Significant changes

Added experimental Azure support. To get started check the
Default settings for AWS instances are updated to take advantage of recent performance and security features:
- Default etcd volumes encryption changes to enabled for newly created clusters
- Default root volume encryption changes to enabled
- Default etcd volumes type changes from gp2 to gp3
- Default root volume type changes from gp2 to gp3
Added template funtions for kubernetes version based on channel data.
kOps now use helm3 functions for merging template --set and --values arguments. This has slightly different behaviour than previous helm2-like logic.
Following kubeadm, control plane nodes are now labelled with node-role.kubernetes.io/control-plane=""
Default node image for GCE changed from COS to Ubuntu for K8s versions >= 1.18.0. This is to more closely align with the AWS implementation (the most mature support) and because COS limits the ability to modify files on its disk.

Breaking changes

Support for Terraform version 0.11 has been removed.
Support for the feature flag Terraform-0.12 has been removed. All generated Terraform HCL2/JSON files will support versions and 0.13.0+.

Required Actions

If you are using the Calico network plugin in a cross-subnet setup, you may have to manually remove the AWS Source/Dest Check controller (k8s-ec2-srcdst) deployment that was previously deprecated and replaced with the new feature.
If you are using self-hosted channels files, you have to add the new architectureID field, with one of the amd64 or arm64 values.
If you are running kops toolbox template in an airgapped environment, you have to set --channel to point to a local channel file.
If your workload targets control plane nodes, you need to change them to select the node-role.kubernetes.io/control-plane="" label. You should also add the toleration to these workloads. This taint will not be added to control plane nodes before kOps 1.22.

Deprecations

The has been deprecated in favour of a configurable addon.
The manifest based cluster autoscaler addon has been deprecated in favour of a configurable addon.
The node-role.kubernetes.io/master and kubernetes.io/role labels are deprecated and will be removed from control plane nodes in kOps 1.22
The experimental node-authorizer that could be enabled using nodeAuthorization has been removed. Setting this value is now forbidden.
Due to lack of maintainers, the Aliyun/Alibaba Cloud support has been deprecated. The current implementation will be left as-is until the implementation needs updates or otherwise becomes incompatible. At that point, it will be removed. We very much welcome anyone willing to contribute to this cloud provider.
Support for AWS LaunchConfiguration has been deprecated and will be removed in kOps 1.21.

