDNS version and manifest @rajansandeep
Vendor servergroup module from gophercloud #5678
Make chrisz100 a reviewer for kops #5716
OpenStack: enable cluster state deletion
OpenStack: vendor schedulerhints #5732
lifecycle tests: check no legacy tags on shared resources #4797
Refactor tables package to be more reusable #5565
Fix suspendprocess #5503
Fixes go vet complains #5686
correct 8 spell errors #5740
correct spell errors in ‘docs/cluster_spec.md’ #5739
--output json added to aws #5742
Use appropriate log level for KOPS_STATE_S3_ACL debug message #5726
Update k8s-ec2-srcdst to v0.2.2 #5746
Add elasticloadbalancing:DeregisterTargets permission to master policy #5752
Typo fix: bellow -> below #5764
Update README.md #5769
Machine type generator #5553
Explicitly install conntrack #5745
Don’t unset AWS_PROFILE in Makefile #5784
machine-type generator: go vet fixes #5787
typo fixes in stable for ci verify jobs #5737
Fix interactive rolling update silently ignored #5642
Add Docker 18.06.1 for Debian Stretch #5758
Update iaminstanceprofile.go #5641
Recognize ubuntu images in sshUser dumping #5796
Added documentation for Api server LB Certificate #5793
Move verify-spelling to script, install from vendor #5785
Protect against panic when networking is not set #5801
Cni toleration for tainted nodes #5804
Fix bazel cross platform #5799
Addon update heapster #5199
Amazon VPC CNI: Kubernetes 1.8+ Manifests #5290
Add hook option to install manifest as a hook unmodified #5106
Add rdrgmnzs as a reviewer to owners file. #5813
Support for deletion of aws resources albs nlbs during delete #5635
dns-controller: allow configuring DNS update interval
Avoid using which, CoreOS doesn’t always have it @justinsb
Start release notes for 1.11 @justinsb
Generate live project documentation using mkdocs and gh-pages @aledbf, #5085
Fix a typo in usage of server.go #5811
Bazel Rules go 0.14 #5481
Update gazelle for concurrent PR changes #5819
Add test for etcd-manager output #5547
Delete nodes from k8s api during rolling-update #5794
Update golang version to 1.10.3, for k8s 1.11 #5817
Prune some broken files out of vendor #5821
Field names are case-sensitive again #5828
Run dep to add missing new aws dependencies for elbv2 #5822
Tweak machine_types generator to match our existing values #5783
Fixes spurious LoadBalancer change when using ACM Certificate #5814
Revert “Apply cloud labels into ELB” #5834
Fix markdown typo #5838
Node Authorizer Fixes #5841
Update HPA docs #5842
Add clarity to AWS IAM Authenticator documentation #5843
ECU fixes and add f1.4xlarge #5844
Update to k8s 1.11 libraries, fix code #5823
Fix minor typo. #5849
copy path on kops-server-build #5719
cluster-autoscaler.yaml for 1.10 #5741
Controller Manager Flag #5855
Allow using existing/shared Security Groups #5744
etcd: introduce field to specify whether we are using etcd-manager or legacy mode #5820
Follow on for #5744 #5862
Remove last vestiges of _vendor directory #5865
Stop cloudformation output switching to literal quotes #5857
doc: Trivial spelling change #5861
Node mode controllers #5867
Node Authorizer Fixes #5868
Fix broken url in CONTRIBUTING.md #5853
doc: fix minor typo in the terraform doc #5860
Mirror secrets using API #5858
Fix mis-typing in documentation #5859
Generate much smaller keys in integration tests #5869
Don’t override name of ELB API SecurityGroup #5863
Fix a few typos. #5872
Fix mis-typings in docs #5879
Fix mis-typings in documentation. #5878
Add no_masq_local to weave network options. #5812
propagate error when initializing digitalocean provider #5894
Fixed duplicate info
Small typo fix @AdamDang
Grammar mistakes @yjl-lgx, #4687
add support for max-mutating-requests-inflight parameter #5832
Fix mis-typings in docs #5887
Fix some typos #5882
Fix typos issues #5885
Fix typos issues in upup files #5886
Fix mis-typings in docs #5888
Fix broken link to etcd 2 documentation #5889
Update create-cluster arg help #5896
fix network.md #5900
fix install.md #5901
Removed misleading comment about metav1 #5898
add targetRamMb to kubeAPIServer spec #5890
Fix mis-typing in CLI command documentations #5854
alpha-channel: Use stretch by default for k8s 1.11 on AWS #5897
Fix cloudmock to pass govet #4949
Update Weave Net to version 2.4.1 #5845
fix typo: remove duplicate words #5883
Add default S3 encryption example #5884
fix service name #5899
Canal Manifest Fix (Kubernetes >= v1.12.0) #5910
Update weave bootstrapchannelbuilder version #5903
fix some typos #5909
Google Cloud Storage md5 decoding fix #5906
If don’t use formatted output,fix logging calls #5911
Promote kubernetes versions from alpha to stable #5913
alpha channel: update with latest kubernetes versions #5914
Recognize shasum format for hashes #5893
fix typo in comment #5915
Optimize kops get cluster with a cluster name #5920
Service Address Check #5923
s3: lazy-evaluate encryption policy #5921
Fixed node-authorizer systemd Unit paths #5918
