Significant changes

Old LaunchConfigurations are now deleted on AWS. By default the 3 most recent LaunchConfigurations for each InstanceGroup are kept, and older ones are automatically removed. To keep the existing behaviour set the KeepLaunchConfigurations feature flag i.e.

Required Actions

Highlighted changes

(coming soon)

Full change list since 1.9.0 release

1.9.0 - 1.10.0

Update alpha channel with latest k8s releases #4965
1.9.0 release notes #4964
digitalocean tutorial #4976
Update roadmap #4966
digitalocean: use new droplet sizes providing the same resources at cheaper prices #5005
Set AWS_REGION into bootstrapscript #4982
digitalocean: only delete A DNS records #5006
AWS: validate region against aws-sdk #4983
Treat Amazon Linux 2 as CentOS 7 #5028
Update bazel #5032
Add missing google cloud zones #5022
Update generated docs for 1.10 #5034
gazelle: use separate gazelle #5036
Bump recommended version for kops 1.9.0 #5041
fix IAM role for current versions of the kube-ingress-aws-controller #5014
Add docker 17.09.0 version for Debian 9 #5042
Fixes environment variable export. #5016
fix :”rbac” should be “RBAC” #4993
upgrade kube-dns to 1.14.10, fixes #4986 #5026
makefile: fix bazel-push #5053
Typo fix aditional->additional #5058
Add Replace and delete for SSH Secret YAML #5050
Typo fix in addons.md #5069
Update readme for 1.9 #4963
Make LogSeveritySys configurable for Canal Networking #5068
Typo fix in 1.9-NOTES.md: compatibility->compatibility #5073 (fixed typo in message for verify - @chrisz100)
Typo fix: Kuberenetes->Kubernetes #5079
Typo fix: seet->set #5080
Typo fix in vsphere-development-status.md: secrete->secret #5084
Perform deep merge for template values #4668
Note that is required after tf apply #5081
Typo fix: wil->will #5091
Add SubnetType tags to run_in_existing_vpc docs #5094
Typo fix: actually->actually/overide->override/to to->to #5099 (fixed typo in message for verify - @chrisz100)
Typo fix detaults->defaults #5067
Update upgrade_fromkOps1.6_to_1.7_calico_cidr_migration.md #5107
Typo fix: healthly->healthy #5125
Remove custom Statement IDs from IAM Policy Statements #4958
Adds new kops logo #5113
Update rules go to support go 1.10.2 and 1.9.6 #5100
Typo fix in returned message: formated->formatted #5112
Fix for validating kubeconfig’s hosts #5096
Add ability to use ec2 nat instance as egress #5133
Added tls certificate and private key path flags to kubelet config #5088
kubelet: expose —experimental-allowed-unsafe-sysctls #5104
Update docker image versions #5057
CoreDNS in kOps as an addon #4041
Implement network task for AlibabaCloud ,@xh4n3
Allow rolling-update to filter on roles @justinsb
Remove stub tests @justinsb
Don’t tag shared instances at all @justinsb
fix:please N/A should be “ Not Applicable” @yulng
Re-enable validation of DNS ServerIP @justinsb
digitalocean: don’t set —cloud-provider=external on control plane starting v1.10 @andrewsykim
[instance_groups.md] typo: receive->receive @AdamDang (fixed typo in message for verify - @chrisz100)
Update docs regarding shared NAT Instances setup @relu
Update office hours time to account for DST @mikesplain
set default GracePeriodSeconds to -1 when draining nodes @rajatjindal
implement disk task for ALICloud and fix typos @LilyFaFa
Unify create-create overrides and set-cluster fields @justinsb
Typo fix in the returned message: runnning->running @AdamDang
Documentation - networking Amazon VPC backend @recollir
added i3.metal AWS instance type @DavidXArnold
Documentation - cloudProvider required in kubelet spec with Amazon VPC backend @recollir
1.8 release notes correctly note @wendorf
CA Key File Permissions @gambol99
Expose streaming connection idle timeout @aleerizw
implement SSHKey task for ALICloud @LilyFaFa
Documentation - updated example for dashboard installation to 1.8.3 @recollir
Update CoreDNS manifest @rajansandeep
Create initial docs for etcd-manager @justinsb
Support (optional) etcd-manager @justinsb
Create override for etcd-manager image @justinsb
Typo fix: attatch->attach @AdamDang
Add a FIXME and don’t log about insecure ports @dims
Add support for C5D instance family on AWS @ripta
Add stdin support for create -f and replace -f @ihoegen
Update AWS AMI for kubernetes >=1.9.0 <1.10.0 @AmazingDreams
Kuberenets 1.11 has deprecated ExternalID this replaces it with Provi… @zachaller
Update alpha channel with latest k8s versions @justinsb
Update alpha channel with latest images @justinsb
Recommend kops 1.9.1 in alpha channel @justinsb
PSP Updates, new apiGroup for k8s v1.10 @KashifSaadat
Create addon for prometheus-operator @gianrubio
Fixing name of cert file #5220