Full change list since 1.19.0 release

1.19.0-beta.3 to 1.20.0-alpha.1

Update docs for cutting new release branches #10084
Update security_groups.md #10078
Take node labels from cloud tags on AWS #9575
Update Office Hours Zoom link #10087
Update zoom links on the spanish README #10088
Ignore changes to ForAPIServer field #10086
Update Flannel CNI to v0.13.0 #10064
kubetest2 - Implement create/validate/delete cluster functionality #10083
Cert circular deps #10092
Fix cilium template by specifying boolean as a string for enable-metrics #10094
Release notes for 1.18.2 #10097
Update Kops Go build supported versions 1.15 #10099
Spotinst: Bump the Spot Cluster Controller to 1.0.68 #10103
Remove hack/workaround from etcd-manager certificate expiration advisory #10102
Install container runtime packages as assets #10048
Default to exporting a kubecfg, even without credentials #10105
Remove dependency of TerraformJSON feature flag #10106
Makefile and hack script cleanup #10112
Update channels #10117
Update Calico config for eBPF mode #10115
Add random AWS zone logic + specify build stage location #10121
Update AWS VPC CNI to 1.7.5 #10124
Add nodeLocalDNSCache.kubeDnsOnly option #10111
Align AWS VPC CNI manifest with upstream #10126
Fix release notes links to point to @hakman
Add verify-cloudformation script @rifelpet
Fix cloudformation lint errors @rifelpet
Update shell style for CLI docs for better compatibility @hakman
Prevent unintended resource updates to LB attatchments @rdrgmnzs
Make verify-cloudformation job fail when issues are found @rifelpet
Set minimum Terraform version to 0.12.26/0.13.0 @bmelbourne
ELB/TargetGroup/ASG attachment fixes @rifelpet
Prepare for version 1.20 @johngmyers
Rebrand kops to kOps @hakman
Remove code for no-longer-supported k8s releases @johngmyers
allow reauth for openstack client @zetaab
Simplify etcd options builder @hakman
Update AWS Cloudmock for complex and externallb integration test clusters @rifelpet
Deprecate field calico.majorVersion @hakman
[Digital Ocean] Use Debian10 as default image @srikiz
Fix NLB naming for terraform and cloudformation targets @rifelpet
Move NLB’s VPC CIDR security group rule logic into model @rifelpet
Fix additionalSecurityGroups support for NLB @rifelpet
Some typos @Hellcatlk
Fix output for CF and TF @hakman
Avoid waiting on validation during rolling update for inapplicable instance groups @bharath-123
OpenStack Reset deviceID status if needed @zetaab
Remove unused bearer token field from kubeconfig builder @rifelpet
Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically @havulv
Consistent naming of security group rules @olemarkus
Upgrade Hashicorp HCLv2 Go module v2.7.0 @bmelbourne
Fix auto scaling group changes when using spot instances @hakman
Upgrade sprig to v3 @olemarkus
Upgrade helm to 2.17 and use the helm.sh reference @olemarkus
Fix AWS NLB reconciliation @hakman
Fix disabling spot instances when using launch templates @hakman
Add ACM cert permalink @rifelpet
Setup a second NLB listener when an AWS ACM certificate is used @rifelpet, #10157
Update Go to v1.15.4 #10209
Upgrade docker client #10193
Spotinst: Configure Resource Limits in Ocean Auto Scaler #10190
Release notes 1.19.0-beta.1 #10213
Use LaunchTemplate versions instead of timestamped LaunchTemplates #10151
Update kOps version after 1.19.0-beta.1 release #10216
Remove components from cluster validation #10214
Allow to use custom csi plugin image and enable topology support #10215
Update validate cluster cli docs #10219
Fix cluster autoscaler docs #10225
Make etcd-manager log verbosity configurable #10194
Update k8s versions nov 2020 #10227
Update Ubuntu ami to latest version #10195
Fix various nits #10217
Switch ARM64 CI to Graviton2 CPU #10230
Update docs related to audit logging #10231
Don’t install the misc packages for k8s 1.20+ #10222
Fix readme #10228
Update kops as kOps and remove extra spaces from .md files ,@hakman
Add default runtime and runtimes fields in the docker config @bharath-123
Fix cluster validation dependency on local kubeconfig @eddycharly
Associate instance group to pod validation failures in cluster validation. @bharath-123
Add HPA Flags for horizontal-pod-autoscaler-initial-readiness-delay & horizontal-pod-autoscaler-cpu-initialization-period @JoelBCarter
Remove more code specific to unsupported etcd v2 @johngmyers
GCE: ignore (output-only) networkInterface.name @justinsb
Make it possible to use OnDelete update strategy on addon daemonset @olemarkus
Fix version of storage-aws addon manifest @johngmyers
Fix cloudformation lint job @rifelpet
Update etcd-manager to 3.0.20201117 @justinsb