fix some typos #5924
Disable RBAC Addon’s in Node Mode #5925
added possible state store vendors to documentation #5931
Fix documents issue #5943
Canal v3 #5927
fix small typos in security.md #5942
Fix typos in files #5944
New integration: Spotinst #5922
Ensure we parse k8s versions through 1.16 #5948
IPVS Options #5935
Promote AMIs from alpha -> stable #5947
add EnableNodeAuthorization in the list of experimental features #5953
Fix broken url in documentation #5957
Delete duplicate ‘be’. #5963
Fix grammatical error in the warning message #5951
Add suggested alias for bazelrc import location #5966
Fix the typos #5972
Switch CI to bazel #5974
Fix nsenter mounter in protokube #5970
Use hostPID: true with etcd-manager #5969
terraform: Fix resource formatting for IPv6 CIDRs #5979
Correct Spelling of “kubernetesVersion” #5928
Add support for cn-northwest-1c. #5956
Remove excess Spaces #5981
More CNI toleration for tainted nodes. #5946
Fixed issue when specifying ACM cert and no load balancer is defined #5971
fix typo in comments #6001
Clarify license statement for nvidia-bootstrap hook #6006
fixed MIN_NODES missing closing bracket #5996
fix typo in log #6002
Mount etc-hosts in calico-kube-controller #5950
Bump CoreDNS version to 1.2.4 and update manifest #5985
cilium: Fix Prometheus serve addr flag #5987
Add stdin input for secrets #5993
Separate subnet utils into a standalone package #6004
Fixed missing closing bracket around MIN_NODES #5870
Update v0.19.0.yaml #5997
Change the wrong function name and wrong word #6018
Prune some license files that dep added #6019
Fix s3 encryption role #6039
Fix indentation for monitoring-standalone addon #6032
Canal v3.3.0 for Kubernetes v1.12+ #6037
Correct the table format in upgrade_from_kubeup.md #6023
Update Weave Net to version 2.5.0 #6043
Change “if” -> “if and only if” to make more clear #6041
Spotinst: Attempt to find a Security Group even without a VPC ID #6030
fix some typos #6013
Fix blog link #6022
Bump kopeio-networking to latest version #6010
Spotinst: Do not log unmatched groups as warning messages #6025
5700: Add command line flag for disabling Subnet ELB tags @seanson
Fix some typos @mooncak
Fix some typos in files @mooncak
Detail Calico BGP route reflector requirements @Vlaaaaaaad
coredns should not be running on master by default @bhegazy
Document etcd volume options + fail fast if ratio is too high @Vlaaaaaaad
Spotinst: Skip the creation of LoadBalancerAttachment tasks if Spotinst is enabled @liranp
Calico v3 upgrade @tmjd
Update Calico to v3.3.1 @caseydavenport
delete some code @xichengliudui
Adding describe launch config to autoscaler permissions @brosander
Remove trailing comma from k8s-1.7-v3.yaml.template @Smirl
Updating image and docs for metrics-server add-on @Cryptophobia
Updates to roadmap for 1.11 and 1.12 and new upcoming features section (WIP) @geojaz
Update amazon-vpc-routed-eni to v1.2.1 @adammw
Request AWS ASGs in batches @KierranM
Typo fix: Deploy -> Deploying @JoeWrightss
Use a single command in Linux install instructions @jbowes
autoscaler setup: Use set -e to stop execution if errors are encountered @eherot
Typo fix “api server” -> “API server” @JoeWrightss
increase docker-healthcheck respose timeout @tatobi
Bump version of amazon-vpc-cni in bootstrapchannelbuilder @justinsb
Fix typo in CRD: singuar @justinsb
add SSL certificate ARN to Terraform output @j00p34
Add flag to disable Basic Auth. @fernandocarletti
Update machine types @justinsb
Implemented Nvidia DevicePlugin GPU Support on AWS @dcwangmit01
Setting the manifest directory when it is required by kubelet @mmerrill3
Update CoreDNS version to 1.2.6 @rajansandeep
Fix typos: dnsmaq -> dnsmasq, mutiple -> multiple @SataQiu
Document how to create a custom addon @thrawny
[monitoring-standalone] Add kubernetes 1.7 version @tuannvm
Cni ipvlan vpc k8s support @polarbizzle
Node Authorizer Recovery Middleware @gambol99
Fix log warning info @gaozhenhai
Set a on logrotate configs on CoreOS @ripta
Mention about possible state store vendors in error message @nak3
kops set: support for enableEtcdTLS and enableTLSAuth @justinsb
feat(cmd/kops/create_cluster): default to kubelet.anonymousAuth false on k8s versions >=1.10 @jaredallard
Create separate certificate for etcd peer authentication @justinsb
Set MaxPods when using Amazon VPC CNI Plugin @sethpollack, #6058
Automated cherry pick of #6128: Update amazon cni to 1.3.0 #6132
Automated cherry pick of #6156: Fix Calico upgrade job to use the correct version #6159
Automated cherry pick of #6129: feat: bump controller version to 1.0.18 #6143
Automated cherry pick of #6175: Fix for when node and master use the same SG. #6176
Add a1 and c5n instance types #6117
Automated cherry pick of #6144: Workspace updates for bazel #6220
ExperimentalAllowedUnsafeSysctls has moved to AllowedUnsafeSysctls in k8s 1.11 #6179
Add GCE europe-north1-{a,b,c} #6152
Automated cherry pick of #6253: Add p3dn.24xlarge #6254