Promote alpha channel to stable #5216
Add —enable-admission-plugins API server flag for k8s 1.10 #5221
Bump Cilium version to released #5208
Typo fix: are be->are #5237
Add proper autoloading for kops autocomplete #5230
Fix typo: adddresses -> addresses #5235
Replace deprecated flags: address -> insecure-bind-address #5234
Add AuthenticationTokenWebhook flag #5231
Setup heptio authenticator #5197
File Permissions Private Key #5241
Correct PSP RoleBinding with namespace for kube-system #5244
Fix an error. #4942
Upgrade to flannel v0.10.0 and explicitly specify amd64 arch #5095
hacks for tests on windows #4723
Admission Controller Fix #5248
Use HomeDir from client-go to get home directory #5249
Add public ssh keys for GCE #5056
Release windows build in alpha #4524
some typo fix #4937
docker: Set TasksMax to infinity #5259
Update aws-sdk-go to v1.13.60 #5261
Put verify-apimachinery into ci makefile target #5262
Perf fix for makefile #5255
Use STABLE_ prefixes for bazel workspace vars #5257
bazel: add notes that tasks do not work #5263
vendor gazelle #4564
Clean up variable naming in integration test #5264
Allow integration tests to update expected TF output #5265
Validate FileAssets #5272
Validate InstanceGroup Hooks #5271
Update bazel gazelle #5274
Fix go version hack to be more generic. #5267
CoreDNS pull image from gcr.io #5268
Clarify the usage of the —state flag. #5275
Implement AdditionalCIDR configuration. #5270
Update heptio authenticator to 0.3.0 #5276
Update elasticsearch logging to 5.6.4 #5137
Fix: Update heptio authenticator to 0.3.0 #5276 #5278
Create a SECURITY_CONTACTS file. #5205 #5279
Verify Spelling #5277
Fix some typos #5282
Update kops_edit_instancegroup.go and kops_edit_instancegroup.md #5284
Override hostname with ‘aws’ only if hostname override is not specified. #5285
Enable override bind address for kube-proxy. #5286
Add support for M5D instance family on AWS #5287
Support overlay2 in docker #5258
Rename to kops #1
Destinctive names for ClusterRoleBindings in prometheus-operator addon #5294
Revert “digitalocean: don’t set —cloud-provider=external on control plane starting v1.10” #5297
Fix typo #4985
Fix issue where we assumed that private zone were in order #5139
Add support for external IAM Instance Profiles ,@rifelpet
Feature/s3 bucket encryption - Implements PR #4235 @gekart, #5194
Customize KubeDNS #4724
Add hooks example for cachefiled #5072
implement LoadBalancer task for ALICloud #5207
Admission Controller Validation #5250
Amazon VPC CNI: Upgrade to v1.0 and Allow Custom Images #5119
ListKeypairs: don’t print ‘keyset.yaml’ as the key id #5254
Fix alitasks loadbalancer typo causing test failures #5301
fix broken link to example policy file in the cluster_spec docs #5146
Export outputs to aid with VPC peering in Terraform ,@justinsb
implement router interface task for OpenStack platform @zengchen1024
Update expected TF output for latest master @justinsb
implement keypair task for OpenStack platform @zetaab, #5110
Fixup bazel #5304
Fix gofmt #5305
Add feature with s3 state store from configfile ,@justinsb
Node Bootstrap Tokens @gambol99
Add prometheus scrape to kube-dns @mikesplain
Fix typo: HONE -> HOME @justinsb
Node Bootstrap Fix Ups @gambol99
Fix Admission Controller Validation @gambol99
Added comment for 404 on healthcheck for non-standard vpc-cidr @aberfeldy
Correct deployment yaml of CoreDNS @rajansandeep
implement Ram task for ALICloud @LilyFaFa
Avoid changing IAM policy for users @justinsb
File Path Fixes @gambol99
Communicate before long waits @eherot
kops set cluster: honor —name flag @justinsb
Don’t always print state store path @justinsb
protokube: only specify etcd flags when managing etcd @justinsb
Use less viper discovery @justinsb
GCE: Set network tier, to avoid spurious changes @justinsb
Set log-verbosity for etcd-manager @justinsb
More configuration options for cilium @nebril
gossip: create zone in protokube @justinsb
implement SecurityGroup task for ALICloud @LilyFaFa
Add missing nodes/stats resource to the system:metrics-server Cluster… @azman0101
Don’t autoload SSH key on GCE @justinsb
add SSHKey model for AliCloud @LilyFaFa
implement scalingGroup tasks for AliCloud @LilyFaFa
Typo fix @jonyhy96
Code Clean @gambol99
add firewallModel for ALIcloud @LilyFaFa
Removing Duplication @gambol99
Git Ignore - Merge Conflict Files @gambol99
etcd-manager: GCE support @justinsb
AWS: Delete old LaunchConfigurations @justinsb
GCE: Handle storage flag on COS more carefully @justinsb
Revert COS in stable/alpha channel @justinsb
Fix containerRegistry for Kubernetes < 1.10 @kampka
add RAM model for ALIcloud @LilyFaFa
Add etcd TLS support for Cilium @nebril