Use separate domain for kops-controller bootstrap @johngmyers
Revert “Switch ARM64 CI to Graviton2 CPU” @hakman
Update Bazel rules for Go to v0.24.7 @hakman
Update k8s dependencies to 1.20.0-beta.2 @rifelpet
Push multi-arch images @hakman
alpha channel: update legacy images @justinsb
Fix multi-arch image pushing @hakman
Add sslPolicy for NLB to change listener’s security policy @FrankYang0529
Optimize Bazel builds by os and arch @hakman
Fix incorrect URLs in kops cluster documentation @bycEEE
Use etcd v3.4.13 for k8s v1.19+ @hakman
Parse TargetGroup names from ARNs @hakman
Add Go code-generator v0.20.0-beta.2 crypto hash @bmelbourne
Add ACM/NLB instructions to 1.19 release notes @rifelpet
Release notes for 1.19.0-beta.2 @hakman
Add more NLB release notes and documentation @rifelpet
Can check cert expiry using openssl @alok87, #10282
[weave] Add support for default version override ,@hakman
Add support of Azure Blob storage to VFS @kenji-cloudnatix
Update kOps version after 1.19.0-beta.2 release @hakman
Remove support for using legacy ELB name @hakman
Remove dead code @hakman
Remove support for disabling manifest normalization @johngmyers
Upgrade cloud-provider-openstack to 1.19.2 @rifelpet
Fix a typo in an error message returned from buildAzureBlobPath @kenji-cloudnatix
Allow setting CPU limit and Mem request / limit for kube API server @rdrgmnzs
Optimize Bazel dev builds by arch @hakman
Update Calico to v3.17.0 @hakman
[Digital Ocean] Upgrade godo sdk to v1.54 @srikiz
Tolerate missing detached EC2 instances @hwoarang
Don’t try to detach masters @olemarkus
Remove copyright notice from nodeup scripts to reduce the user-data size. @rdrgmnzs
Add docs for metrics server @olemarkus
Push alpha to stable @MoShitrit
Add paramaeters related to Taint based Evictions in kube-apiserver @h3poteto
Allow using gp3 for root volumes @olemarkus
Update containerd and Docker versions @hakman
Update aws-sdk-go to v1.36.0 @hakman
Bump aws-vpc-cni version to 1.7.6 @MoShitrit
Update etcd-manager to 3.0.20201202 @justinsb
Update DigitalOcean cloud-controller-manager to v0.1.30 @timoreimann
Add aws-cloud-controller-manager config to addons @nckturner
Allow attaching same external target group to multiple instance groups @hakman
Add fuzzer and OSS-fuzz build script @AdamKorcz
Set —service-account-issuer for k8s 1.20+ @johngmyers
Promote addon docs to first level menu item @olemarkus
[Digital Ocean] Promote to Beta @srikiz
Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data @rdrgmnzs
Add integration test for creating an HA cluster in shared zone @hakman
Add minimal cert-manager addon @olemarkus
Remove resource limits from cluster autoscaler @olemarkus
Remove dependency on TravisCI @hakman
fix cluster-autoscaler README url from cluster_spec -> addons @isaachui
Rename duplicate ci target to quick-ci @hakman
Use custom-configured ServiceAccountIssuer when present @johngmyers
Add option for setting the volume encryption key in AWS @hakman
Add support for AWS IMDS v2 @bharath-123
Update k8s dependencies to v1.20.0 @hakman
Update docs for CentOS 8 @hakman
Move tools into separate hack go module @rifelpet
Update etcd-manager to 20201209 @justinsb
Mount /lib64 for Protokube only on AMD64 @hakman
Explicitly specify http_endpoint in terraform launch template @bharath-123
Update alpha channel with December 2020 k8s releases and bump Ubuntu AMI version @MoShitrit
Hack script improvements @rifelpet
hack/goimports - Replace mapfile with read @rifelpet
Allow override of registry and tag for Calico images @hakman
Update Calico to v3.17.1 @hakman
Bump aws-cni to 1.7.7 @MoShitrit
Add support for containerd v1.4.3 ARM64 @hakman
Add release note for terraform launch template migration @rifelpet
Expose metrics port when PrometheusMetricsEnabled set to true in Calico @avdhoot
Bump etcd client to 3.4.13. Use go modules @olemarkus
Use the kubernetes-sigs version of yaml @olemarkus
Bump heredoc to v2 @olemarkus
Update container runtime service files @hakman
Template functions for recommended kubernetes versions @olemarkus
Make CoreDNS the default DNS server @rajansandeep
Delay defaulting to CoreDNS to k8s v1.20 @hakman
Bump go-bindata and use go module @olemarkus
Bump sftp to 1.12 @olemarkus
IAM ServiceAccount Roles: truncate name at 64 characters @justinsb
Bump helm to v3 @olemarkus
cloudmock - guard the VPC CIDR association calls with a mutex @rifelpet
Upgrade mkdocs dependencies to latest @rifelpet
Spotinst: Schedule Ocean Controller to Linux nodes only @liranp
Bump AWS-CNI to version 1.7.8 @MoShitrit
protokube - query host by label when setting tags @rdrgmnzs
Allow Calico to run on systems with loose reverse path forwarding @hakman