Changes from 1.11.0 to 1.11.1

Don’t panic when an etcd cluster is added @justinsb
Add Docker 18.06.1 for CentOS and RHEL 7 @bcorijn
Update go version to 1.10.8 @justinsb
Normalize etcd cluster provider names @justinsb
Automated cherry pick of #6288: Recognize 2019 as a year @justinsb
Fix machine types and cleanup makefile @mikesplain
Upgrade base image to alpine 3.8 and GO to 1.10.8 @ricardo-larosa
Support etcd-manager v3, suitable for backporting @justinsb
Choose docker version 18.06.2 for k8s >= 1.12 @justinsb
Workaround for overlay2 vs rhel-family docker bug @justinsb
Try using chattr to mark docker-runc as immutable @justinsb
include docker 18.06.1 missed dependency @nareshku
set net.ipv4.ip_local_reserved_ports to the KubeAPIServer ServiceNodePortRange parameter on nodeup @sp-joseluis-ledesma
Add jessie patch @jjo
Bump etcd-manager version to 3.0.20190224 @justinsb
Make docker 18.06.3 the default for k8s >= 1.12 @justinsb
update-machine-types: more metal instance types @justinsb
Map docker 18.06.3 @justinsb
Sync up docker with master @justinsb
Mark 1.11.1 @justinsb

1.11

Significant changes

New features

Required Actions

Full change list since 1.10.0 release

5700: Add command line flag for disabling Subnet ELB tags @seanson

Changes from 1.11.0 to 1.11.1