Nodeup clean @gambol99
add ScalingGroup model for AliCloud @LilyFaFa
Typo fix in documentation.md @AdamDang
Mark 1.10.0-alpha.1 @justinsb
Add 1.10-alpha.1 to stable & alpha channels @justinsb
Go versions: don’t block on 1.8 @justinsb
Docker Userspace Remapping Options @gambol99
Fix minor typo in DO tutorial @andrewlouis93
Installation of AWS CLI tools @the-lost-explorer
Switch bucket encryption policy warning to debug @mikesplain
Update rolling update ig roles flag to be case insensitive @KashifSaadat
add Volume model for aliCloud @LilyFaFa
fix broken compute resource reservation docs for storage in cluster_spec @kimxogus
Add Cilium documentation to networking.md @nebril
delete cluster resources for ALicloud @LilyFaFa
Add dockerDisableSharedPID to kubelet config @ripta
Add IAM ec2:ModifyVolume permission to allow EBS volume resize @KashifSaadat
Remap initContainers as well as containers in PodSpec @coreypobrien
Rename hept.io authenticator to aws authenticator @rdrgmnzs
Use /bin/bash in kubelet manifest ExecStartPre @coreypobrien
Fix the issue described in #5412 where the authenticator is no longer… @rdrgmnzs
Allow setting MTU for calico networking. @shrinandj
Add prometheus scrape port to CoreDNS service @rajansandeep
Added metrics port and health check to kube-router @aleerizw
Initial Ubuntu Bionic Support @mikesplain
Fail cluster validation for rolling-update if a failure occurs @dzoeteman
Update Audit file example @jsenon
Add data-root and exec-root attributes to the docker config spec @ripta
Add minRequestTimeout flag in kube-APIServer @Sturgelose
Fixes issue when setting docker version @mikesplain
support edit cluster and rolling-update cluster for AliCloud @LilyFaFa
docs for different VPC in the Security Group of kube-ingress-aws-controller @kanolato
Don’t mount volume for auditLog when STDOUT is configured as path @kampka
Adding a disclaimer for instanceGroups in docs @Cryptophobia
add cluster-autoscaler.sh @sdarwin
Add weave network encryption secret @kampka
skipper selector changed @kanolato
Generate locals for terraform target @kampka
Correct all the word “cluster” to be in lowercase @AdamDang
Stop rolling update if bastions or masters failed to update @dzoeteman
Generate random weave password it none is supplied @kampka
Node Authorization Service @gambol99
[WIP] Initial implementation of ACM certificate for API server ELB @Raffo
More autofix of expected test output @justinsb
Add configurable conntrack settings @mikesplain
Add pull-through proxy cache for asset docker images @kampka
Don’t repeatedly download nodeup @justinsb
Adds ability to set template context values on command line @gwkunze
Allow users to set the kubelets root dir. @rdrgmnzs
Update docs for config file @justinsb
Correct the in the cluster template example @dcherman
Add the ability to specify external loadbalancers for instancegroups @gwkunze
Fix tests that crossed during PR merges @justinsb
change gossip dns conn limit by ENV @yancl
Introduce a global backoff to rate limit failed image downloads @justinsb
Add mikesplain to approvers @justinsb
have travis fail when verify-apimachinery.sh fails and fix incompatible apimachinery @chrisz100
Use portable shebang for hack scripts @kampka
Add autoscaling group ids to terraform module output @kampka
Allow kubelet to bind the hosts primary IP @rdrgmnzs
ContainerRegistry remapping should be atomic @kampka
[GPU] Updated kOps GPU Setup Hook @dcwangmit01
Only use SSL for ELB if certificate configured @justinsb
Simplify logic around master rolling-update @justinsb
Update Issue templates and add PR template @mikesplain
Force-load br_netfilter in nodeup @justinsb
Remove gossip connection limit entirely @justinsb
Fix GCE instance lookup during validation @justinsb
Only manage internal DNS zone if configuration has been specified @mellowplace
Add portmap CNI plugin for k8s >= 1.9 @justinsb
Add new instance types r5, r5d, z1d @rekcah78
Remove GetAsgForInstance IAM permission @justinsb
Check errors when parsing JSON on IAM policies @justinsb
Add authentication-token-webhook-cache-ttl flag to kubelet config @ihoegen
Add AWS IAM permission to check for volume resize @KashifSaadat
Enable weave network encryption for k8s 1.6 @Andrey9kin
Add ssh user to kops toolbox dump @justinsb
Add amazon.com image owner alias and Amazon Linux 2 documentation @Pharb
Bump Weave Net to v2.4.0 @brb
Create ExperimentalClusterDNS feature flag @justinsb
Validate that require-kubeconfig is not passed after 1.10 @justinsb
Don’t assume that we only have one subnet per AZ @justinsb
DigitalOcean: don’t try to set SSE @justinsb
weave: bump version for 2.3.0 @justinsb