Bump k8s versions on alpha and bump Ubuntu AMI version on stable @MoShitrit
Remove gjtempleton as reviewer @gjtempleton
Calico: Allow operators to choose which encapsulation mode to use @seh
Spotinst: Ignore volume type case sensitivity to prevent unnecessary updates @liranp
Spotinst: Expose Ocean Headroom percentage and autoconfig labels @liranp
Spotinst: Support for multiple subnets per zone @liranp
Add new-pod-scale-up-delay in Cluster Autoscaler spec @akshedu
Replace (some) deprecated ResourceHolder with Resource @justinsb
Remove ResourceHolder: remove last usages and remove code @justinsb
Refactor MirroredAsset into mirrors package @justinsb
Refactor nodeUpConfigBuilder to be standalone @justinsb
Avoid recursive type definitions in schema @justinsb
Drop support for containerd 1.2 @hakman
Update CNI plugins to v0.8.7 @hakman
Add Azure support @kenji-cloudnatix
Refactor GCE InstanceTemplate @justinsb
Use Region method of fi.Cloud @justinsb, #10474
Spotinst: Bump the Ocean Controller to 1.0.69 #10487
Added event-qps and event-burst flags to kubelet #10486
Add config options for container runtime package URL and Hash #10473
Fix cluster setup when KOPS_ARCH is set #10496
Docs: Rename “Development” section to “Contributing” and add instructions to update the base AMI version of Ubuntu #10455
Release notes for 1.19.0-beta.3 #10497
Use containerd.sock for AmazonVPC CNI with containerd #10502
Remove support for Kubenet with containerd #10501
Add containerd option for registry mirrors #10507
Treat InvalidDhcpOptionsId.NotFound as already-deleted #10508
Add required toleration to gpu documentation #10509
AWS IAM Role Tagging #10488
Update stable channel with recent k8s releases #10514
Run k/k’s e2e suite via new kubetest2 make target #10504
Remove copyright YEAR from generated Go files #10520
e2e - dump cluster manifests into artifacts and add —kubernetes-version #10522
kubetest2: Pass through some AWS env vars #10525
kubetest2: add initial support for GCE #10524
Add gp3 Volume Type to etcd #10453
Only include API server additional security groups in InstanceGroups for masters #10519
Update kube-router to v1.1.1 #10512
IRSA - continue adding route53 permisions to masters #10529
Add possibility to set volume throughput for gp3 volumes #10530
Prefix etcd cluster names with letters #10361
Recognize ubuntu 20.10 #10278
Don’t allow ebs volume TF resource names to begin with digit #10424
Add K8s Docker runtime support deprecation release note ,@hakman
Make it possible to change the etcd volume type and iops @olemarkus
Promote Ole Markus to approvers list @hakman
Add containerd config file to Flatcar based instances @hakman
Add control-plane node role label to cp nodes @olemarkus
Move bootstrapchannelbuilder to a dedicated package @olemarkus
kubetest2: support specifying admin-access value @justinsb
GCE: Don’t warn about NVME @justinsb
Simple upgrade test using kubetest2 framework @justinsb
Refactor and centralize distribution logic @justinsb
Fix to handle exit code of gazelle command in hack/verify-bazel.sh @h3poteto
COS/GCE: exec on kubelet/flexvolume dirs @justinsb
Fix typo in comment @fenggw-fnst
Openstack: Prevent data race in servergroup member list @justinsb
Updates GCE channels to use ubuntu over COS @geojaz
Kubetest2 - use our own tester that wraps kubetest2’s ginkgo tester @rifelpet
Spotinst: Specify Spot percentage per Instance Group @liranp
update gophercloud dependency @zetaab
Upgrade Go v1.15.6 / Bazel v3.4.1 @bmelbourne
Remove node-authorization @olemarkus
[addons/CA] Add support for specifying resources and metrics @dntosas
Spotinst: Iterate over metadata labels only once @liranp
Default cgroup driver to systemd from k8s 1.20 @bharath-123
AWS CSI driver @olemarkus
Upgrade cfn-lint to 0.44.3 @rifelpet
Fix file not found error detection in fs:// @rifelpet
Fix NLB listener -> target group association for TF & CF @rifelpet
Spotinst: Bump the Ocean Controller to 1.0.70 @liranp
Spotinst: Specify whether scale-down activities should be restricted @liranp
[OpenStack] Use new hash format in instance names @zetaab
kubetest2 - Add manifest template support @rifelpet
Updates to Alpha versions - k8s & kOps @MoShitrit
Use Bazel 3.4.1 for postsubmit jobs @hakman
Give kubetest2 its own makefile @rifelpet
Use consistent naming for the remaining SGRs part two @olemarkus
[DigitalOcean] add e2e tests @srikiz
Allow nodeup (and others) to replace in-use files @justinsb
Dial-down logging on flagbuilder @justinsb
Fix default make target @rifelpet
containerd: Add /etc/crictl config to enable crictl @justinsb
Add CF integration test for gp3 volumes @hakman
Release 1.20.0-alpha.1 @hakman

1.20.0-alpha.1 to 1.20.0-alpha.2

Release notes for 1.20.0-alpha.1 #10592
Make cluster proportional autoscaler image configurable. #10564
Set default container runtime to containerd #10370
Fix minor docs typos #10598
Validate cluster cloud labels #10599
Exclude terraform.lock.hcl files from Git repo #10597
Provide required —kubernetes-version flags to kubetest2-kops —up #10600
Kubetest - add networking support + misc fixes #10601
Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage ,@hakman
Add troubleshooting documentation @olemarkus
Fix menu link to troubleshooting @olemarkus
Use kops binary built by kubetest2-kops in upgrade script @rifelpet
Warn if cilium encryption is enabled, but no secret has been set @olemarkus
kubetest2 upgrade script - PATH needs to be a directory @rifelpet
Add support for container-log-max-size/files with kubelet @hakman
Add network and router availability zone hints to OpenStack @ottosulin
Increase CoreDNS default ttl @johanneswuerbach
Update Go to v1.15.7 @hakman
kubetest2 - Add support for specifying a kubernetes version marker file @rifelpet
kubetest 2 - fix parsing of k8s version semver values @rifelpet
Update Weave to v2.8.0 @hakman
Update AWS instances defaults @hakman
kubetest2 - update the skip regex for the upgrade scenario @rifelpet
Install dbus if needed for protokube with containerd @justinsb
Ensure SpecOverrideFlag is set in upgrade test @rifelpet
Fix unbound variable in upgrade scenario script @rifelpet
kubetest2 - increase validation timeout for the upgrade scenario @hakman
Add startup probe for calico-kube-controllers @hakman
Remove coredns dnsprovider @olemarkus
Spotinst: Avoid unnecessary duplication of tasks @liranp
enableRemoteNodeIdentity actually defaults to true @olemarkus
Replace gopkg yaml with k8s-sigs yaml @olemarkus
protokube: Remove unused ExecuteTemplate function @justinsb
Fix phony make target for setting up kubetest2 @rifelpet
[Digital Ocean] Add SFO3 region. Also update e2e tests to use full list of supported zones @srikiz
etcd-manager: Update to 3.0.20210122 @justinsb
Update k8s versions in stable channel and bump ubuntu ami version in alpha channel @MoShitrit
Update kubetest2 library @rifelpet
feat: implement azure get api ingress status fn @ngalantowicz
Use the same package marker for kubectl as for e2e binary @rifelpet
Reword ‘what is kOps’ @olemarkus
Add back support for kubenet style networking with containerd @hakman
Add set instancegroup command @gabrieljackson
Set the tcp_rmem sysctl in bootstrap script @justinsb
Add —create-args kubetest2 flag @rifelpet
Fix cluster_spec.md indentation @trondhindenes
Allow attaching same external load balancer to multiple instance groups @hakman
Fix typo @adrianmoisey
Update kops e2e testing docs @bmelbourne
Create default loadbalancer when SSL certificate is specified @rudeigerc
Bump Ubuntu images for AWS and GCE @hakman
Remove taints from spotinst ocean terraform resource @rifelpet
Allow SSH user to be overridden for toolbox dump @rifelpet
kubetest2 - Use —ssh-user to dump logs @rifelpet
Update AWS etcd-manager volumes defaults @hakman
Update aws-sdk-go to 1.37.0 @rifelpet
Release notes for 1.19.0 @justinsb
Update release compatibility matrix @johngmyers
Default IMDSv2 to “optional” for AWS @hakman
Add link to 1.19 @olemarkus
Fix header indentation in addons.md @olemarkus
Documentation update: Corrected externalPolicy AWS ARN formatting @timothyclarke
Remove ‘not released’ notice from 1.19 notes @olemarkus
Fix bug preventing tasks using gp2 @olemarkus
Have channels create PKI for addons @olemarkus
Add template function returning the latest image @olemarkus
Update Weave to v2.8.1 @hakman
Increase IMDSv2 hop limit on control plane nodes @olemarkus
Kubetest2 - refactor how arguments are set @rifelpet
Update upgrade test to use 1.18->1.19 @rifelpet
Fix create args for upgrade test @rifelpet
Docs: Fix ServiceAccountVolume proposed configuration for Istio @dntosas
Update the skipped tests in the upgrade job to help the test stage pass @rifelpet
Remove unused instanceGroup parameter from setClusterFields @bharath-123
Update code reference links in docs @bharath-123
Fix rendering issue created by #10414 @avdhoot
Fix panic when exporting kubecfg for AWS cluster without load balancer @rifelpet
Cleanup kops-controller Route53 record during cluster deletion @rifelpet
Revert making imdsv2 default @olemarkus
Throw error if path being set by kops set is not present in struct @bharath-123
Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed @h3poteto
Fix ineffassign issues @zhijianli88
Deprecate aliyun @olemarkus
alpha channel: Update older images @justinsb
Fix docs build failure @bharath-123
add user agent to openstack api requests @zetaab
Add support for cilium 1.9 @olemarkus
Use EnsureTask instead of prepending IG names to external ELB tasks @rifelpet
nodeup file: Set owner & group when we write the file. @justinsb, #10757
Always generate kops-controller certs #10758
Release 1.20.0-alpha.2 #10765

fix: asset task copy docker image #10767
Add AWS LoadBalancerController #10489
Update Calico to v3.17.2 #10787
Enable CSIMigrationAWS if CSI EBS driver is installed #10791
Fill Role names in kops-controller-config instead of instance profile names when it is specified #10728
Update Docker to v19.03.15 #10802
Fix LaunchSpec TF output #10806
add azure support for internal loadbalancer to k8s api #10744
Allow managed images for Azure instance groups #10797
kubenet containerd: match upstream #10759
Storage: Allow disabling of kOps’s management of StorageClasses #10733
Spotinst: Replace corev1.Taint to fix HCL2 serialization #10819
Spotinst: Bump the Ocean Controller to 1.0.72 #10820
Allow to control which subnets and IPs get used for the API loadbalancer #10741
Use correct tag when creating node labels from azure cloud tags #10619
containerd installation: always configure, even if we don’t install #10813
Precreate the kops-controller DNS name #10833
Actually enable systemd cgroup for containerd #10846
Update Go to v1.15.8 #10853
Add support for CAS 1.20 + support for disabling CAS for a given IG #10857
Add liveness probe for calico-kube-controllers #10856
Bump aws node termination handler to 1.12.0 #10863
Update AWS CNI to latest patch version #10876
Bump metrics-server to 0.4.2 #10858
Fixes for 1.21 e2e tests #10879
Add validation for instanceType and ami architecture ,@hakman
fix loadBalancerID null pointer @collin-woodruff-t1cg
Update Calico to v3.18.0 @hakman
Adding Elastic IP Allocations to NLB API @timothyclarke
add usage of subnet and routetable shared resources in azure @ngalantowicz
Release 1.20.0-beta.1 @hakman

1.20.0-beta.1 to 1.20.0-beta.2

add support for azure public loadbalancer #10915
Spotinst: Prevent instance groups with the same suffix from being deleted #10918
Fix nil pointer deference for image ID with spotinst #10924
Sort external policies when checking for changes #10940
Further improve cloudLabel validation #10910
Update etcd-manager to 3.0.20210228 #10949
Allow multi-CNI setups to set usesSecondaryIP #10828
Spotinst: Don’t skip LB attachments when SpotinstHybrid is enabled #10961
Add AWS Transit Gateway support #10948
gce doesn’t suffix the IG names with ClusterName #10944
Fix node label conversion in Azure #10935
Spotinst: Bump the Ocean Controller to 1.0.73 #10960
Add support for enable-cadvisor-json-endpoints with Kubelet #10957
Add explicit RBAC permissions for finalizers subresources #10966
Add support for CPU Credits on AWS t2 and t3 instance families #10934
Update controller-runtime to v0.8.2 for kOps 1.20 #10967
Removing duplicate local and output values in terraform(#10786) #10978
Add CloudLabels as —extra-tags to aws-ebs-csi driver #10976
Use internal api url for jwks #10888
Disable Calico Prometheus metrics by default #10982
Add etcd-manager discoveryPollInterval option #10975
Storage: Amend default choice for StorageClass management to honor a specified OpenStack-related value #11002
Use exponential backoff for DNS updates #10996
Update Calico to v3.18.1 #11018
Various cleanups around apply_cluster and awsmodel #10579
Spotinst: Add support for block device mappings in Ocean Launch Spec #11009
Fix rendering of multiple Docker insecure registries #11027
Release 1.20.0-beta.2 #11031

1.20.0-beta.2 to 1.20.0

azure: fix null pointer when updating in place cluster @collin-woodruff-t1cg
Honor OS update policy at InstanceGroup level too @seh
Cleanup some nodeup & protokube logging @rifelpet
Improve instance type validation error message @bharath-123
Add channels entries for image architecture @hakman
Upgrade AWS CNI to version 1.7.10 @MoShitrit
Ensure protokube can connect to kube-apiserver before starting the sync loop @olemarkus
Put awslbcontroller on the control-plane @olemarkus
Have nodeup retry kops-controller bootstrapping sooner if DNS isn’t setup @rifelpet
Update containerd to v1.3.10/v1.4.4 @bmelbourne
Update kube-router to v1.2.1 @hakman
Remove instance-selector label @bharath-123
Validate that kube-apiserver has the necessary authz modes set @olemarkus
[DigitalOcean] Fix DO Tag issue @srikiz
Revert “Update kube-router to v1.2.0” @hakman
replace hard coded aws region checks with aws sdk calls @guydog28
Add scaleDownDelayAfterAdd to clusterAutoscaler spec @jurriaanpro
Add an option to skip NTP installation @kenji-cloudnatix
Spotinst: Use BDM to configure the root volume size at VNG level @liranp
Spotinst: Configure headroom resources only at the VNG level @liranp
Release 1.20.0 @justinsb

Correct typos @Akiros001
Use “string” for architecture type in ChannelRecommendedImage @hakman
Always secure api -> kubelet communication @olemarkus
Fix etcd volume validation logic @hakman
Remove validations for EBS from cluster validation @h3poteto
Add support for Docker v20.10.6 @hakman
Add Azure image to alpha/stable channel @kenji-cloudnatix
Exclude nodes from load balancers upon cordoning @johngmyers
Fix cilium template scoping typo @javipolo
If one tries to use eip with a public ip that doesn’t exist, fail @olemarkus
Spotinst: Prevent nil pointer dereference @liranp
Spotinst: Update spotinst/ocean-controller to v1.0.74 @liranp
Make it possible to detect field changes when mixedInstancePolicy is removed @h3poteto
Add ability to set a default Issuer in certManager addon @javipolo
Filter servers using cluster name in tags @zetaab
Use the full operator instead of the generic one @olemarkus
Update Calico to v3.18.2 @hakman
Set SAN for addon CAs @olemarkus
Add support for configuring Cilium enable-host-reachable-services. @bjhaid, #11333
Mount /run inside etcd-manager pods for systemd mounts #11352
Expose hubble agent when hubble is enabled #11314
Mark control-plane node for update when etcd volume size changes #11365
Update Calico to v3.18.3 for kOps 1.20 #11377
Don’t try to mount hubble TLS on the agent if we don’t use hubble #11379
Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller #11393
Use etcd-manager built from etcdadm repo ,@hakman
csi/aws: Bump templates + add support for warm pools @dntosas, #11304
Verify all versions are set correctly #11413
Backport rename of service-account key to 1.20 #11388
Update verify-terraform to use 0.14.11 #11436
Create new clusters without forcing a container runtime #11428
Allow AWS instance types with multiple architectures #11463

1.20.1 to 1.20.2

Release 1.20.1 @justinsb
Update containerd to v1.4.6 @hakman
Allow cert-manager to be provisioned externally @codablock
upup: gcetasks: force send AutoCreateSubnetworks field when set to false @nicktrav
[metrics-server] Bump manifest to latest stable @dntosas, #11319
Allow Spotinst to use comma separated instance types #11560
Only update kubeconfig user when we have user info #11584
Add init image field for Amazon VPC CNI #11602
Fix duplicate CopyFile tasks #11619
Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet #11590
Consolidate CSI livenessprobe images for multi-arch support #11652
Fix set-version leaving backup files with “-e” suffix #11691
Add support for Docker v20.10.7 #11674
Bump the cas addon version. #11780

1.20.2 to 1.20.3

Release 1.20.2 @justinsb
Also set haveUserInfo=true in case —user was provided in “kops export kubecfg” @codablock
Handle containerExec hooks when using containerd @hakman
Update aws-sdk-go to v1.37.33 for kOps 1.20 @hakman
Include GCP Project in terraform HCL2 output @rifelpet
cluster validation - allow flapping of validation errors @rifelpet
Add log rotation for etcd-cilium.log @hakman
Don’t ignore channel value in toolbox template @hakman
Update containerd and Docker for kOps 1.20 @hakman